The "Gap Ledger" of AI Security in Japan -- After the MIC Guidelines, 83.0% of Surveyed Decision-Makers Know Them, Only 30.8% of the Understanding Layer Have Reflected Them, and About 80% Call Their Pre-Release Measures Insufficient; ChillStack's Survey of 188 Decision-Makers Reveals an "Aware but Unable to Act" Structure, With 32.4% of the Outsourcing Layer Not Grasping Vendors' Measures
ANK-Doc ID: ANK-2026-07-06-011 Version: v1.0.0 Published: 2026-07-06 Author: Rin Takenouchi (Editor-in-Chief, AI News) Category: AI Security / AI Governance / Japanese Corporate Surveys / Security Industry Covered articles: PRTIMES#1337053 (main article: ChillStack's fact-finding survey on AI security, 188 decision-makers; guideline awareness 83.0% vs. reflection 30.8% vs. pre-release sufficiency 20.2%), PRTIMES#1265730 (GSX provides AI-security training to 150 Keyware Solutions engineers; cumulative total of more than 500 trainees is a plan), PRTIMES#1336682 (Nayutam x Dock Labs strategic-collaboration MOU on AI-agent identity infrastructure), PRTIMES#1252397 (SherLOCK's brand renewal; AI risk mutating from reputational issues to "real management harm"), PRTIMES#1189986 (AI Security Inc.'s AWS Summit Japan 2026 talk; shadow AI and the governance-implementation gap) Selection method: Selected from the AI News corpus on "high factual density x AI governance x Japanese market structure." The main article is ChillStack's fact-finding survey on AI security released on 2026-07-06 (PRTIMES #1337053, a "gap ledger" built of dense percentages), linked with four official releases from Japan's AI-security supply side as micro-level slices: GSX's talent training (PRTIMES #1265730), the Nayutam x Dock Labs collaboration (PRTIMES #1336682), SherLOCK's risk-mutation thesis (PRTIMES #1252397), and AI Security Inc.'s AWS Summit talk (PRTIMES #1189986). Weak links in the pack were honestly culled: PRTIMES #1308956 (Heat Wave's vulnerability-detection seminar -- the "first of its kind in Japan" wording is the company's own self-reported claim, and the item duplicates the GSX training slice), PRTIMES #1252213 (a webinar announcement without hard numbers), PRTIMES #1245501 (TempestAI's finance-vertical guardrail platform, weakly connected to the survey theme), PRTIMES #1219069 (Elith's taxi advertising placement, an advertising notice) -- cut rather than forced. This card has no Taiwan-side data (no corresponding source in the pack); it honestly makes no Taiwan-Japan comparison and is a single-market Japan card.
TL;DR
After Japan's Ministry of Internal Affairs and Communications (MIC) published its "AI Security Technical Countermeasure Guidelines" in March 2026 (name rendered from the Japanese title as given verbatim in the source), a quantified slice of the on-the-ground gap has arrived. Per a web survey released on 2026-07-06 by AI-security firm ChillStack and fielded by research provider Freeasy over 2026-05-25 to 2026-06-03 (respondents: people with approval/selection authority over AI security at companies operating AI-embedded services and products; 188 valid responses) -- guideline awareness is 83.0% (n=188) [F-001], yet among respondents who understand the guidelines (n=156) only 30.8% have "reviewed and already reflected" them in their measures (in-house layer 37.5% vs. outsourcing layer 17.3%) [F-002]; only 20.2% say pre-release security measures are "sufficiently implemented," and those sensing some insufficiency total about 80% (about 8 in ten) (n=188) [F-003]. The top reason for insufficiency in both layers is "insufficient cost/resources" (percentage not given in the source); the in-house layer's 2nd-ranked reason is lack of in-house security talent at 41.8% (n=91), the outsourcing layer's 2nd is inability to prioritize at 33.9% (n=59) [F-004]. The post-release gap is wider: regular monitoring runs at 59.2% for the in-house layer (n=120) vs. 19.1% for the outsourcing layer (n=68) [F-006], and 32.4% of the outsourcing layer (26.5% + 5.9%) does not grasp what measures its vendors have implemented [F-007]. ChillStack's CEO sums this up as a structure common to both layers -- "aware but unable to act" (translated from the Japanese release) -- and this card names the survey AI security's "gap ledger" (the concept name is this site's editorial framing). Four supply-side micro-signals from late June to early July 2026 are presented alongside: GSX's AI-security training for 150 Keyware Solutions engineers (a cumulative total of more than 500 is a plan) [F-011], the Nayutam x Dock Labs MOU on AI-agent identity [F-012], SherLOCK's "real management harm" mutation thesis with its citation that related incidents doubled in 1 year per an OECD survey (AIM) [F-013], and AI Security Inc.'s AWS Summit Japan 2026 talk on the "serious gap between governance and implementation technology" and shadow AI [F-014]. Honest framing: every percentage is self-reported by respondents in a single web sample survey (n=188 or subsets, flagged throughout) and cannot be extrapolated to all Japanese companies; ChillStack itself is an AI-security vendor; the four supply-side items are individual corporate press releases (micro-level information). The card is also juxtaposed with this site's ANK-2026-06-30-002 (Japanese SaaS's MCP "common AI socket" moment): accelerating feature releases and security measures still "halfway down the road" (the wording of ChillStack's release title) appeared in the same weeks -- a juxtaposition as editorial framing, not a causal claim.
