Thoropass Releases 2026 State of Audit And Compliance Report: AI Emerges as the Top Compliance and Audit Risk

Thoropass released its 2026 State of Audit and Compliance Report, revealing that AI adoption has rapidly become the most significant new source of IT security compliance risk. Almost 7 in 10 security and compliance leaders say AI adoption is outpacing their security and compliance controls, signaling a growing governance gap.

Also Read: AiThority Interview with Glenn Jocher, Founder & CEO, Ultralytics

Most organizations are losing the race to control the use of corporate and personal AI solutions in the workplace, increasing the “governance gap”. AI-related concerns now eclipse traditional security threats in both perceived likelihood and impact.

The report, based on a survey of more than 500 security, IT, and compliance professionals, shows that while compliance programs are more mature than ever, they are under increasing strain from multi-framework audits, evidence management overhead, and the fast rise of AI-related risk.

“AI has moved faster than governance,” said Sam Li, CEO of Thoropass. “Most organizations didn’t plan for how quickly employees and teams would adopt AI tools, and compliance programs are now racing to catch up. What we’re seeing is a widening gap between innovation and oversight.”

AI is becoming integral not just to organizations’ technology stacks, but to how companies operate. That same technology can and should be used to help organizations run smoother, more efficient audits, empowering them to eliminate manual effort, improve evidence quality, and give teams confidence as audit expectations evolve.”

Key findings from the research include:

AI Has Become the Leading Compliance Risk

AI-related concerns now eclipse traditional security threats in both perceived likelihood and potential regulatory impact:

• 69% of respondents stated that adoption of AI tools in the organization is outpacing their ability the security and compliance controls
• 55% say that AI-related data exposure or misuse as their top breach concern – a higher rate than ransomware, IAM failures, or cloud misconfigurations
• 57% believe AI-related incidents are the most likely to trigger regulatory action or customer fallout in 2026
• Only 18% say they are not concerned about AI-related compliance risk

Compliance Maturity Is High, but Audit Friction Persists

Even as organizations report mature compliance programs, operational inefficiencies remain widespread:

• Challenges related to collecting evidence across multiple tools is the most common bottleneck in the audit process, cited by 53% of respondents
• 91% say they must resubmit audit evidence at least sometimes due to miscommunication or shifting auditor expectations
• The top compliance challenges are managing multiple frameworks and keeping evidence continuously audit-ready

The report finds that compliance is increasingly viewed as an ongoing risk management function – driven by security posture, insurance requirements, and customer trust – rather than a once-a-year certification exercise.

“The audit model itself is changing. Organizations don’t just need more controls — they need audits that operate continuously and keep pace with how modern systems actually work. The future of audit is less manual collection and more real-time assurance,” continued Li.

Also Read: ​​The Infrastructure War Behind the AI Boom

[To share your insights with us, please write to psen@itechseries.com]