AvePoint: AI visibility gaps have nearly tripled

- Over a third (35.5%) of enterprise data is now AI-generated

- Up to one in five organisations don't know whether employees are using unsanctioned AI tools

- Up to 72% of organisations are confident they are secure, but still experienced unauthorised access in the past 12 months 

AvePoint, the global AI data protection provider, has released its 3rd annual State of AI Report: Scaling Trust, Control, and Readiness in the Agentic Era*. The report found that AI has scaled into everyday work, while organisations have less visibility into what employees are using than they did a year ago. 

 

Source: State of AI Report: Scaling Trust, Control, and Readiness in the Agentic Era. Chart. The percentage of employees with access to unsanctioned tools for creating AI agents for work has grown in the past 12 months.
Source: State of AI Report: Scaling Trust, Control, and Readiness in the Agentic Era. The percentage of employees with access to unsanctioned tools for creating AI agents for work has grown in the past 12 months.

The percentage of organisations unable to determine whether employees are using unsanctioned AI tools has nearly tripled, from 6.3% in 2025 to 17.6% in 2026. For AI agents specifically, that blind spot is higher still, with 21.1% of organisations unable to account for unsanctioned agent activity. 

The findings underscore why organisations are increasingly seeking a trust layer for AI: an operational foundation of visibility, governance, and enforceable control that scales alongside AI adoption. 

"Nearly half of global employees are already relying on AI agents weekly or daily, and organisations are deploying agents faster than they are building the foundations required to trust them," said Dr Tianyi Jiang (TJ), CEO and Co-Founder, AvePoint.

"The constraint on enterprise AI is no longer model capability, but whether organisations have built a trust layer: the data visibility, governance, and enforceable control required to scale AI with confidence. Without it, speed of deployment becomes speed of exposure."

Nearly half (46.9%) of global employees utilise AI agents on a weekly or daily basis, and work processes that incorporate AI agents are expected to double in the next 12 months. At the same time, organisations anticipate that AI agents will replace more than 25% of human work within 12 months and nearly half within five years. 

Notably, reducing headcount ranks last among the reasons organisations are adopting AI agents. Instead, ROI is being measured by cost displacement: reducing manual efforts, compressing process times, and reallocating human capacity to higher-value work. The shift is also driving the rise of AI FinOps, an emerging discipline required as organisations seek to tie agent spend directly to measurable business outcomes.

As adoption accelerates, visibility, agent management, and data protection are not keeping pace: 

- More than one in five (21.1%) organisations do not know whether employees are using unsanctioned tools to create AI agents, higher than the 17.6% who lack visibility into unsanctioned generative AI use 

- The top concern around AI agents is agents making incorrect judgments or taking actions that damage data, followed closely by agents bypassing human-in-the-loop controls 

- Cybersecurity response is the top-rated AI agent use case, but it is also among the highest-risk deployments when data protection and governance foundations are not in place

Organisations are misjudging their own exposure to unauthorised AI data access: more than eight in 10 (82.7%) respondents report being "very" or "extremely" confident in their ability to prevent unauthorised data access. Yet 72% of the "very confident" group and 62% of the "extremely confident" group have experienced an AI-related unauthorised access incident in the last 12 months. 

The visibility gap is showing up directly in governance outcomes. In 2025, 75.1% of organisations reported at least one generative AI-related security breach. In 2026, that figure rose to 89.5%, signalling systemic governance gaps rather than isolated failures. When it comes to incidents involving AI agents, 88.4% experienced at least one security breach in the past 12 months.

These gaps are also delaying AI value. Nearly nine in 10 (86.9%) organisations delayed generative AI deployments by an average of nearly six months due to data security and management concerns. For AI agents, the figure is at 86%. Organisations cannot scale AI until they can trust and control the data it depends on, and the market is actively seeking solutions that close this gap, Avepoint observed.

The data reveals that confidence does not match competence, especially as many organisations still measure readiness by whether a policy exists, not by whether controls are operational, enforceable, and auditable when it matters most, Avepoint added.

“Trust in AI cannot be measured by confidence alone,” said John Peluso, CTO, AvePoint. 

“It requires operational foundations: visibility into what AI systems are doing, enforceable governance over the data they consume and create, and the ability to audit and correct outcomes when something goes wrong. This is what distinguishes a trust layer from a trust score.”

The governance challenge is compounded by a structural shift in how enterprise data is being created. 

- On average, 35.5% of enterprise data is now generated by AI assistants—this number is expected to reach 42.1% within 12 months

- More than eight in 10 (84.1%) organisations manage at least 1 petabyte of data, up from 79.2% last year 

- Nearly eight in 10 (78.1%) report that at least half of their data is more than five years old, up from 70.7% in 2025

These results, when combined with the continued rise in AI-generated data, demonstrate that when AI systems consume and act on AI-generated content—including redundant, outdated, or low-quality data—governance failures compound at scale. 

"Training and reasoning on redundant, outdated, or trivial (ROT) content increases the probability of irrelevant output and poor decision-making. When AI agents begin acting autonomously on that output, governance failures can propagate operationally across systems, workflows, and decisions at machine speed," cautioned Dana Simberkoff, Chief Risk, Privacy, & Information Security Officer at Avepoint.

In an environment with widespread breaches and deployment delays, organisations are making targeted investments to close the gap: 

- Securing data used for AI training is the top-rated future investment priority (79.5%) 

- Third-party governance tools that monitor agent actions for policy alignment top the planned investment list for the next 12 months; these capabilities are at the core of an emerging category Gartner has defined as the AI agent management platform (AMP) 

- Nearly all (95.5%) organisations have taken one or more actions to mitigate AI agent security concerns in the past 12 months 

- The percentage of organisations doing nothing to address security concerns has decreased from 8.3% in 2025 to 2.5% in 2026, a signal that inaction is no longer seen as an option

According to Avepoint, data security and privacy concerns are consistent across every form of enterprise AI–generative AI and AI agents alike—making the investment thesis durable regardless of how AI architectures evolve. As AI models grow more capable and autonomous, the governance gap expands. Organisations that have not built enforceable data foundations or implemented comprehensive agent management platforms are will be increasingly exposed, Avepoint noted. 

The conclusion is consistent across three years of research, the company said: AI value is constrained by whether organisations have built a trust layer: the data visibility, governance, and enforceable control required for AI outcomes to be trusted, audited, and corrected at scale.  

Explore 

Download AvePoint’s State of AI Report at https://www.avepoint.com/shifthappens/reports/artificial-intelligence-report-2026

Hashtags: #shifthappens 

*The State of AI 2026: Scaling Trust, Control, and Readiness in the Agentic Erais the 3rd annual report in AvePoint's research programme on enterprise AI, conducted in partnership with Osterman Research. The study surveyed 750 respondents with direct responsibility for information management, data security, or AI programmes across the Americas, EMEA, and the Asia Pacific region (APAC).

Comments

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

AWS: AI adoption grows 20% in Singapore

NVIDIA unveils multi-agent intelligent warehouse and catalogue enrichment AI blueprints