The bottleneck on enterprise AI adoption is no longer a question of model capability; it is a crisis of trust infrastructure.
As AI agents rapidly transition from experimental novelties to embedded workforce infrastructure—with nearly half (46.9%) of enterprise employees now relying on them daily or weekly—a fundamental visibility gap has widened.
According to new research from AvePoint, which surveyed 750 enterprise leaders across the Americas, EMEA, and APAC, organizations are rapidly losing their grip on what their data is doing, where it is going, and who (or what) is accessing it.
For security and governance teams, the report delivers a wake-up call: paper-based policies are completely failing to protect against the operational realities of agentic workflows.
The shift from standard generative AI (like simple chatbots) to autonomous AI agents—systems capable of executing multi-step workflows, calling APIs, and making decisions on behalf of users—has severely outpaced traditional shadow IT discovery tools.
AvePoint's data shows that the percentage of organizations unable to detect whether employees are using unsanctioned AI tools has nearly tripled in just a single year, jumping from 6.3% to 17.6%. When looking specifically at AI agents, that visibility blind spot climbs to more than 21%.
AI visibility blind spots (Organizations unable to detect unsanctioned use):
-
GenAI tools (Previous Year): 6.3%
-
GenAI tools (Current): 17.6%
-
AI agents (Current): 21.0%+
This rapid decay in visibility has forced organizations into a defensive crouch. Nearly 9 in 10 companies report delaying both agentic and generative AI deployments by an average of almost six months, specifically citing data security and governance concerns as the primary friction point.
"AI is now integrated into everyday operations across regions and sectors, but our report makes it clear that accelerating adoption is outpacing readiness, and this presents increased risk as agentic AI continues to spread. Nearly half of employees now rely on AI agents weekly or daily, but visibility into unsanctioned tools is weakening, and AI-related incidents remain widespread, with 88% of organizations reporting at least one security incident with agentic AI in the past year, according to our research," said Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint. "For security leaders, the takeaway should be clear: trust cannot depend on policy, optimism, or model capability alone. Organizations need enforceable governance, lifecycle controls, proactive data protection, and continuous visibility, protection and prevention into the data AI can access, create, and act on. Without that trust layer, you don’t have the level of control needed to manage costs and mitigate risks."
The confidence paradox: policy vs. operational control
The most alarming finding in the research is the massive disconnect between perceived security readiness and actual security incidents. This "confidence paradox" stems from a legacy mindset: measuring security readiness by whether a policy exists, rather than whether technical controls are operational, enforceable, and auditable.
Consider the baseline numbers:
-
More than 4 in 5 organizations state they are confident in their ability to prevent unauthorized AI-related data access.
-
Yet, up to 72% of that exact same "confident" group experienced an unauthorized data access incident in the past 12 months.
-
Worse still, 88.4% of organizations experienced at least one AI agent-related security incident over the same period.
This data exposes a harsh reality. Many enterprise leaders believe that because they have configured basic data access permissions or published an AI acceptable-use policy, their data is secure. However, AI agents excel at scraping, indexing, and synthesizing vast amounts of internal data. If an organization has poorly-managed data permissions internally (over-sharing via broad intranet links or loosely-managed cloud folders), an autonomous agent will inevitably uncover and expose that data to users who shouldn't see it.
Compounding this visibility crisis is the sheer volume of data being generated by these automated systems. The study notes that 35.5% of all enterprise data is already AI-generated. Within the next 12 months, that figure is projected to climb to 42.1%.
This loop creates an exponential expansion of the attack and governance surface. Organizations are now tasked with securing pipelines where data is created by AI, processed by autonomous agents, and stored in corporate repositories—often without a human ever directly validating the data's integrity or access controls.
Because traditional data loss prevention (DLP) and identity access management (IAM) tools struggle to parse the continuous, non-human behavioral patterns of autonomous agents, enterprises are shifting their budgets.
The report highlights an accelerating investment trend toward third-party governance tools and specialized, emerging architecture: AI Agent Management Platforms (AMPs).
To bridge the gap between confidence and competence, security teams must look beyond theoretical governance frameworks and implement operational guardrails.
-
Continuous, automated discovery: Moving past static endpoint monitoring to intercept and catalog API calls and integrations tied to LLM backends
-
Dynamic, data-centric permissions: Cleaning up internal data permissions before indexing them into enterprise AI search engines, ensuring agents inherit strict, zero-trust user privileges
-
Behavioral guardrails: Implementing guardrails that monitor agent activity for anomalous behavior, such as an unauthorized agent suddenly requesting large batches of sensitive HR or financial records
We asked several experts with solution providers for their thoughts on the survey results.
Nathaniel Jones, Vice President, Security & AI Strategy, and Field CISO at Darktrace, said:
-
"Even before the acceleration in AI capabilities, organizations were struggling with the gap between vulnerability disclosure, exploitation, prioritization, and remediation. What AI increasingly changes is the speed and scale at which portions of that process can occur, particularly reconnaissance, targeting, exploit adaptation, and operational iteration."