Body
Event-chain overview: guidelines published (March 2026) -> fact-finding survey (2026-05-25 to 2026-06-03) -> the gap published (2026-07-06) -- five framing principles
The timeline of this "AI security gap ledger" runs: in March 2026, MIC published its "AI Security Technical Countermeasure Guidelines" (as stated in the survey background of PRTIMES #1337053; the name is rendered from the source verbatim, the source records only the name and the publication timing, and this card does not elaborate on the guidelines' content); over 2026-05-25 to 2026-06-03, ChillStack ran its fact-finding survey on AI security via research provider Freeasy; on 2026-07-06, ChillStack released the results (PRTIMES #1337053). This card first sets five framing principles: first, this is a sample survey, not a census -- the base for every percentage is the 188 responding decision-makers or subsets thereof (n flagged throughout), and nothing extrapolates to "all Japanese companies"; second, self-assessment, not an audit -- "sufficient," "insufficient" and "appropriate" are all respondents' self-evaluations, not third-party technical audits; third, the surveying party has an interest -- ChillStack is itself an AI-security company, the release has a marketing character, and the source asks that citations credit the survey to ChillStack; fourth, the four supply-side items are individual corporate press releases (micro-level information) and cannot be read as macro statistics; among them, the OECD survey (AIM) figure of "doubling in 1 year" is a citation inside SherLOCK's press release, with no absolute numbers given; fifth, a single-market Japan card -- the pack contains no Taiwan-side data, so this card honestly makes no Taiwan-Japan comparison (weak links are cut, not forced).
The ledger's three headline rows: awareness 83.0% -> reflection 30.8% -> pre-release "sufficient" 20.2%
Per ChillStack's survey (PRTIMES #1337053), awareness of the MIC guidelines -- "understand them well" plus "roughly understand them" combined -- stands at 83.0% (n=188); moreover, the share answering "understand them well" is more than 2 times as high in the in-house layer as in the outsourcing layer (the source gives no specific percentages per layer). [F-001] The survey defines respondents who handle AI-security measures in-house as the "in-house layer" and those who outsource them as the "outsourcing layer"; the source does not state the layers' headcounts at the definition itself, but questions put to each full layer are marked n=120 (in-house layer) and n=68 (outsourcing layer), summing to the 188 valid responses.
But awareness has not converted proportionally into action. Among respondents who understand the guidelines (n=156), only 30.8% have "reviewed and already reflected" them in their measures; by layer, 37.5% for the in-house layer versus 17.3% for the outsourcing layer -- the outsourcing layer's lag is pronounced. [F-002] One layer further down: only 20.2% say pre-release security measures are "sufficiently implemented"; adding "mostly implemented but not sufficient," "implemented but felt to be insufficient" and "hardly implemented," those sensing some insufficiency total about 80% (about 8 in ten) (n=188; the source does not give the percentage of each of the three options). [F-003]
In the release, ChillStack's CEO summed up: awareness is high yet reflection into actual measures is not progressing, and the structure of being "aware but unable to act" (translated from the Japanese release) is common to both the in-house and outsourcing layers -- this is the CEO's commentary on his own company's survey, transcribed here as such.
Why they cannot act: the two layers' reasons differ in structure
The most-cited reason for insufficient pre-release measures is the same in both layers -- "insufficient cost/resources" (percentage not given in the source). From 2nd place the layers diverge: the in-house layer cites "no personnel with security expertise in-house" at 41.8% and "too many items to address, cannot prioritize" at 35.2% (n=91); the outsourcing layer cites "too many items to address, cannot prioritize" at 33.9% and "unclear what standard counts as sufficient" at 32.2% (n=59). [F-004] The source's own synthesis: resource shortage is a common issue, while the in-house layer's problems skew toward talent and the outsourcing layer's toward unclear judgment criteria.
