AI is no longer experimental — it’s operational. Generative AI (GenAI) assistants are embedded in everyday workflows, and autonomous AI agents are beginning to take action across business processes. What started as a productivity accelerator is a foundational part of how enterprises operate.
But as adoption accelerates, risk scales with it. Data security incidents are rising, governance gaps are widening, and organizations are discovering that scaling AI safely is far harder than deploying it.
In The State of AI 2026 report, AvePoint surveyed 750 global IT leaders across the financial services, healthcare, and government sectors to understand how organizations are navigating this new phase of AI maturity. The findings point to a clear trend: AI success is increasingly shaped less by technology and more by the ability to build trust through readiness, control, and governance.
Read the State of AI Report 2026
Key Themes Shaping Enterprise AI in 2026
Now in its third year, the report uncovered the growing gap between the pace of AI adoption and organizations’ ability to govern it effectively. Amid the proliferation of AI agents, AI-generated data, and enterprise-wide deployments, many organizations are discovering that visibility, security, and data governance pose critical challenges to achieving AI at scale.
Here are some of our most important findings that leaders need to understand right now:
AI Confidence Is Outpacing Risk Readiness
More than four in five organizations say they are confident in their ability to prevent unauthorized data access. Yet even among organizations reporting high confidence, AI-related unauthorized access incidents remained widespread, affecting 62% to 72% of respondents depending on confidence level.
Why it matters: The disconnect is hard to ignore: Confidence is rising, but incident rates remain high. The findings suggest that trust in AI cannot be built on confidence alone — it requires visibility, governance, and enforceable controls.
Security and Privacy Remain the Biggest Barrier to Scale
The key findings identify security and privacy as top concerns for both GenAI and AI agents. In the past 12 months, 89.5% of organizations experienced at least one GenAI-related security breach, while 88.4% experienced at least one AI agent-related breach.
Why it matters: Securing the data and environments AI depends on is becoming a prerequisite for scaling deployments responsibly.
Agent Observability Is Concerning
Visibility into AI usage is declining just as adoption accelerates. For GenAI, 17.6% of respondents say they do not know whether employees are using unsanctioned tools, up from 6.3% in 2025. When it comes to AI agents, 21.1% of organizations say they do not know whether unsanctioned tools are being used to build agents for work processes.
Why it matters: Without visibility into the usage of AI platforms and agents, governance breaks down — and risk becomes harder to detect before it spreads.
Lack of Readiness Delays AI Deployments
Nearly nine in 10 organizations delayed both GenAI and AI agent deployments by an average of almost six months, largely due to unresolved data security and data management concerns. For AI agents, 86% of organizations reported delays averaging 5.92 months; for GenAI, 86.9% reported delays averaging 5.88 months.
Why it matters: These are not minor implementation hiccups. They point to unresolved challenges in governance, data quality, reporting, and control that directly delay deployment and increase risk.
AI-Generated Data Is Raising the Governance Burden
AI is becoming a significant creator of enterprise data. Today, 35.5% of organizational data is generated by AI assistants, and respondents expect that number to reach 42.1% within 12 months. At the same time, 84.1% of organizations manage at least one petabyte of data, and 78.1% say at least half of their data is more than five years old.
Why it matters: As AI creates more enterprise data, weak data governance becomes an even bigger blocker to safe, scalable AI adoption. The challenge is not just the volume of data being created. AI-generated data often lacks clear lineage, can contain uncertainty, and may be reused by other AI systems, increasing the risk of compounding inaccuracies and compliance issues.
AI Agents Are Scaling Faster Than Control
AI agents are moving quickly into day-to-day work. Nearly 46.9% of employees already rely on them daily or weekly, and the percentage of work processes involving agents has grown from 26.6% a year ago to 39.1% today, with respondents expecting it to reach 54.8% within 12 months.
At the same time, 88.4% of organizations report at least one AI agent-related security breach, with data leakage (50.1%) and manipulation by malicious or untrusted inputs (49.6%) among the most common incidents.
Why it matters: Once AI starts taking action – not just generating output – the consequences of weak governance become operational, immediate, and harder to contain.
Investment Is Shifting Toward AI Governance and Control Systems
Organizations are beginning to invest less in access alone and more in the systems needed to govern AI at scale. About 62.4% plan to increase investment in tools that monitor AI agents’ actions for policy alignment, 55.7% plan to invest more in tools that protect agents from interference, and 52.4% plan to increase spending on agent cost-management tools.
