New research from CultureAI surveying 300 senior tech, security, and risk leaders across North America and Europe exposes a major disconnect in enterprise AI governance. While 72% of organisations believe they have full visibility into AI usage, 65% still detect unauthorised shadow AI. Most organisations have formal governance frameworks, policies, and oversight committees, yet 20% admit their policies are not actively enforced and over a third lack dedicated AI detection capabilities. Key risks identified include compliance exposure (56%), data leakage via prompts and uploads (52%), credential compromise (40%), and IP loss (39%). The core finding is that governance structures create an illusion of control, as real-time enforcement at the point of AI use — prompts, uploads, embedded SaaS AI features — remains largely absent.
Sort: