Enterprise AI Adoption Outpaces Risk and Identity Governance
Enterprises are rapidly integrating artificial intelligence into their risk management and operational processes, but governance and security controls are struggling to keep pace. According to AuditBoard, more than half of organizations have implemented AI-specific tools, and many are investing in machine learning training for their teams. Despite this widespread adoption, confidence in AI systems remains uneven, with few organizations feeling prepared for the governance requirements that new AI regulations will demand. The pace of AI experimentation surged in May and June 2025, only to decline in July as acceptance rates dropped and decision times increased, highlighting volatility in adoption and a lack of robust governance structures. Many organizations find themselves in a 'middle maturity trap,' where initial enthusiasm for AI and risk frameworks fades without sustained governance and oversight. Boards that prioritize risk oversight as a regular agenda item and align on shared performance goals see more consistent progress, while others experience stagnation and last-minute compliance efforts. Control maturity is closely tied to governance, with rapid adoption of controls in some periods followed by slowdowns and only partial recoveries. As regulatory expectations expand to cover AI, cybersecurity, and environmental reporting, the ability to embed controls into daily operations will be critical for resilience. Simultaneously, the rise of autonomous AI agents with significant system privileges introduces new identity and access management challenges. These agents can execute code, handle sensitive data, and perform complex tasks without human intervention, increasing the risk of automation errors leading to major incidents. The traditional security perimeter has shifted, making identity management the central control point for modern enterprises. The 2025-2026 SailPoint Horizons of Identity Security report reveals that fewer than 40% of AI agents are governed by identity security policies, leaving a substantial gap in enterprise security frameworks. The proliferation of non-human identities and automated systems has dramatically expanded the attack surface, making organizations without comprehensive identity visibility especially vulnerable. Mature identity security practices are now seen as a strategic necessity, not just a compliance checkbox. Organizations are mapping controls to multiple frameworks, but the depth of implementation varies widely, with leading firms embedding thousands of requirements into daily operations. The convergence of rapid AI adoption, evolving risk frameworks, and the need for robust identity governance underscores the urgent need for enterprises to strengthen their risk and security postures. Without clear governance structures and comprehensive identity management, the benefits of AI could be undermined by increased exposure to operational and security risks. Boards and CISOs must ensure that risk oversight, control adoption, and identity security are integrated into the core of enterprise strategy to navigate the evolving threat landscape effectively.
Sources
Related Stories
AI Adoption in Enterprises Outpaces Security Governance and Data Protection
Organizations are rapidly integrating AI technologies into their operations, with studies showing a significant increase in AI adoption and the implementation of AI acceptable use policies. However, despite these advances, many companies struggle to effectively classify and protect data, and governance frameworks often lag behind the pace of AI deployment. Reports highlight that while 80% of organizations have established AI use policies, only a third feel confident in their data protection measures, and over half believe their data is not yet ready for AI. This gap between adoption and governance is further exacerbated by the acceleration of data growth driven by AI, with a notable rise in organizations managing petabyte-scale datasets. The lack of robust governance and holistic data management frameworks has led to increased risks, including the emergence of shadow identities and unmitigated security threats associated with AI tools. Experts emphasize the need for organizations to move beyond initial policy creation and embed comprehensive AI governance and dynamic data protection into their core operations. Without these measures, the benefits of AI could be undermined by vulnerabilities and operational blind spots, making it critical for security teams to proactively address these challenges as AI becomes ubiquitous in enterprise environments.
3 months agoAI Governance and Security Challenges in Enterprise Environments
Enterprises are facing a critical inflection point as artificial intelligence becomes deeply embedded across organizational layers, fundamentally altering cyber risk and security postures. Research from industry leaders and the Cloud Security Alliance highlights that mature governance frameworks are now the primary differentiator for organizations confident in their ability to secure AI systems. As AI agents and machine identities proliferate, traditional identity and access management models are proving inadequate, with identity emerging as the new control plane for managing AI risk. The rapid adoption of AI, often without sufficient oversight, is creating new blind spots, expanding attack surfaces, and introducing risks such as shadow AI, where unsanctioned tools and agents operate outside established security controls. Security teams are increasingly involved in AI adoption, leveraging AI for detection, investigation, and response, but the lack of comprehensive governance and workforce training remains a significant barrier. The convergence of AI with other technologies, such as blockchain and cryptocurrency, is also driving the emergence of autonomous financial systems and agentic payments, further complicating the security landscape. Success in this new paradigm requires balancing innovation with robust accountability, ensuring that AI-driven systems are auditable and governed rather than left to unconstrained automation. As organizations move from experimentation to operational deployment of AI, the need for continuous, data-aware identity security and formal governance policies is paramount to mitigate risks, ensure compliance, and maintain confidence in AI-enabled operations.
2 months agoEnterprise Security Challenges and Risks from AI Adoption
The rapid integration of artificial intelligence into enterprise operations is fundamentally altering the cybersecurity landscape. AI is now embedded in core business workflows, infrastructure, and decision-making processes, expanding the attack surface and introducing new exposure points in data, models, applications, and infrastructure. Security leaders are grappling with governance gaps, especially as agentic AI systems move from pilot to production, and are seeking new standards and controls to manage the risks of autonomous agents and application-to-application access. The need for robust data governance, updated identity and access management, and resilient infrastructure is driving a major IT transformation, with increased spending and a focus on AI-enabled security solutions. Industry experts and CISOs emphasize the importance of adapting security strategies to address the unique challenges posed by AI, including the concentration of sensitive data, the risk of model manipulation, and the complexity of AI-driven environments. Security vendors and analysts highlight the inadequacy of traditional security practices in the face of AI-driven threats, calling for the elimination of outdated controls and the adoption of new standards such as those proposed by Okta for managing OAuth permissions for AI agents. The evolving role of the CISO, the rise of zero trust as a business necessity, and the persistent importance of the human element in defense are recurring themes. Predictions for 2026 underscore the urgency for enterprises to refresh IT infrastructure, strengthen data governance, and prepare for a future where AI agents operate autonomously across interconnected systems, requiring continuous adaptation of security policies and controls to mitigate emerging risks.
3 months ago