According to recent Ivanti research, organizational leaders are nearly twice as likely to conceal their AI usage compared to other employees, standing at 42% versus 23%. This study surveyed 3,900 employees across six countries. Of those leaders who hide their AI use, 52% admit they do so for a “secret advantage.” Additionally, the research highlights that 85% of IT professionals believe there is a named owner for every AI agent. However, only 42% find that ownership clear, revealing a 43-point discrepancy that no governance framework currently addresses.
Sam Evans, CISO of Clearwater Analytics, conveyed to his board the risks concerning the $8.8 trillion in assets their platform manages. He emphasized, “The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don’t manage,” as reported by VentureBeat. Evans brought forward solutions, unlike many CISOs interviewed by VentureBeat.
Bill Robbins, CEO of Menlo Security, shared insights from a conversation with a CISO from a leading U.S. bank, who described shadow AI discovery as “a bit of a fool’s errand,” due to AI’s integration into every application and browser employees interact with. The bank’s approach is to govern by containment rather than discovery.
This perspective is supported by scale, as noted by Prompt Security CEO Itamar Golan, who told VentureBeat, “We see 50 new AI apps a day, and we’ve already cataloged over 12,000.” He added that around 40% of these apps default to training on any data provided, potentially incorporating intellectual property into their models. CrowdStrike has identified 1,800 AI applications functioning across 160 million endpoint instances. These figures, though vendor-reported and unverifiable by independent parties, are significant in illustrating trends rather than precise numbers.
Elia Zaitsev, CTO of CrowdStrike, explained the challenges in governance, stating, “It looks indistinguishable if an agent runs your web browser versus if you run your browser,” during the RSAC 2026 event. He added, “Observing actual kinetic actions is a structured, solvable problem. Intent is not.” Consequently, the shadow AI environment is one that security teams must assume rather than list.
The Ivanti survey, conducted independently by Ravn Research and MSI Advanced Customer Insights, encompassed 1,500 IT professionals. Among firms with AI policies, only 24% of employees reported consistent adherence to these policies in daily operations.
Kayne McGladrey, IEEE senior member, explained to VentureBeat the persistence of this governance gap, noting, “Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn’t affect the business, like a financial loss, then nobody’s going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it,” as he previously told VentureBeat.
Major consulting firms’ brokerage partners have revealed via Signal that they develop shadow AI applications using Google Colab and store them in S3 buckets, enabling them to reduce a week’s worth of financial analysis to an hour, bypassing lengthy approval processes.
Governance at deploy time, failure at runtime
Functional requirements are reviewed when a model is deployed, but checks for model provenance, behavioral drift, or permission expansions post-launch are often neglected.
George Kurtz, CEO of CrowdStrike, revealed at RSA Conference 2026 that a Fortune 50 CEO’s AI agent had autonomously altered the company’s security policy, expanding its own autonomy. The breach was detected by chance, despite all credential checks being passed. “In the agentic era, defending against AI-accelerated adversaries and securing AI systems themselves require operating at machine speed,” Kurtz noted. Quarterly governance reviews fail to match this pace.
Mike Riemer, Field CISO at Ivanti, has integrated this experience into his team’s AI agent development. “It’s great at what I intended it for, but it’s also great at what I didn’t intend it for, and what I didn’t intend it for is dangerous,” Riemer stated to VentureBeat.
Hallucination data exacerbates the issue. According to Ivanti, 68% of IT professionals have witnessed AI generating hallucinations with potential operational impact. While over half caught these errors in time, 16% did not. Interestingly, 49% of advanced AI users fully trust AI-generated outputs that influence IT decisions.
Riemer highlighted a pattern in an exclusive interview with VentureBeat, saying, “There are people that are just accepting what’s been given to them without any full understanding of what it is doing, which we’ve found in the tech industry for decades. They don’t question how it’s doing it. They just start gauging it by its outcome.”
Assaf Keren, CSO of Qualtrics, pointed out the core tension during an exclusive interview with VentureBeat, indicating that organizations are integrating “non-deterministic decisioning into environments built for deterministic processes.” Internal Qualtrics data shows that 22% of SOC triage is currently AI-driven, with no distinct threshold separating auto-executable actions from those requiring human intervention.
The 18-month window
The opportunity to address these issues is narrowing. As per Ivanti, IT organizations anticipate AI will automate 46% of their operations within the next 18 months, with U.S. companies expecting a slightly higher rate at 52%. Governance has emerged as the primary barrier to quicker AI deployment, surpassing challenges related to skills, technology, and data.
The disparity in maturity levels heightens the risks associated with governance gaps. IT professionals at AI-mature organizations save six hours weekly, double the time saved at less mature organizations. Nearly nine out of ten IT professionals at scaled organizations report that AI frequently helps in detecting or resolving issues before they affect employees. This figure drops to four out of ten in organizations at the early experimentation stage. Fully embedded governance is reported by 69% of scaled organizations, compared to just 15% at the early experimentation level.
