Nearly Half of Large Enterprises Lack Full Visibility Into AI Use by Employees, According to New Protiviti AI Pulse Survey

AI blind spots are increasing cybersecurity, operational and third party risk as adoption accelerates

MENLO PARK, Calif. - May 6, 2026 - As artificial intelligence becomes embedded across core business functions, many organisations still lack a clear understanding of how and where AI is being used across their enterprises. According to new research from global consulting firm Protiviti, nearly half (47%) of large organisations report they do not have full visibility into employee AI tool usage, creating growing challenges related to cybersecurity, governance and operational risk.

The findings come from the fourth Protiviti AI Pulse Survey, titled "No Visibility, No Confidence, which examines how C suite executives, board members and IT leaders are managing AI adoption, oversight and risk as usage expands across the enterprise and into third party platforms.

AI Adoption Is Outpacing Oversight and Governance

The survey reveals a widening gap between the pace of AI adoption and organisations' ability to govern it effectively:

• 47% of large organisations lack full visibility into AI tools used by employees.
• 65% report challenges with "shadow AI," where systems are deployed or used without proper oversight.
• Only four in 10 organisations have a formal AI governance framework in place. Even among large organisations, one in three lack a formal framework, underscoring that resources alone do not guarantee effective oversight.

According to the survey, organisations that have a formal AI governance framework in place report:

• Greater visibility into AI usage
• Higher confidence in managing AI-related risk
• Stronger recognition of AI-driven cyber and operational threats at the executive level

"Organisations can't manage what they can't see," said Sameer Ansari, Global Lead, CISO Solutions at Protiviti. "As AI becomes more deeply embedded across the enterprise, leaders are often making decisions based on an incomplete picture. That lack of visibility makes it significantly harder to secure systems, enforce governance and build trust in AI-enabled outcomes."

Visibility Gaps Expose Organisations to Higher Cyber and Operational Risk

The research also highlights a disconnect between executive leadership and IT teams when it comes to assessing AI-related risk:

• Close to half of IT leaders (45%) believe AI has increased cyber risk significantly, versus fewer than one in three (30%) executives and board members.

IT teams, which are closer to day to day AI usage, are more likely to identify gaps that extend beyond internal systems to include vendor platforms, embedded AI tools and third party services. These blind spots can delay decision making, slow investment in controls and limit an organisation's ability to respond quickly to emerging AI-driven threats.

As AI Scales, Visibility and Control Must Scale with It

As organisations move beyond early experimentation and their use of AI more significantly impacts customers, financial processes, and other critical elements of the business, the importance of scalable governance, accountability and continuous AI tool monitoring grows.

"As AI extends deeper into business processes and third party ecosystems, organisations need to revisit and strengthen controls," Ansari said. "Those that invest early in governance, transparency and accountability will be far better positioned to scale AI securely, respond to threats and sustain long term value."

Methodology

The Protiviti AI Pulse Survey was conducted in February 2026 and includes responses from approximately 345 C suite executives, board members and IT leaders across global organisations. The survey, the fourth in an ongoing series of surveys designed to assess the ever-evolving AI landscape, looks at how businesses are addressing AI-related cybersecurity, governance and resilience challenges.

Protiviti has also published an AI Governance FAQ guide. It provides practical, cross-functional perspectives on the governance of AI systems and data, while also addressing broader implications across compliance, cybersecurity, finance, people and culture, customer experience, operations, internal audit and board oversight.