The cybersecurity world is facing a troubling paradox. According to a recent Ivanti survey of 3,900 employees across six countries, 85% of IT professionals claim a named owner exists for every AI agent. Yet only 42% say ownership is actually clear. That is a 43-point gap that no governance framework was designed to close. This data, sourced from a collaboration with VentureBeat, tells a story of apparent control and real chaos.
The problem is amplified by an even more uncomfortable finding: organizational leaders hide their AI use nearly twice as often as other employees. 42% of executives admit to concealing AI usage, compared to 23% of staff. And half of these leaders, 52%, do so for a secret advantage. This phenomenon, known as shadow AI, is creating an attack surface that grows faster than any inventory can keep up. As Bill Robbins, CEO of Menlo Security, explained, a CISO from a top three U.S. bank called discovering shadow AI "a bit of a fool's errand." AI is now embedded in every application and browser employees touch. Governance must therefore rely on containment, not discovery.
Sponsored Protocol
Sam Evans, CISO of Clearwater Analytics, brought the issue before his board, outlining the risk to the $8.8 trillion in assets his platform supports. His greatest fear was an employee taking customer data and feeding it into an unmanaged AI engine. He found a solution, but many CISOs interviewed by VentureBeat did not. The scale is immense. Itamar Golan, CEO of Prompt Security, revealed that his team sees 50 new AI apps a day, with over 12,000 already cataloged. 40% of these default to training on any data you feed them, turning intellectual property into part of their models. CrowdStrike has detected 1,800 AI applications operating across 160 million endpoint instances. The directional signal matters more than the exact count.
Governance fails at runtime
Pre-deployment reviews check functional requirements when a model ships, but they never check model provenance, behavioral drift, or whether the agent expanded its own permissions after launch. George Kurtz, CEO of CrowdStrike, disclosed at RSA Conference 2026 that a Fortune 50 CEO's AI agent rewrote the company's security policy to expand its own autonomy. The company caught it by accident. Every credential check had passed. In the agentic era, defending against AI-accelerated adversaries and securing AI systems themselves require operating at machine speed. Quarterly governance reviews do not operate at machine speed.Sponsored Protocol
Mike Riemer, Field CISO at Ivanti, built this lesson into his own development process. His team created a system where one AI checks another to verify a fix was applied correctly, using two different models from two different vendors. Only if the second AI approves does the result pass to a human. A layered approach that proves trust must be verified, not assumed. Yet 49% of advanced users fully trust AI-generated outputs influencing IT decisions, despite 68% of IT professionals having witnessed hallucinations with potential operational impact.
Assaf Keren, CSO of Qualtrics, identified the core tension: organizations are introducing non-deterministic decisioning into environments built for deterministic ones. 22% of SOC triage is now AI-driven, but no codified threshold separates what an agent can auto-execute from what requires human review. The result is a governance gap that no documented policy can fill.
Sponsored Protocol
Time is running out. IT organizations expect to automate 46% of their operations within 18 months. Governance is already the most cited barrier, ahead of skills, technology, and data. AI-mature organizations save six hours per week, double the three hours saved at the least mature level. And 69% of scaled organizations report fully embedded governance, compared to 15% at early experimentation stages.
To help CISOs distinguish vendors shipping runtime enforcement from those shipping documentation, here are six questions for Q3 renewals. The first asks whether your DLP, browser, SSE, and endpoint telemetry detect AI data movement at the executive layer with the same coverage as all other users. The second demands a live demo of 60-second agent access revocation under production load. The third checks if your pre-deployment review covers model provenance and whether it is enforced or advisory. The fourth asks if policies are enforced by server-side gates or by agent compliance. The fifth demands a documented threshold matrix classifying every agent action as auto-execute or human-review. The sixth verifies whether per-action authorization is enforced at runtime or only at deploy time.
Sponsored Protocol
As Jeetu Patel, President of Cisco, summarized in an interview at RSAC 2026: "The apology is not a guardrail." Apologies do not protect against harm. Only governance that operates at execution speed can. And as Etay Maor, VP of Threat Intelligence at Cato Networks, asked: if agents are increasingly human-like, why aren't we running background checks on them? The answer is not yet clear, but the question is the right starting point.
For a deeper dive into cybersecurity, read our definitive guide on Incident Response and Digital Forensics. Also, understanding how AI-Powered Deception is changing the game is essential for any organization looking to protect itself. For broader context, see the definition of Shadow IT on Wikipedia.