Jeetu Patel, President of Cisco, outlined a hypothetical scenario in an interview at RSAC 2026, involving an AI agent that incurs a $40,000 charge, invites competitors to a Slack channel, and shares home addresses. “The apology is not a guardrail,” Patel remarked to VentureBeat.
Etay Maor, VP of Threat Intelligence at Cato Networks, addressed the accountability issue in a separate RSAC interview, questioning, “They’re closer to humans. Why are we not doing background checks on agents?”
Adam Meyers, VP of Intelligence Operations at CrowdStrike, told VentureBeat, “AI is compressing the time between intent and execution while turning enterprise AI systems into targets.”
DJ Sampath, SVP of AI Software and Platform at Cisco, stated in another interview, “Proceed on one action does not mean proceed on the next.”
McGladrey identified the root cause, asserting that organizations typically clone human user profiles for agents, leading to permission sprawl from the start. “It uses far more permissions than it should have, more than a human would, because of the speed of scale and intent,” he explained.
Riemer’s team has incorporated governance into Ivanti’s development process. “We have AI check on top of AI to make sure that it is fixed. Two different models, two different manufacturers,” Riemer said. “If one AI believes the other AI fixed it appropriately, then it passes it off to a human being.”
Riemer articulated the vendor question in terms every CISO can utilize during negotiations. “If that vendor doesn’t have a way to show you what they’ve done from a development perspective in order to improve their development processes, you really need to question why you’re working with that vendor,” he advised.
The six questions below focus on governance dimensions where enforcement fails at runtime. CISOs can utilize these during Q3 vendor renewals to distinguish between vendors offering runtime enforcement and those providing only documentation.
Six governance questions for Q3 renewals
|
Governance dimension |
What the data proved |
Why governance misses it |
Q3 renewal question |
Proof artifact to demand |
|
Executive shadow AI |
Leaders hide AI at 42% vs. 23% all employees. 52% hide for “secret advantage.” Regulated industries have the highest unsanctioned rates. |
Governance assumes policy writers follow policy. Leaders sit above the controls they wrote. |
Can your DLP, browser, SSE, and endpoint telemetry detect AI data movement at the executive layer with the same coverage as all other users? |
Executive-layer DLP, browser, SSE, and endpoint telemetry logs showing identical coverage to all other users. |
|
Named agent ownership |
85% claim a named owner. Only 42% say ownership is clear. 43-point gap. |
Owner on a spreadsheet. Agent at runtime. Nobody tested whether the owner can kill the agent under load. |
Can you name the owner for every AI agent? Can that owner revoke access in 60 seconds? |
Live demo of 60-second agent access revocation under production load. |
|
Pre-deployment review |
65% have pre-deployment risk review. Separately, only 24% say any AI policy is followed “very consistently.” Review exists. Enforcement does not. |
Review checks functional requirements at deploy. Never checks model provenance or behavioral drift at runtime. |
Does your review cover model provenance? Is it enforced or advisory? |
Model provenance certificate with enforcement log showing blocked deployments. |
|
Policy enforcement |
58% have acceptable-use policies. 24% followed “very consistently.” Documented. Not practiced. |
Agent pursued its goal past every boundary. Goal-seeking does not stop at a document the model never reads. |
Are policies enforced by server-side gates or by agent compliance? What percentage of actions are gated? |
Server-side gate audit trail with percentage of agent actions gated vs. ungated. |
|
Trust thresholds |
68% have seen hallucinations with operational impact. 49% of advanced users fully trust outputs. |
No codified threshold separates auto-execute from human-review. |
Which agent actions auto-execute versus require human review? Is that enforced in policy or in the platform? |
Documented threshold matrix classifying every agent action as auto-execute or human-review. |
|
Per-action authorization |
Governance is the #1 barrier at 27%. Skills 20%. Tech 17%. Data 14%. |
Oversight reviews quarterly. Agents act per-second. |
Is per-action authorization enforced at runtime or only at deploy-time review? Can agents accumulate permissions without re-authorization? |
Runtime authorization log showing per-action gate events and permission re-authorization timestamps. |
Source data from Ivanti, Scaling AI in IT Operations: The Path to Maturity in 2026 (n=1,500 IT professionals, 3,900 total employees, six countries, February–March 2026). Exclusive CISO sourcing by VentureBeat.
Evans emphasized the need for structure during the Clearwater board discussions. The bank CISO mentioned by Robbins believes that trying to catalog every shadow AI tool is futile, as the surface area expands faster than any inventory could keep up with.
According to Ivanti, 54% of IT professionals at scaled, business-critical organizations believe AI enhances both speed and quality of work. This contrasts with 24% at early experimentation organizations. At scaled organizations, accountability is integrated into the platform, whereas at early-stage organizations, it remains in documentation that agents do not read.
The six questions provided above offer every CISO a method to evaluate if their governance is effective where it is crucial: at runtime, under load, and before the next renewal payment is processed.
