More than half of the world’s enterprises have now deployed generative AI in some form. That figure might sound like a success story and in many respects, it is.
The pace at which organizations have moved from experimenting with AI to embedding it in day-to-day operations, from security workflows to business decision-making, has been remarkable by almost any measure.
Senior Director of Product Management and Strategy at OpenText.
But a less comfortable truth sits just beneath the surface of this momentum: adoption is moving considerably faster than the governance, security and risk management infrastructure needed to support it.
The gap between what AI is being asked to do and what organizations have actually put in place to oversee it is widening and that is a problem the industry can no longer afford to defer.
Only around one in five respondents has reached what could genuinely be described as AI mature, a state in which cybersecurity applications are fully deployed, security risks are systematically assessed and effectiveness is tracked against meaningful benchmarks.
The remaining are navigating AI deployment while still constructing the foundations meant to underpin it.
A growing gap between AI momentum and AI controls
Across industries, enthusiasm for AI is undeniable. Enterprises are implementing GenAI tools to boost productivity, streamline operations and enhance decision-making. As these tools spread, the structures meant to govern them are lagging.
Fewer than half of the organizations have a risk-based strategy in place to evaluate and manage AI systems. Fewer still have AI-specific data privacy policies.
This lack of foundational governance intersects with several core risks tied to AI behavior and data use. Model bias and related ethical concerns often embedded deep within training data and architectures remain difficult to manage at scale and can produce unfair, inaccurate or unreliable outcomes.
Prompt and input risks such as misleading or harmful outputs are a concern. Meanwhile, user-driven risks, including the unintended spread of misinformation generated with AI assistance affect more than half of organizations that have deployed these tools.
These governance gaps do not exist in isolation. As enterprises scale AI across more workflows and touchpoints, the risks compound.
Without clear policies around how systems learn, what data they access and how outputs are validated, organizations expose themselves to operational, ethical, and regulatory vulnerabilities that will only become harder to manage over time.
The security implications are coming into sharper focus
AI promises and, in many cases, already delivers meaningful advances for security teams. Faster detection of anomalies, enhanced analysis, and reduced manual workloads all rank highly among its benefits.
Yet paradoxically, many organizations report that AI is also making it harder to maintain strong privacy and security practices.
This challenge stems partly from the scale and autonomy of modern AI systems. As models interact with larger volumes of data and operate with fewer human checkpoints, they introduce new vectors for privacy loss, data exposure, and unauthorized access.
Additionally, reliability concerns persist. Errors in AI decision rules and issues stemming from poor or incomplete data are cited frequently as barriers to AI effectiveness. These reliability gaps also impact trust.
Just over half of practitioners believe human oversight remains essential not as a matter of preference but because AI systems cannot yet be relied upon to operate independently with sufficient consistency or safety.
None of this signals that AI is failing. Enterprise investment in generative and agentic AI shows little sign of slowing. But the technology is not the bottleneck, the institutional infrastructure required to govern it is still catching up and closing that gap is what responsible AI adoption now depends on.
What enterprises need to build trustworthy, scalable AI
Despite these challenges, the path to responsible and secure AI adoption is becoming clearer even if the journey remains uneven. Four pillars stand out as critical to aligning AI innovation with enterprise risk and compliance needs:
- Identity and access management – As AI agents assumes a larger role across the enterprise, they need to be governed with the same discipline applied to any privileged user. That means extending identity controls to non-human identities, enforcing least-privilege access and setting clear boundaries around what AI systems can reach and do.
- Data security – For many organizations, the core risk is not only what AI tools can produce but what it can access, expose or move. Strong data security measures are essential to protect sensitive information, personal data and core repositories, ensuring AI system operate on the right data under the right safeguards.
- Threat detection and response – AI becomes more autonomous; security teams need visibility into machine behavior as well as human activity. Continuous monitoring can help identify unusual actions, flag policy violations and speed up investigation when risk emerge.
- Application security – AI security begins well before deployment. Embedding security into software and applications that support AI-driven workflows allows organizations to identify vulnerabilities earlier and build systems that are more resilient by design.
These are not novel concepts in enterprise technology management. They are adaptations of established principles to a new and rapidly evolving context. The challenge is that the pace of AI adoption has, in many organizations, outrun the pace at which those adaptations have been made.
The true value of AI emerges when security, governance, and information management are integrated from the start.
Enterprises still see enormous promise in generative and agentic AI. But their ability to unlock that value depends on balancing innovation with responsibility.
For organizations pushing forward, the path to AI maturity will require not only investment in advanced tools, but also in clear policies, reliable data practices, and robust oversight mechanisms.
Companies that succeed will be those that build trust as intentionally as they build capability, ensuring AI operates transparently, securely and with a governance framework designed for long-term success.
We’ve featured the best endpoint protection software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
https://cdn.mos.cms.futurecdn.net/fg7bgy65pWhFo4Qzib58yX-2560-80.jpg
Source link