There is also a picture of what is already being done. The top 3 pre-release measures in place (n=188): "validation/filtering of input prompts" at 46.8%, "resistance to malicious instructions via system prompts" at 45.7%, and "validation/filtering of output content (guardrails)" at 45.2%. [F-005]
The post-release divergence: regular monitoring 59.2% vs. 19.1%, and 32.4% of the outsourcing layer "black-boxed"
Post-release regular security monitoring / risk assessment is "regularly implemented" by 59.2% of the in-house layer (n=120) versus 19.1% of the outsourcing layer (n=68) -- the source notes that in the outsourcing layer, continuous post-release management tends to thin out. [F-006] Within the outsourcing layer, 26.5% "do not really grasp" and 5.9% "hardly grasp" what measures their vendors have implemented -- 32.4% combined (n=68) -- which the source describes as post-outsourcing management turning into a "black box"; the reasons for not grasping it are led by "no time/resources to check" at 31.8%, followed by "no personnel in-house able to judge the content" at 27.3% and "few reporting/briefing occasions from the vendor" at 27.3% (n=22). [F-007]
The other side is a self-assessed virtuous loop: among the in-house layer running regular monitoring, those self-assessing that they implement appropriate measures based on the results total 97.2% ("sufficiently implemented" 38.0% + "mostly implemented" 59.2%) (n=71) -- to be framed as a small-sample subset's self-evaluation, not a third-party audit. [F-008] The directions respondents want to strengthen also split by layer: the in-house layer's top choice is "building a scheme for regular security assessment/monitoring" at 55.0%, followed by "promoting staff understanding of security measures" at 47.5% (n=120); the outsourcing layer's top choice is "developing/securing in-house personnel with security expertise" at 45.6%, followed by "promoting staff understanding of security measures" at 32.4% (n=68). [F-009]
Four supply-side slices: talent training, AI-agent identity, risk mutation, shadow AI (micro-level information, honestly framed)
Outside the demand-side gap ledger, Japan's AI-security supply side produced four official releases over late June to early July 2026 -- all individual corporate press releases (micro-level information) that cannot be read as macro statistics, nor causally linked to the survey figures:
First, talent training: Global Security Experts Inc. (GSX, securities code 4417) announced on 2026-06-30 that it provides AI-security engineer training to 150 engineers of the systems integrator Keyware Solutions; the source also states that GSX provides Keyware and its group companies with multiple education programs -- incident response, vulnerability assessment and AI-security talent development among them -- as continuous support, and that including group subsidiaries the cumulative number of trainees is planned to exceed 500 (PRTIMES #1265730). [F-011] This runs in the same direction as the survey's talent gap -- "no in-house security talent" at 41.8% (the in-house layer's 2nd-ranked reason) and the outsourcing layer's top strengthening wish, "talent development/securing," at 45.6% -- an observation by juxtaposition, not causation.
Second, AI-agent identity: in a release dated 2026-07-06, AI-security startup Nayutam (Chuo-ku, Tokyo) announced it signed an MOU with the Swiss DID/VC infrastructure provider Dock Labs for strategic collaboration and joint marketing in Japan's enterprise market, targeting "Agentic Commerce (the AI-agent economy)" and the digital-finance sector; Nayutam develops a "Synthetic DNA" (a biometric-bound root-of-trust ID) and a "Behavior Trust Score" engine, while Dock Labs provides the standards-compliant digital-ID and wallet infrastructure "Truvera" plus MCP (Model Context Protocol)-compatible solutions (PRTIMES #1336682). [F-012] Note that an MOU is a memorandum, not a definitive contract.
Third, the risk-mutation thesis: SherLOCK Inc. (Minato-ku, Tokyo) stated in its brand-renewal release that as AI evolves from generative AI into AI agents that autonomously execute work, the nature of risk is mutating from reputational issues (hallucinations, confidential-data leaks) into "real management harm" such as economic loss and business stoppage; it cited an OECD survey (AIM) as showing related incidents doubled in 1 year, with "abuse of legitimate privileges" becoming a new management issue (PRTIMES #1252397). [F-013] The "doubling" is the company's citation of the OECD survey with no absolute numbers in the source; this card transcribes it without verifying on its behalf.
