AI blind spots are increasing cybersecurity, operational and third‑party risk as adoption accelerates

MENLO PARK, Calif., May 7, 2026 /PRNewswire/ — As artificial intelligence becomes embedded across core business functions, many organizations still lack a clear understanding of how and where AI is being used across their enterprises. According to new research from global consulting firm Protiviti, nearly half (47%) of large organizations report they do not have full visibility into employee AI tool usage, creating growing challenges related to cybersecurity, governance and operational risk.

The findings come from the fourth Protiviti AI Pulse Survey, titled “No Visibility, No Confidence,” which examines how C‑suite executives, board members and IT leaders are managing AI adoption, oversight and risk as usage expands across the enterprise and into third‑party platforms.

AI Adoption Is Outpacing Oversight and Governance

The survey reveals a widening gap between the pace of AI adoption and organizations’ ability to govern it effectively:

• 47% of large organizations lack full visibility into AI tools used by employees.
• 65% report challenges with “shadow AI,” where systems are deployed or used without proper oversight.
• Only four in 10 organizations have a formal AI governance framework in place. Even among large organizations, one in three lack a formal framework, underscoring that resources alone do not guarantee effective oversight.

According to the survey, organizations that have a formal AI governance framework in place report:

• Greater visibility into AI usage
• Higher confidence in managing AI-related risk
• Stronger recognition of AI-driven cyber and operational threats at the executive level

“Organizations can’t manage what they can’t see,” said Sameer Ansari, Global Lead, CISO Solutions at Protiviti. “As AI becomes more deeply embedded across the enterprise, leaders are often making decisions based on an incomplete picture. That lack of visibility makes it significantly harder to secure systems, enforce governance and build trust in AI-enabled outcomes.”

Visibility Gaps Expose Organizations to Higher Cyber and Operational Risk

The research also highlights a disconnect between executive leadership and IT teams when it comes to assessing AI-related risk:

• Close to half of IT leaders (45%) believe AI has increased cyber risk significantly, versus fewer than one in three (30%) executives and board members.

IT teams, which are closer to day‑to‑day AI usage, are more likely to identify gaps that extend beyond internal systems to include vendor platforms, embedded AI tools and third‑party services. These blind spots can delay decision‑making, slow investment in controls and limit an organization’s ability to respond quickly to emerging AI-driven threats.

As AI Scales, Visibility and Control Must Scale with It

As organizations move beyond early experimentation and their use of AI more significantly impacts customers, financial processes, and other critical elements of the business, the importance of scalable governance, accountability and continuous AI tool monitoring grows.

“As AI extends deeper into business processes and third‑party ecosystems, organizations need to revisit and strengthen controls,” Ansari said. “Those that invest early in governance, transparency and accountability will be far better positioned to scale AI securely, respond to threats and sustain long‑term value.”

Methodology

The Protiviti AI Pulse Survey was conducted in February 2026 and includes responses from approximately 345 C‑suite executives, board members and IT leaders across global organizations. The survey, the fourth in an ongoing series of surveys designed to assess the ever-evolving AI landscape, looks at how businesses are addressing AI-related cybersecurity, governance and resilience challenges.

Protiviti has also published an AI Governance FAQ guide. It provides practical, cross-functional perspectives on the governance of AI systems and data, while also addressing broader implications across compliance, cybersecurity, finance, people and culture, customer experience, operations, internal audit and board oversight.

About Protiviti
Protiviti (www.protiviti.com) is a global consulting firm that helps clients transform and protect their businesses, and respond to planned and unexpected events. Through a network of more than 90 offices in over 25 countries, Protiviti and its independent and locally owned member firms deliver deep expertise and tailored capabilities across technology, artificial intelligence, data, operations, finance, legal, compliance, HR, marketing, digital, risk, and internal audit – enabling organizations to accelerate innovation, navigate risks and safeguard what matters most.

Named to the Fortune 100 Best Companies to Work For® list since 2015, Protiviti Inc. has served more than 80 percent of Fortune 100 and nearly 80 percent of Fortune 500 companies. The firm also works with government agencies and smaller, growing companies, including those looking to go public. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI).

View original content to download multimedia:https://www.prnewswire.com/news-releases/nearly-half-of-large-enterprises-lack-full-visibility-into-ai-use-by-employees-according-to-new-protiviti-ai-pulse-survey-302765940.html

SOURCE Protiviti