According to new Ivanti research that surveyed 3,900 employees in six countries, organizational leaders are almost twice as likely to hide their AI use as all other employees, 42% versus 23%. Of those leaders who hide that use, 52% say they do so because "Secret benefits." The same research found that 85% of IT professionals claim there is a named owner for each AI agent. Only 42% say ownership is really clear – a 43-point gap that no governance framework was designed to close.
Clearwater Analytics’ CISO, Sam Evans, stood in front of his board and took a risk on the $8.8 trillion in assets supported by his firm’s platform. "The worst possible thing that would happen is that one of our employees would take customer data and put it into an AI engine that we don’t manage," Evans told VentureBeat. He brought not just a problem but a solution. Many CISOs VentureBeat did not interview.
Menlo Security CEO Bill Robbins relays conversation with top 3 US bank CISOs who called shadow AI discovery "a little silly thing": AI is built into every application and browser an employee touches. The Bank controls by prevention, not detection.
The scale justifies that posture. "We see 50 new AI apps every day, and we’ve already listed over 12,000," Itamar Golan, CEO of Prompt Security, told VentureBeat. "About 40% of these default to training on any data you feed them, meaning your intellectual property could become part of their models." CrowdStrike detected 1,800 AI applications running on 160 million endpoint instances. Those are vendor-reported numbers from proprietary telemetry. No independent party can verify these. Directional signal matters more than precise calculations.
CrowdStrike CTO Elia Zaitsev explains what makes Surface so difficult to govern. "It seems indistinguishable if an agent runs your web browser, whereas if you run your browser," Zaitsev told VentureBeat at RSAC 2026. "Observing actual kinetic actions is a structured, solvable problem. Not intended." Shadow AI surfaces are no longer a list that security teams can maintain. This is an environment they have to adapt to.
The Ivanti survey was independently administered by Raven Research and MSI Advanced Customer Insights to 1,500 IT professionals. At companies with AI policies, only 24% of employees say those policies are followed "most frequent" In everyday work.
Kayne McGladrey, senior member of the IEEE, tells VentureBeat why the governance gap persists. "Anything that appears to be cyber security is usually put into the cyber security risk category, which is entirely a fiction. They should focus on business risks, because if it doesn’t impact the business like a financial loss, no one will pay attention to it, and they won’t properly budget for it, nor have adequate controls in place to prevent it." McGladrey previously told VentureBeat.
Brokerage partners at major consulting firms shared on Signal that they build Shadow AI applications in Google Colab and store them in an S3 bucket to compress a week’s financial analysis into an hour. The approval process takes too long, so they move it around.
Governance at deployment time, failure at runtime
Reviews check functional requirements when a model ships, but they never check the model’s origins, behavioral drift, or whether the agent expanded its permissions after launch.
CrowdStrike CEO George Kurtz revealed at the RSA Conference 2026 that the AI agent of a Fortune 50 CEO rewrote the company’s security policy to expand its autonomy. The company caught it by mistake. Every credential check was passed. "In the agentic age, defending against AI-accelerated adversaries and securing AI systems requires operating at machine speed," Kurtz said. Quarterly governance reviews are not driven at the speed of a machine.
Mike Reimer, field CISO at Ivanti, incorporated that lesson into his team’s AI agent development. "It’s great for what I intended it for, but it’s also great for what I didn’t intend it for, and dangerous for what I didn’t intend it for," Reimer told VentureBeat.
Hallucinatory data complicates the problem. According to Ivanti, sixty-eight percent of IT professionals have personally observed AI produce hallucinations with potential operational implications. More than half caught errors before damage occurred, but 16% did not. Yet among the most advanced users of AI, 49% fully trust AI-generated outputs to influence IT decisions.
Reimer described the pattern in an exclusive interview with VentureBeat. "There are people who are accepting what they’re given without a full understanding of what it’s doing, which is what we’ve found in the tech industry for decades," Reimer said. "They don’t question how it’s doing it. They simply start assessing it by its outcome."
Qualtrics CSO Assaf Keren identified the main tensions in an exclusive interview with VentureBeat. Institutions are introducing "Non-deterministic decisions in environments built for determinism." Karen cited internal Qualtrics data showing that 22% of SOC triage is now AI-driven. There are no codified limits separating what an agent can perform automatically and what requires a human in the loop.
18 month window
The window to fix this is closing. According to Ivanti, IT organizations expect AI to automate 46% of their operations within 18 months. American companies project 52%. Governance is already the most common barrier to rapid deployment, ahead of skills, technology and data challenges.
The maturity divide makes governance differences all the more dangerous. IT professionals in AI-mature organizations save six hours per week, which is double the three hours saved at the least mature level. Nearly 9 out of 10 IT professionals in large organizations say AI often helps detect or solve problems before they affect employees. In early experiment organizations, this number drops to four out of ten. Sixty-nine percent of scaled organizations report fully embedded governance, compared to 15% in the initial experiment.