Why it matters: This reflects a broader shift in enterprise priorities: from experimenting with AI to building the visibility, governance, and resilience needed to run it responsibly in production.
Control Is the New Competitive Advantage
The findings from this year’s The State of AI report underscore a consistent pattern: Enterprise AI success is defined by the ability to govern how AI is used, what it can access, and how its outputs and actions are controlled at scale. Across both GenAI and AI agents, security incidents remain widespread while GenAI-related breaches have increased year over year. Unresolved data and governance concerns cause deployment delays.
As AI becomes more embedded in workflows and autonomous systems take on more execution, organizations need trusted data, governance, and oversight to scale AI with confidence.
And in the age of autonomous AI, trust isn’t built on intention. It’s built on control.
Download The State of AI 2026 report to explore the full findings and understand what it takes to scale AI securely and with confidence.
Frequently Asked Questions
What is the State of AI 2026 report?
The State of AI 2026 report is AvePoint's third annual study of how enterprises adopt and govern AI. It surveyed 750 global IT leaders across the financial services, healthcare, and government sectors, focusing on trust, security, governance, and the rise of autonomous AI agents.
How many IT leaders were surveyed for the report?
The report surveyed 750 global IT leaders. Respondents came from the financial services, healthcare, and government sectors, giving a cross-industry view of enterprise AI maturity in 2026.
What percentage of organizations experienced an AI agent security breach?
88.4% of organizations experienced at least one AI agent-related security breach in the past 12 months. The most common incidents were data leakage (50.1%) and manipulation by malicious or untrusted inputs (49.6%).
What percentage of organizations experienced a GenAI security breach?
89.5% of organizations experienced at least one GenAI-related security breach in the past 12 months. Security and privacy rank as the top concerns for both GenAI and AI agents.
Why are organizations delaying AI deployments?
Organizations are delaying AI deployments mainly because of unresolved data security and data management concerns. Nearly nine in 10 delayed both GenAI and AI agent projects by an average of about six months (5.88 months for GenAI and 5.92 months for AI agents).
How much enterprise data is now generated by AI?
AI assistants generate 35.5% of organizational data today, and respondents expect that to reach 42.1% within 12 months. This matters because 84.1% of organizations already manage at least one petabyte of data and 78.1% say at least half of it is more than five years old.
How quickly are AI agents being adopted?
AI agents are being adopted rapidly. Nearly 46.9% of employees already use them daily or weekly, and the share of work processes involving agents has grown from 26.6% a year ago to 39.1% today, with an expected rise to 54.8% within 12 months.
What can organizations do to scale AI safely?
Organizations can scale AI safely by prioritizing governance, visibility, and control over the data and environments AI depends on. The report shows investment shifting toward monitoring agent actions (62.4%), protecting agents from interference (55.7%), and managing agent costs (52.4%) across Microsoft 365, Google Workspace, and other cloud environments.
John Peluso is AvePoint’s Chief Technology Officer. In this role, he aligns the Company’s technology and product roadmaps to grow AvePoint’s market share, and accelerate the ideation, development, and launch of innovative software products tailored to anticipate customer needs. Prior to this role, John held multiple leadership roles in his over 15-year career at AvePoint, including Chief Product Officer, SVP of Product Strategy, Director of Education, and Chief Technology Officer, Public Sector.
Before joining AvePoint, John served in a variety of technology and business roles at New Horizons Northeast and New Horizons of Central and Northern NJ. He earned his undergraduate degree from The New School.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She oversees a global team of subject matter experts who monitor industry trends, emerging technologies, and best practices in risk management and compliance. Dana also provides strategic guidance on product direction, technology enhancements, customer challenges, and market opportunities, partnering closely with internal and external executive stakeholders. Dana is an industry leader, previously serving on the Education Advisory Board for the International Association of Privacy Professionals (IAPP) and as a founding member of the Women Leading Privacy Advisory Board. Dana has been featured in the Wall Street Journal, Forbes, Security Magazine and more, and is consistently recognized by organizations like IDC and CSO as an influential woman in cybersecurity. Dana holds a Bachelor of Arts degree from Dartmouth College and a Juris Doctor from Suffolk University Law School.