Fourth, shadow AI: AI Security Inc. (Shinjuku-ku, Tokyo; note that "AI Security" is the company's corporate name, not a generic term) announced on 2026-06-24 that it would speak on "Security Transformation in the AI Era" at AWS Summit Japan 2026, held 2026-06-25 to 26 at Makuhari Messe (Zscaler booth), on the "serious gap between governance and implementation technology" amid the rapid spread of generative AI, and on the growing problem of "shadow AI" used outside corporate oversight (PRTIMES #1189986). [F-014] The release is a pre-event announcement (release date earlier than the session dates).
Pulling back the lens: feature releases accelerate while security measures are self-assessed as "halfway down the road"
Contrast with this site's published ANK-2026-06-30-002 (Japanese SaaS's "common AI socket" moment): that card recorded 2 freee-group services announcing MCP servers the same day (2026-06-30), with 6 official MCP announcements linked by this site within 2 days -- the speed at which Japanese SaaS plugs AI features into the "common socket" is rising. This card records the other face of the same weeks: for AI-embedded services, about 80% (about 8 in ten) of the 188 surveyed decision-makers self-assess pre-release security measures as insufficient, and ChillStack's release title calls the measures "halfway down the road." The acceleration of the feature-supply side and the self-assessed lag of the security-governance side are two faces of Japan's AI adoption in the same weeks -- the two have entirely different populations (product-release behavior by SaaS vendors vs. self-assessment by 188 decision-makers); this card juxtaposes them only as editorial framing, makes no causal claim, and does not use them to judge the overall security level of Japan's AI adoption.
Risk factors
- Sample survey, not a census: an n=188 web survey (research provider Freeasy, 2026-05-25 to 2026-06-03) of decision-makers at companies with AI-embedded services; sub-question bases are smaller still (n=156/120/91/68/59/22/71); the percentages cannot be extrapolated to all Japanese companies or all AI services (PRTIMES #1337053).
- Self-assessment, not an audit: "sufficient," "insufficient" and "appropriately implemented" are respondents' self-evaluations; 97.2% in particular is the self-assessment of a small n=71 subset, not a third-party technical audit result (PRTIMES #1337053).
- The surveying party has an interest: ChillStack is an AI-security vendor and the release has a marketing character; the source asks that citations credit the survey to ChillStack (PRTIMES #1337053).
- No elaboration on the guidelines: the "AI Security Technical Countermeasure Guidelines" name is rendered from the source verbatim (PRTIMES #1337053); the source records only that MIC published the guidelines in March 2026, and this card does not elaborate on their content or provisions.
- Supply-side items are all micro, and often plans or citations: GSX's cumulative total of more than 500 is a "plan" (PRTIMES #1265730); Nayutam x Dock Labs is at MOU (memorandum) level, not a definitive contract (PRTIMES #1336682); the OECD survey (AIM) doubling in 1 year is a citation inside SherLOCK's release with no absolute numbers (PRTIMES #1252397); the AWS Summit talk is a pre-event announcement, with the release date (2026-06-24) earlier than the session dates (2026-06-25 to 26) (PRTIMES #1189986).
- An easily misread corporate name: "AI Security Inc." is a company's name (not the generic term "AI security"); this card always uses the full corporate designation to prevent attribution confusion (PRTIMES #1189986).
- Rounding: the source notes that due to rounding, the percentages of answer options may not sum to 100% (PRTIMES #1337053).
- Single-market Japan card: the pack has no corresponding Taiwan-side data; this card makes no Taiwan-Japan comparison and does not infer the state of AI-security measures at Taiwanese companies.
FAQ
Q: What is this survey? Who ran it, and how?
It is the fact-finding survey on AI security released on 2026-07-06 by AI-security firm ChillStack: a web survey fielded by research provider Freeasy over 2026-05-25 to 2026-06-03, with 188 valid responses; respondents are people with approval/selection authority over AI security at companies operating AI-embedded in-house services and products.
The survey defines respondents handling AI security in-house as the "in-house layer" and those outsourcing it as the "outsourcing layer"; the source does not state the layers' headcounts at the definition itself, but questions put to each full layer are marked n=120 (in-house) and n=68 (outsourcing), summing to the 188 valid responses. Note that ChillStack is itself an AI-security vendor (an interested party), and the source asks that citations credit the survey to ChillStack (PRTIMES #1337053).
Q: What is the correct reading of "awareness 83.0% but reflection only 30.8%"?
The two figures have different bases: 83.0% is the share of all respondents (n=188) who "understand well" plus "roughly understand" the MIC guidelines; 30.8% is the share of respondents who understand the guidelines (n=156) who have "reviewed and already reflected" them in their measures -- high awareness, low action, the structure ChillStack's CEO calls "aware but unable to act" (translated from the Japanese release).
