SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Organisations lose sight of employee AI use, report finds

Organisations lose sight of employee AI use, report finds

Wed, 1st Jul 2026 (Today)
Joseph Gabriel Lagonsin
JOSEPH GABRIEL LAGONSIN News Editor

AvePoint has released its third annual State of AI report, which finds that many organisations have less visibility into employee AI use than they did a year ago.

Based on a survey of 750 enterprise leaders across the Americas, EMEA and APAC conducted with Osterman Research, the report points to rising use of both generative AI tools and AI agents in large organisations. It also suggests governance and data security controls are not keeping pace.

One of the clearest findings concerns unsanctioned use. The share of organisations unable to determine whether employees were using unapproved generative AI tools rose to 17.6% from 6.3% a year earlier. For AI agents, the figure was higher at 21.1%.

That loss of visibility is emerging as businesses bring AI into routine work. The research found 46.9% of employees now use AI agents daily or weekly, while the number of processes involving AI agents is expected to double over the next 12 months.

Security concerns

The findings also highlight a gap between confidence and outcomes. While 82.7% of respondents said they were very or extremely confident in their ability to prevent unauthorised data access linked to AI, many still reported incidents.

Among those who said they were very confident, 72% had experienced an AI-related unauthorised access incident in the previous 12 months. Among the extremely confident group, 62% reported the same. Across all respondents, 89.5% reported at least one generative AI-related security breach, while 88.4% reported at least one breach involving AI agents.

The data suggests organisations are struggling to turn policy into day-to-day control, especially as AI tools spread beyond central IT teams to wider employee use. The leading concern around AI agents was the risk of incorrect judgements or actions that damage data, followed by the possibility of agents bypassing human oversight.

Those concerns appear to be slowing roll-outs. Nearly 9 in 10 organisations delayed both generative AI and agentic AI projects by an average of almost six months, citing data security and governance issues as the main reason.

For companies trying to capture efficiency gains from automation, that creates a trade-off. Organisations expect AI agents to take on more than a quarter of human work within a year and nearly half within five years, yet reducing headcount ranked last among the reasons for adopting them.

Instead, respondents measured returns through reduced manual work, shorter process times and shifting staff to other tasks. The report links this to the emergence of AI FinOps, as organisations seek to tie spending on agents more directly to business outcomes.

Data growth

The governance challenge is being compounded by the volume of data AI systems are producing. The report found that 35.5% of enterprise data is now generated by AI assistants, and that share is expected to rise to 42.1% within 12 months.

At the same time, 84.1% of organisations said they manage at least one petabyte of data, up from 79.2% a year earlier. It also found that 78.1% said at least half of their data is more than five years old, compared with 70.7% previously.

That combination of old, redundant or low-quality data and fast-growing AI-generated content raises the risk that automated systems act on weak information at scale. The issue, the report argues, is no longer only whether companies allow staff to use AI, but whether they can track what those systems consume, produce and change.

Dr Tianyi Jiang, Chief Executive Officer and Co-Founder of AvePoint, set out that view in the report findings.

"Nearly half of global employees are already relying on AI agents weekly or daily, and organizations are deploying agents faster than they are building the foundations required to trust them," said Dr Jiang. "The constraint on enterprise AI is no longer model capability, but whether organizations have built a trust layer: the data visibility, governance, and enforceable control required to scale AI with confidence. Without it, speed of deployment becomes speed of exposure."

Investment shift

Despite the reported breaches and delays, the survey indicates organisations are still spending to address weaknesses. Securing data used for AI training ranked as the top future investment priority, cited by 79.5% of respondents.

Third-party governance tools that monitor agent actions for policy alignment also topped planned investment areas over the next 12 months. AvePoint linked that spending to the emergence of AI agent management platforms, intended to help organisations oversee how software agents act and what data they access.

Most respondents said they had already acted. The study found that 95.5% of organisations had taken at least one step in the previous year to address AI agent security concerns, while the share doing nothing fell to 2.5% from 8.3% a year earlier.

John Peluso, Chief Technology Officer of AvePoint, said the issue was operational rather than rhetorical.

"Trust in AI cannot be measured by confidence alone," said Peluso. "It requires operational foundations: visibility into what AI systems are doing, enforceable governance over the data they consume and create, and the ability to audit and correct outcomes when something goes wrong. This is what distinguishes a trust layer from a trust score."