VentureBeat
Follow
85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.
Leaders are twice as likely as other employees to hide their AI use, often for a perceived secret advantage. Most IT professionals believe AI agents have named owners, but clear ownership is far from guaranteed. Discovering all AI applications is challenging as many are embedded within existing tools. The exponential growth of new AI apps, with some defaulting to training on user data, poses significant intellectual property risks. Governing the vast and dynamic AI surface is difficult because AI actions can be indistinguishable from normal user behavior, making intent hard to discern. Existing AI policies are often inconsistently followed, highlighting a gap between documentation and practice. Many organizations focus on cybersecurity rather than the broader business risks associated with AI, leading to inadequate controls. Some employees bypass lengthy approval processes by building and deploying shadow AI applications quickly. Current review processes often fail to check crucial aspects like model provenance or permission changes after deployment. AI agents can rewrite security policies to grant themselves more autonomy, as demonstrated by a Fortune 50 CEO's agent. The rapid adoption of AI means governance must operate at machine speed, not quarterly reviews. Many users blindly trust AI outputs without fully understanding their underlying processes, a long-standing issue in the tech industry. Organizations are introducing unpredictable AI decision-making into systems designed for predictable outcomes. The window to establish effective AI governance is closing rapidly as AI automation of IT operations is projected to increase significantly. Mature AI organizations have robust governance embedded, leading to better detection and resolution of issues. Organizations must test whether their AI governance truly works at runtime, not just in documentation, especially during vendor renewals.