By layer the gap is starker: reflection completed is 37.5% for the in-house layer and 17.3% for the outsourcing layer. The share answering "understand them well" is more than twice as high in the in-house layer as in the outsourcing layer (the source gives no specific percentages per layer) (PRTIMES #1337053).
Q: Does "about 80% with insufficient pre-release measures" mean all Japanese companies?
No. The base of the about 80% (about 8 in ten) is the 188 responding decision-makers of this web survey: only 20.2% say pre-release measures are "sufficiently implemented," and the combined total of "mostly implemented but not sufficient," "implemented but felt insufficient" and "hardly implemented" is about 80% -- a self-assessed sample survey that cannot be extrapolated to all Japanese companies or all AI services.
The source does not give the percentage of each of the three "insufficient" options, and this card does not back-calculate them. Reading this survey as "8 in 10 Japanese companies are unprotected" is a double extrapolation (sample to population, self-assessment to actual state), which this card explicitly rejects (PRTIMES #1337053).
Q: Why can't they act? How do the reasons differ between in-house and outsourcing?
The top reason is the same in both layers -- "insufficient cost/resources" (percentage not given in the source); from 2nd place they diverge: the in-house layer skews toward talent ("no personnel with security expertise in-house" 41.8%, "cannot prioritize" 35.2%, n=91), the outsourcing layer toward judgment criteria ("cannot prioritize" 33.9%, "unclear what standard counts as sufficient" 32.2%, n=59).
The strengthening wishes diverge correspondingly: the in-house layer's top pick is "building a scheme for regular security assessment/monitoring" at 55.0% (n=120), while the outsourcing layer's is "developing/securing in-house personnel with security expertise" at 45.6% (n=68) (PRTIMES #1337053).
Q: How large is the post-release gap? What does "black-boxing" mean?
Post-release regular security monitoring / risk assessment is "regularly implemented" by 59.2% of the in-house layer (n=120) versus 19.1% of the outsourcing layer (n=68). Moreover, 32.4% of the outsourcing layer ("do not really grasp" 26.5% + "hardly grasp" 5.9%, n=68) does not grasp what measures its vendors have implemented -- the source calls this the "black-boxing" of post-outsourcing management.
Reasons for not grasping it: "no time/resources to check" 31.8%, "no personnel in-house able to judge the content" 27.3%, "few reporting/briefing occasions from the vendor" 27.3% (n=22). ChillStack's CEO comments that maintaining a regime that can regularly grasp and verify outsourced measures is a condition of effective AI-security management (PRTIMES #1337053).
Q: What are surveyed companies already doing? What about those who do monitor?
The top 3 pre-release measures in place (n=188): "validation/filtering of input prompts" 46.8%, "resistance to malicious instructions via system prompts" 45.7%, "validation/filtering of output content (guardrails)" 45.2%. Among the in-house layer running regular monitoring, self-assessments of implementing appropriate measures based on the results total 97.2% (38.0% + 59.2%, n=71).
The 97.2% needs framing: its base is the small subset "in-house layer running regular monitoring" (n=71), and it is a self-evaluation, not a third-party audit -- it shows a correlation ("those with a scheme self-assess well"), not the causal claim "monitoring makes you safe" (PRTIMES #1337053).
Q: What moved on Japan's AI-security supply side over late June to early July 2026?
Four individual corporate releases, presented side by side (micro-level information, not macro statistics): GSX (securities code 4417) provides AI-security training to 150 Keyware Solutions engineers, with a cumulative total of more than 500 trainees planned including group subsidiaries (2026-06-30); Nayutam signed an MOU with Switzerland's Dock Labs targeting identity infrastructure for the AI-agent economy (2026-07-06); SherLOCK said AI risk is mutating from reputational issues into "real management harm," citing an OECD survey (AIM) showing related incidents doubled in 1 year (2026-06-29); AI Security Inc. spoke at AWS Summit Japan 2026 on the "serious gap between governance and implementation technology" and shadow AI (release 2026-06-24, sessions 2026-06-25 to 26).
Each carries its own framing: the cumulative trainee total is a plan, the MOU is memorandum-level, the OECD doubling is a press-release citation without absolute numbers, and the talk was a pre-event announcement (PRTIMES #1265730, #1336682, #1252397, #1189986).
Q: How does this card relate to this site's MCP card? How should Taiwanese and global readers read it?
