Artificial Intelligence (AI) has crossed the tipping point. 83% of enterprises already use AI in daily operations, yet only 13% report strong visibility into how it is being used. The result is a widening gap: sensitive data is leaking into AI systems beyond enterprise control, autonomous agents are acting beyond scope, and regulators are moving faster than enterprises can adapt. AI is now both a driver of productivity and one of the fastest expanding risk surfaces CISOs must defend.
This report, based on a comprehensive survey of 921 IT and cybersecurity professionals, sets out to answer a critical question: as AI becomes embedded in the enterprise, are CISOs equipped to govern it with the same rigor applied to users, systems, and data? The findings reveal a clear tension: AI adoption has gone mainstream, but visibility, monitoring, and access frameworks remain shallow and fragmented. Left unchecked, AI functions as a shadow identity—powerful, fast, and often unaccountable.
Key Survey Findings
● AI adoption without oversight: 83% already use AI, yet only 13% have strong visibility, leaving most enterprises blind to how AI interacts with their data.
● Agents are the new shadow risk: 76% say autonomous AI agents are the hardest to secure, with 70% pointing to external prompts.
● AI as a shadow identity: Only 16% treat AI as a distinct identity, while two-thirds have caught AI over-accessing data.
● Controls lag reality: Nearly a quarter have no prompt or output controls, and only 11% can automatically block risky AI activity.
● Governance gaps persist: Only 7% have a dedicated AI governance team, and just 11% feel fully prepared for regulation.
The chapters that follow examine these findings across three themes: how AI deployment is outpacing control, why agents and prompts create new exposures, and why identity and access management must be redefined for AI.
Download the report by clicking button at right.