-
"The challenge is that most enterprise security environments still rely heavily on human-centered workflows. Patching, validation, change management, and investigation all operate on timelines that are often measured in days or weeks, while adversaries are increasingly capable of operating on timelines measured in hours."
-
"From a strategic perspective, the larger issue is probably not whether AI regulation becomes slightly more or less restrictive in the near term. The more important question is whether organizations, governments, and technology providers can collectively adapt defensive models quickly enough to keep pace with increasingly adaptive and automated threat environments."
-
"The organizations likely to perform best over time will be those that become better at prioritization, behavioral detection, attack-path analysis, and identifying operational anomalies earlier in the intrusion lifecycle, particularly before public indicators or broad industry awareness emerge. In many respects, the industry may be entering a period where resilience and decision velocity become just as important as prevention itself."
Chandra Gnanasambandam, CTO at SailPoint, said:
-
"Adversaries are using AI to operate at a scale and speed that makes traditional, static defenses obsolete. The window between a vulnerability's discovery and its exploitation has shrunk from months to days, and soon it will be merely minutes."
-
"Security teams must look inwards. Instead of focusing exclusively on keeping threats out, we must meticulously govern what happens inside our own systems. This means abandoning the dangerous, yet common, 'set-it-and-forget-it' approach to access policies. Teams must accept that static, persistent access is the single greatest vulnerability in the modern enterprise. The new mandate is to pivot from a mindset of static protection to one of real-time governance, either through Least Privilege or Zero Standing Privilege. We must also recognize that governing non-human identities (NHIs) is fundamentally different from governing humans and requires a new, specialized framework built for machine-speed operations."
-
"The expertise required is less about a specific, narrow skillset and more about a strategic understanding of modern, identity-centric security architecture. This expertise is often cultivated internally by upskilling existing security and IT teams to adopt this new, identity-focused paradigm. It can also be found by partnering with security vendors that are building the architectural foundation for real-time governance and agentic security."
Diana Kelley, CISO at Noma Security, said:
-
"AI risks have rapidly moved from a watch list item to a front-line security concern, especially when it comes to data security and misuse. To manage this emerging threat landscape, security teams need a mature, continuous security approach, which includes blue team programs, starting with a full inventory of all AI systems, including agentic components as a baseline for governance and risk management."
-
"For practitioners, securing AI is not just about protecting models. It requires addressing stack sprawl and moving toward a platform-driven approach that delivers defense in depth through unified, AI-aware identity, configuration, and data visibility. Organizations that simplify their cloud and AI security stack, and enable effective automation, will be far better positioned to safely scale AI as threats continue to evolve."
Ram Varadarajan, CEO at Acalvio, said:
-
"AI-powered cyberattacks have moved from theory to reality. The larger concern for enterprises is what today's AI systems can actually do. Modern models no longer just scan code for technical mistakes. They can infer what developers intended the software to do and spot contradictions humans missed. That makes a new category of vulnerabilities far easier to find: hidden business-logic flaws, broken trust assumptions, and authorization errors that appear perfectly valid to conventional security tools but can still be exploited."
-
"We're facing an 'assume compromise' future within cybersecurity. Our best defense will be to engage these attacks bot-on-bot inside the perimeter, with active defense keyed by AI itself."
Elad Luz, Head of Research at Oasis Security, said:
-
"The rise of AI agents will introduce new security challenges for non-human identities (NHIs). These agents often operate under machine accounts or service identities, acting on behalf of human users, which makes it difficult to track permissions, monitor usage, and enforce accountability. Without proper oversight, organizations risk losing visibility into which identities have access to critical resources and how they are being used."
-
"The main concern is governance. If AI agents are assigned persistent, unmanaged service accounts, these identities can quickly become overprivileged and unmonitored, increasing the organization’s attack surface. To mitigate this risk, security teams should implement automated monitoring, enforce least privilege, and establish clear policies for AI-driven NHIs. By putting these guardrails in place early, organizations can embrace AI automation without compromising security."
Chris Radkowski, GRC Expert at Pathlock, said:
-
"The rise of AI agents and machine identities has fundamentally outpaced traditional identity security. MFA and legacy access controls were built for a world of human users, not autonomous agents, service accounts, and AI-driven workflows that now outnumber people across the enterprise by 20 times. Making matters more complex, the productivity promise of AI is too compelling for employees to wait on IT. Workers are signing up for AI-powered tools, copilots, and automation platforms using their enterprise credentials, connecting them directly to corporate email, productivity suites, and business applications, often without security's knowledge."
-
"As agentic AI takes on real business actions with real permissions, the attack surface expands in ways most organizations aren't prepared to see, let alone secure. Credential abuse, account takeover, and sophisticated social engineering are increasingly targeting the non-human identities that operate quietly in the background with little oversight. That is why we believe that securing the modern enterprise means treating identity holistically by extending governance, least-privilege, and adaptive controls across every identity, human or machine. In the AI era, identity isn't just an IT problem. It's the foundation of trust itself."