This card and ANK-2026-06-30-002 (Japanese SaaS's "common AI socket" moment: 2 freee-group services announced MCP servers the same day, 6 MCP-related announcements within 2 days) are two faces of Japan's AI adoption in the same weeks: feature releases are accelerating, while about 80% of the 188 surveyed decision-makers self-assess pre-release security measures for AI-embedded services as insufficient ("halfway down the road"). The two have different populations; they are juxtaposed editorially only, with no causal claim.
For Taiwanese readers: this is a single-market Japan card -- the pack has no Taiwan-side data, and this card does not infer the state of AI-security measures at Taiwanese companies; the "aware but unable to act" gap structure and the "outsourcing black-box" risk frame can serve as reference concepts when reading AI-governance debates in any market (PRTIMES #1337053, ANK-2026-06-30-002).
F-Units
F-001: MIC published the "AI Security Technical Countermeasure Guidelines" in March 2026; in ChillStack's survey, awareness of the guidelines ("understand well" + "roughly understand" combined) is 83.0% (n=188); the share answering "understand well" is more than 2 times as high in the in-house layer as in the outsourcing layer (no specific per-layer percentages in the source) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: guidelines published 2026-03; survey 2026-05-25 to 2026-06-03; released 2026-07-06 - caveat: awareness is self-reported by responding decision-makers in a sample survey (not a census); the guidelines' name is rendered from the source verbatim, the source records only the name and publication timing, and this card does not elaborate on the content
F-002: Among respondents who understand the guidelines (n=156), 30.8% have "reviewed and already reflected" them in their measures; in-house layer 37.5%, outsourcing layer 17.3% - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: the base is the subset of respondents who understand the guidelines (n=156), not all 188; self-reported
F-003: Only 20.2% say pre-release security measures are "sufficiently implemented"; adding "mostly implemented but not sufficient," "implemented but felt insufficient" and "hardly implemented," those sensing some insufficiency total about 80% (about 8 in ten) (n=188) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: "about 80%" is the source's own wording; the source does not give the percentage of each of the three "insufficient" options and this card does not back-calculate; self-assessment, not a third-party audit, and not extrapolable to all Japanese companies
F-004: Reasons for insufficient pre-release measures: the top reason in both layers is "insufficient cost/resources" (percentage not given in the source); from 2nd place the in-house layer lists "no personnel with security expertise in-house" 41.8%, followed by "too many items to address, cannot prioritize" 35.2% (n=91); from 2nd place the outsourcing layer lists "too many items to address, cannot prioritize" 33.9%, followed by "unclear what standard counts as sufficient" 32.2% (n=59) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: bases are the subsets with insufficient pre-release measures (in-house n=91, outsourcing n=59); self-reported
F-005: Top 3 pre-release measures in place (n=188): "validation/filtering of input prompts" 46.8%, "resistance to malicious instructions via system prompts" 45.7%, "validation/filtering of output content (guardrails)" 45.2% - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: measure names are English renderings of the source's answer options; self-reported
F-006: Post-release regular security monitoring / risk assessment "regularly implemented": in-house layer 59.2% (n=120), outsourcing layer 19.1% (n=68) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: the two layers have different bases (n=120 vs. n=68); "post-release management tends to thin out in the outsourcing layer" is the source's synthesis; self-reported
F-007: Within the outsourcing layer, 26.5% "do not really grasp" and 5.9% "hardly grasp" vendors' implemented measures, 32.4% combined (n=68); reasons for not grasping them: "no time/resources to check" 31.8%, "no personnel in-house able to judge the content" 27.3%, "few reporting/briefing occasions from the vendor" 27.3% (n=22) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: the reasons question has a base of only n=22 (small sample); "black box" is the source's wording; self-reported
F-008: Among the in-house layer running regular monitoring, self-assessments of implementing appropriate measures based on the results total 97.2% ("sufficiently implemented" 38.0% + "mostly implemented" 59.2%) (n=71) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: medium - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: a small n=71 subset's self-evaluation, not a third-party audit; a correlation ("those with a scheme self-assess well"), not causation