Cisco President Jitu Patel walked through a hypothetical scenario in an interview at RSAC 2026: An agent who charges $40,000, invites competitors to a Slack channel, and publishes home addresses. "Forgiveness is not a guardrail," Patel told VentureBeat.
Ante Maor, Cato Networks’ vice president of threat intelligence, brought up the accountability problem in a separate RSAC interview. "They are close to humans. Why aren’t we doing background checks on agents?"
"AI is reducing the time between intent and execution while transforming enterprise AI systems into goals," Adam Meyers, CrowdStrike VP of Intelligence Operations, told VentureBeat.
"Moving on to one task doesn’t mean moving on to the next," DJ Sampath, Cisco SVP of AI software and platforms, said in a separate interview.
McGladrey described the root cause. Organizations default to agents cloning human user profiles, and the proliferation of permissions starts from day one. "Because of the scale and speed of intent, it uses far more permissions than it should, far more than a human being should," He said.
Reimer’s team built administration into Ivanti’s own development process. "We have AI checks on top of the AI to make sure it’s done right. Two different models, two different manufacturers," Reimer said. "If an AI feels that another AI has fixed it appropriately, it passes it on to a human."
Reimer asked the salespeople questions about terms every CISO could use at the negotiating table. "If that vendor has no way of showing you what they have done from a development standpoint to improve their development processes, then you really need to question why you are working with that vendor," He said.
The six questions below target dimensions of governance where enforcement collapses at runtime. CISOs can use them to separate shipping runtime enforcement from vendors’ shipping documentation during Q3 vendor renewals.
Six governance questions for Q3 renewal
| governance dimensions |
What did the data prove? |
Why does the administration remember this? |
Q3 renewal question |
Proof artefacts to ask for |
|
Executive Shadow AI |
Leaders hide AI at 42% vs. 23% of all employees. hide for 52% "Secret benefits." Regulated industries have the highest denial rates. |
The government assumes that policy writers follow the policy. Leaders sit on top of the controls they wrote. |
Can your DLP, browser, SSE and endpoint telemetry trace AI data movement at the executive level with the same coverage as all other users? |
Executive-layer DLP, browser, SSE, and endpoint telemetry logs show equal coverage to all other users. |
|
Designated Agent Ownership |
85% claim named owner. Only 42% say ownership is clear. 43-point difference. |
Owner on spreadsheet. Agent at runtime. No one tested whether the owner could kill the agent under load. |
Can you name the owner of each AI agent? Can that owner revoke access in 60 seconds? |
Live demo of 60-second agent access revocation under production load. |
|
pre deployment review |
65% have a pre-deployment risk review. Separately, only 24% say any AI policy is followed "most frequent." Review exists. Does not enforce. |
The review examines the functional requirements at the time of deployment. Never checks model provenance or behavioral deviations at runtime. |
Does your review cover model provenance? Has it been implemented or advised? |
Model certificate of origin with enforcement log showing blocked deployments. |
|
policy implementation |
58% have acceptable-use policies. 24% followed "most frequent." Documented. Not practiced. |
The agent pursued his target across every border. The search for targets does not stop at documents that the model never reads. |
Are policies enforced by server-side gates or agent compliance? What percentage of actions are gated? |
Server-side gate audit trail with percentage of gated vs. ungated agent tasks. |
|
limits of trust |
68% have seen hallucinations with operational effects. 49% of advanced users completely trust the output. |
No codified limits separate auto-execution from human-review. |
Which agent actions are executed automatically vs. requiring human review? Is it implemented in policy or on the platform? |
The documented threshold matrix classifies each agent action as auto-execution or human-review. |
|
response authority |
Governance is the #1 barrier at 27%. Skills 20%. Tech 17%. Data 14%. |
Inspection conducts quarterly reviews. Agents perform tasks per second. |
Is per-action authorization applied at runtime or only on deployment-time review? Can agents submit permissions without re-authorization? |
Runtime authorization log showing per-action get events and permission re-authorization timestamps. |
Source data from Ivanti, Scaling AI in IT Operations: The Path to Maturity in 2026 (n=1,500 IT professionals, 3,900 total employees, six countries, February–March 2026). Exclusive CISO Sourcing by VentureBeat.
Evans designed the structure around the Clearwater board conversation. The bank CISO that Robbins describes recognized that AI is everywhere and driven by control rather than discovery. Governance that attempts to list every shadow AI tool will fail because the surface grows faster than any list can handle.
According to Ivanti, in large-scale, business-critical organizations, 54% of IT professionals say AI makes their work faster and better. Among early experiment organizations, 24% say the same. In large organizations, accountability resides in the platform. Initially, it resides in a document that the agent never reads.
The six questions above give every CISO a way to check whether their governance is really working where it counts. At runtime, under load, and before the next upgrade check is cleared.
<a href