AI visibility gaps have nearly tripled as AI agents scale, research finds

WorkAI.TV Editorial Desk
4 Min Read

Share with your CISO

Enterprise AI governance is breaking down faster than most security teams realize, and AvePoint’s third annual State of AI report puts hard numbers on the collapse. The share of organizations that can’t determine whether employees are using unsanctioned AI tools has nearly tripled in a single year, from 6.3% to 17.6%. For AI agents specifically, that blind spot hits 21.1%. The gut-punch stat is this one: 72% of organizations that expressed confidence in their ability to block unauthorized access to AI-related data still suffered an unauthorized access incident in the past 12 months.

What this means for your business

The confidence-incident gap is the sharpest finding here, and it points to a recurring failure mode in enterprise security: organizations conflate having a policy with having control. Eighty percent of respondents said they were confident in their access controls, yet nearly three-quarters of that same group got breached anyway. That’s not a technology problem, it’s a measurement problem. If your security posture is calibrated by how confident your team feels rather than by what your telemetry, the system data showing how AI tools and agents are actually behaving at runtime, is showing you, you’re flying blind at altitude.

The agentic AI layer is where the exposure compounds. Traditional shadow IT, the unsanctioned apps employees install and use without IT approval, was at least human-paced. An employee uses a tool, a log might capture it, someone might notice. Agents operate autonomously, can chain actions across multiple systems, and generate their own data artifacts. A single untracked agent can touch more sensitive data in an afternoon than a careless employee touches in a month. The 21.1% of organizations that can’t account for unsanctioned agent activity aren’t just behind on governance, they’ve lost the ability to draw a perimeter at all. AvePoint sells governance tooling into exactly this gap, which gives their survey an incentive to dramatize the problem, but the direction of the finding, visibility degrading as deployment accelerates, matches what any organization scaling Microsoft Copilot or similar platforms would observe empirically.

The deployment delay finding cuts both ways. Ninety percent of organizations slowed agentic AI rollouts by nearly six months over data security concerns, which means the governance anxiety is real and boards are already asking the questions. The CISO who shows up with a framework for agent observability, clear audit trails for what agents accessed, when, and why, is no longer playing defense. That person is the one unblocking six months of stalled deployment. The decision to weigh differently isn’t whether to invest in AI governance; it’s whether your current vendor stack can produce the audit record that would satisfy a regulator or a board asking “what did our agents do last quarter?”

Based on reporting from AI visibility gaps have nearly tripled as AI agents scale, research finds, originally published 2026-07-14 02:00:00.

TAGGED:
Share This Article