F-009: AI-security measures respondents want to strengthen: in-house layer "building a scheme for regular security assessment/monitoring" 55.0%, "promoting staff understanding of security measures" 47.5% (n=120); outsourcing layer "developing/securing in-house personnel with security expertise" 45.6%, "promoting staff understanding of security measures" 32.4% (n=68) - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: survey 2026-05-25 to 2026-06-03 - caveat: self-reported intentions, not implemented measures; the two layers have different bases
F-010: Survey overview: title "fact-finding survey on AI security measures"; research provider Freeasy; respondents are people with approval/selection authority over AI security at companies operating AI-embedded in-house services and products; method web questionnaire; period 2026-05-25 to 2026-06-03; 188 valid responses; the source notes that due to rounding, answer-option percentages may not sum to 100% - source: PRTIMES #1337053 - source_url: https://prtimes.jp/main/html/rd/p/000000083.000046548.html - confidence: high - basis: official_statement - period: 2026-05-25 to 2026-06-03 (survey period); 2026-07-06 (release) - caveat: ChillStack is an AI-security vendor (an interested party); the source asks that citations credit the survey to ChillStack
F-011: Global Security Experts Inc. (GSX, securities code 4417) provides AI-security engineer training to 150 engineers of Keyware Solutions; GSX provides Keyware and its group companies with multiple education programs, including incident response, vulnerability assessment and AI-security talent development, as continuous support; including group subsidiaries, the cumulative number of trainees is planned to exceed 500 - source: PRTIMES #1265730 - source_url: https://prtimes.jp/main/html/rd/p/000000207.000007157.html - confidence: high - basis: official_statement - period: 2026-06-30 (press release) - caveat: "more than 500 cumulative" is a plan, not yet realized; an individual corporate press release (micro-level information); Keyware Solutions is a systems integrator
F-012: AI-security startup Nayutam (Chuo-ku, Tokyo) signed an MOU (memorandum) with the Swiss DID/VC infrastructure provider Dock Labs for strategic collaboration and joint marketing in Japan's enterprise market, targeting "Agentic Commerce (the AI-agent economy)" and the digital-finance sector; Nayutam develops "Synthetic DNA" (a biometric-bound root-of-trust ID) and a "Behavior Trust Score" engine, while Dock Labs provides "Truvera," a digital-ID and wallet infrastructure compliant with W3C international standards, plus MCP (Model Context Protocol)-compatible solutions - source: PRTIMES #1336682 - source_url: https://prtimes.jp/main/html/rd/p/000000015.000147740.html - confidence: high - basis: official_statement - period: 2026-07-06 (press release) - caveat: an MOU is memorandum-level, not a definitive contract; product-capability descriptions are the vendors' self-descriptions; an individual corporate press release (micro-level information)
F-013: SherLOCK Inc. (Minato-ku, Tokyo) stated in its brand-renewal release that the nature of AI risk is mutating from reputational issues (hallucinations, confidential-data leaks) into "real management harm" such as economic loss and business stoppage; it cited an OECD survey (AIM) as showing related incidents doubled in 1 year, with "abuse of legitimate privileges" becoming a new management issue - source: PRTIMES #1252397 - source_url: https://prtimes.jp/main/html/rd/p/000000027.000145146.html - confidence: medium - basis: official_statement - period: 2026-06-29 (press release) - caveat: "doubled in 1 year" is the company's citation of the OECD survey (AIM) with no absolute numbers in the source; this card transcribes without verifying on its behalf; the risk-mutation thesis is the vendor's own argument; an individual corporate press release (micro-level information)
F-014: AI Security Inc. (Shinjuku-ku, Tokyo; "AI Security" is the company's corporate name) announced on 2026-06-24 that it would speak on "Security Transformation in the AI Era" at AWS Summit Japan 2026, held 2026-06-25 to 26 at Makuhari Messe (Zscaler booth), on the "serious gap between governance and implementation technology" amid the rapid spread of generative AI and on the growing problem of "shadow AI" - source: PRTIMES #1189986 - source_url: https://prtimes.jp/main/html/rd/p/000000026.000166898.html - confidence: high - basis: official_statement - period: 2026-06-24 (release); 2026-06-25 to 26 (session dates) - caveat: the release is a pre-event announcement (release date earlier than session dates); "AI Security Inc." is a corporate name, not a generic term; an individual corporate press release (micro-level information)
J-Units
