AvePoint Research Reveals AI Visibility Gaps Have Nearly Tripled as AI Agents Scale and Almost Half of Enterprise Employees Now Rely on Agents Daily or Weekly

Third annual State of AI Report finds organizations lack the trust layer required to scale AI safely, as governance gaps, deployment delays, and AI-generated data are compounding the challenge

Key Findings:

• Up to 1 in 5 organizations don’t know whether employees are using unsanctioned AI tools, a visibility gap that has nearly tripled since 2025 for generative AI (6.3% to 17.6%) and is even higher for AI agents at 21.1%
• More than 4 in 5 organizations are confident in their ability to prevent unauthorized AI-related data access, yet up to 72% of confident organizations still experienced an unauthorized access incident in the past 12 months
• Nearly 9 in 10 organizations delayed both agentic and generative AI deployments by an average of almost six months, citing data security and governance concerns as the primary cause
• 35.5% of enterprise data is now AI-generated; this figure is expected to reach 42.1% within 12 months, expanding the surface that governance must cover
• 46.9% of employees rely on AI agents daily or weekly, yet 88.4% of organizations experienced at least one agent-related security incident in the past year, driving investment toward third-party governance tools and emerging AI Agent Management Platforms (AMPs) as the top planned investment for the next 12 months

AvePoint (Nasdaq: AVPT; SGX: AVP), the global leader in AI data protection, unifying data security, governance, and resilience, today released its third annual State of AI Report: Scaling Trust, Control, and Readiness in the Agentic Era. The report finds that AI has scaled into everyday work, and organizations have less visibility into what employees are using than they did a year ago. The percentage of organizations unable to determine whether employees are using unsanctioned AI tools has nearly tripled, from 6.3% in 2025 to 17.6% in 2026. For AI agents specifically, that blind spot is higher still, with 21.1% of organizations unable to account for unsanctioned agent activity.

The findings underscore why organizations are increasingly seeking a trust layer for AI: an operational foundation of visibility, governance, and enforceable control that scales alongside AI adoption.

Also Read: AiThority Interview with Matej Bukovinski, Chief Technology Officer at Nutrient

The study, conducted in partnership with Osterman Research, surveyed 750 enterprise leaders with direct responsibility for information management, data security, or AI programs across the Americas, EMEA, and APAC.

“Nearly half of global employees are already relying on AI agents weekly or daily, and organizations are deploying agents faster than they are building the foundations required to trust them,” said Dr. Tianyi Jiang (TJ), CEO and Co-Founder, AvePoint. “The constraint on enterprise AI is no longer model capability, but whether organizations have built a trust layer: the data visibility, governance, and enforceable control required to scale AI with confidence. Without it, speed of deployment becomes speed of exposure.”

AI Agents Are Scaling and Organizations Are Losing Visibility as They Do

46.9% of global employees utilize AI agents on a weekly or daily basis, and work processes that incorporate AI agents are expected to double in the next 12 months. At the same time, organizations anticipate that AI agents will replace more than 25% of human work within 12 months and nearly half within five years. Notably, reducing headcount ranks last among the reasons organizations are adopting AI agents. Instead, ROI is being measured by cost displacement: reducing manual efforts, compressing process times, and reallocating human capacity to higher-value work. The shift is also driving the rise of AI FinOps, an emerging discipline required as organizations seek to tie agent spend directly to measurable business outcomes.

As adoption accelerates, visibility, agent management, and data protection are not keeping pace:

• 21.1% of organizations do not know whether employees are using unsanctioned tools to create AI agents, higher than the already alarming 17.6% who lack visibility into unsanctioned generative AI use
• The top concern around AI agents is agents making incorrect judgments or taking actions that damage data, followed closely by agents bypassing human-in-the-loop controls
• Cybersecurity response is the top-rated AI agent use case, but it is also among the highest-risk deployments when data protection and governance foundations are not in place

The Governance Gap Is Widening, and Confidence Alone Is Not Closing It

Organizations are misjudging their own exposure to unauthorized AI data access:

• 82.7% of respondents report being “very” or “extremely” confident in their ability to prevent unauthorized data access
• Yet 72% of the “very confident” group and 62% of the “extremely confident” group have experienced an AI-related unauthorized access incident in the last 12 months

The visibility gap is showing up directly in governance outcomes. In 2025, 75.1% of organizations reported at least one generative AI-related security breach. In 2026, that figure rose to 89.5%, signaling systemic governance gaps rather than isolated failures. For AI agents, 88.4% experienced at least one security breach in the past 12 months.

These gaps are also delaying AI value. 86.9% of organizations delayed generative AI deployments by an average of nearly six months due to data security and management concerns. For AI agents, the figure is nearly identical at 86%. Organizations cannot scale AI until they can trust and control the data it depends on, and the market is actively seeking solutions that close this gap.

The data reveals that confidence does not match competence, especially as many organizations still measure readiness by whether a policy exists, not by whether controls are operational, enforceable, and auditable when it matters most.

“Trust in AI cannot be measured by confidence alone,” said John Peluso, Chief Technology Officer, AvePoint. “It requires operational foundations: visibility into what AI systems are doing, enforceable governance over the data they consume and create, and the ability to audit and correct outcomes when something goes wrong. This is what distinguishes a trust layer from a trust score.”

AI Is Becoming a Major Source of Enterprise Data, and Most Organizations Aren’t Ready for What That Means

The governance challenge is compounded by a structural shift in how enterprise data is being created.

• On average, 35.5% of enterprise data is now generated by AI assistants—expected to reach 42.1% within 12 months
• 84.1% of organizations manage at least 1 petabyte of data, up from 79.2% last year
• 78.1% report that at least half of their data is more than five years old, up from 70.7% in 2025

These results, when combined with the continued rise in AI-generated data, demonstrate that when AI systems consume and act on AI-generated content—including redundant, outdated, or low-quality data—governance failures compound at scale.

Readiness, Not Models, Will Decide Who Wins With AI

Despite widespread breaches and deployment delays, organizations are making targeted investments to close the gap. The research shows clear directional investment:

• Securing data used for AI training is the top-rated future investment priority (79.5%)
• Third-party governance tools that monitor agent actions for policy alignment top the planned investment list for the next 12 months; these capabilities are at the core of an emerging category Gartner has defined as the AI Agent Management Platform (AMP)
• 95.5% of organizations have taken one or more actions to mitigate AI agent security concerns in the past 12 months
• The percentage of organizations doing nothing to address security concerns has decreased from 8.3% in 2025 to 2.5% in 2026, a signal that inaction is no longer seen as an option

Critically, data security and privacy concerns are consistent across every form of enterprise AI–generative AI and AI agents alike—making the investment thesis durable regardless of how AI architectures evolve. As AI models grow more capable and autonomous, the governance gap does not shrink; it expands. Organizations that have not built enforceable data foundations or implemented comprehensive agent management platforms are not just behind: they are increasingly exposed.

The conclusion is consistent across three years of research: AI value is not constrained by model capability. It is constrained by whether organizations have built a trust layer: the data visibility, governance, and enforceable control required for AI outcomes to be trusted, audited, and corrected at scale.

Also Read: ​​AI systems – Interoperable AI systems: Connecting models across platforms