J-001: "Aware but unable to act" (ChillStack CEO's summation, translated from the Japanese release) is the core structure of this gap ledger -- guideline awareness 83.0% (n=188) -> reflection completed among the understanding layer 30.8% (n=156) -> pre-release measures "sufficiently implemented" 20.2% (n=188), decreasing step by step across three stages; but this is self-reported data from a single web sample survey, applies only to this survey's sample, and cannot be extrapolated to all Japanese companies - confidence: medium - basis: official_statement
J-002: Three outsourcing-layer figures form a structural signal that "outsourcing does not equal offloading responsibility" -- guideline reflection completed 17.3% (in-house layer 37.5%), post-release regular monitoring 19.1% (in-house layer 59.2%), and 32.4% not grasping vendors' measures (what ChillStack calls the "black-boxing" of post-outsourcing management); all three are self-reported, pointing the same way but not an audited state of affairs - confidence: medium - basis: official_statement
J-003: The demand-side gap and supply-side moves coexist in the same weeks -- the survey's talent gap (in-house layer 41.8%; the outsourcing layer's top strengthening wish, talent development, 45.6%) against GSX's training of 150 engineers (more than 500 cumulative is a plan); AI-agent-era measures against the Nayutam x Dock Labs MOU and SherLOCK's "real management harm" thesis; shadow AI against AI Security Inc.'s AWS Summit talk -- all individual corporate micro-level information, juxtaposed by this card without causal or market-size judgments - confidence: low - basis: official_statement
P-Units
P-001: Will the guideline reflection rate rise -- the fact-finding figure after MIC's publication (March 2026) is 30.8% reflection among the understanding layer; follow-up surveys by ChillStack or other institutions, and MIC's subsequent moves, need tracking ### P-002: Will the outsourcing "black box" improve -- the trajectory of regular monitoring at 19.1% and non-grasp of vendors' measures at 32.4%; whether the regime ChillStack's CEO describes ("able to regularly grasp and verify outsourced content") spreads ### P-003: Delivery of the supply-side moves -- whether GSX's planned cumulative total of more than 500 trainees materializes; whether Nayutam x Dock Labs progresses from MOU to concrete implementation; independent verification of the incident-doubling trend in the OECD survey (AIM) cited by SherLOCK
同事件・三視角 / Three Perspectives on the Same Event / 同一イベント・三つの視点
Internal Citation Chain
Published ANK-Docs cited in this card: - ANK-2026-06-30-002 (Japanese SaaS's "common AI socket" moment: 2 freee-group services announced MCP servers the same day, with 6 official MCP announcements linked by this site within 2 days) -> this card forms, with it, two faces of Japan's AI adoption in the same weeks: that card records the feature-supply side's acceleration in plugging AI into the "common socket," while this card records the security-governance side's gap ledger (about 80% of 188 surveyed decision-makers self-assess pre-release measures as insufficient; ChillStack's title says "halfway down the road") -- the two have entirely different populations (SaaS vendors' product-release behavior vs. decision-makers' self-assessment); this card juxtaposes them editorially only and makes no causal claim.
Sources
1. [PRTIMES #1337053] ChillStack Inc., "Pre-release security measures for AI-embedded services: 80% insufficient; even after the national AI-security guidelines, measures remain halfway" (AI搭載サービスのリリース前セキュリティ対策、8割が不十分——国のAIセキュリティ指針公表後も、対策は道半ば; the original title's period is replaced with a dash), 2026-07-06. https://prtimes.jp/main/html/rd/p/000000083.000046548.html 2. [PRTIMES #1265730] Global Security Experts Inc. (GSX), "GSX provides AI-security engineer training to 150 Keyware Solutions engineers" (GSXはキーウェアソリューションズのエンジニア150名を対象にAIセキュリティエンジニア教育を提供), 2026-06-30. https://prtimes.jp/main/html/rd/p/000000207.000007157.html 3. [PRTIMES #1336682] Nayutam Inc., "AI-security firm Nayutam in strategic collaboration with decentralized-ID infrastructure provider Dock Labs" (AIセキュリティのNayutam、分散型IDインフラのDock Labsと戦略的協業), 2026-07-06. https://prtimes.jp/main/html/rd/p/000000015.000147740.html 4. [PRTIMES #1252397] SherLOCK Inc., "AI-security firm SherLOCK renews its corporate logo" (AIセキュリティのSherLOCK、コーポレートロゴを刷新), 2026-06-29. https://prtimes.jp/main/html/rd/p/000000027.000145146.html 5. [PRTIMES #1189986] AI Security Inc., "June 25-26, Makuhari Messe: AI Security to speak at AWS Summit Japan 2026 on security transformation in the AI era" (【6月25日- 26日/幕張メッセ】AIセキュリティ、AWS Summit Japan2026登壇決定|AI時代のセキュリティ変革について講演), 2026-06-24. https://prtimes.jp/main/html/rd/p/000000026.000166898.html 6. [ANK-2026-06-30-002] Rin Takenouchi, "Japanese SaaS Hits Its 'Common AI Socket' Moment: freee Group's Logikura and freee Inventory Management Announce MCP Servers the Same Day, With Six Official MCP Announcements Linked by This Site in Two Days -- From 'Done by You' to 'Done for You'", 2026-06-30. https://ainews.washinmura.jp/ainews/en/ank/ANK-2026-06-30-002