A new study from global consulting firm Protiviti highlights a critical lack of oversight as artificial intelligence becomes deeply embedded in core business operations. According to the fourth Protiviti AI Pulse Survey, titled "No Visibility, No Confidence," nearly half of large organizations cannot fully track how their employees are using AI tools. This visibility gap is creating significant hurdles for C-suite executives and IT leaders attempting to manage cybersecurity, operational risk, and corporate governance in an increasingly automated marketplace.
47% of large organizations lack full visibility into employee AI tool usage.
65% of organizations report challenges with "shadow AI" deployed without oversight.
Only 40% of organizations have implemented a formal AI governance framework.
45% of IT leaders see AI as a significant cyber risk, versus 30% of executives.
One in three large organizations still operates without a formal AI oversight structure.
Governance frameworks are linked to higher confidence in managing AI-driven threats.
The survey identifies a widening disparity between the speed of AI adoption and the ability of organizations to govern these systems. A primary concern is "shadow AI"—the unauthorized use of AI tools by employees—which affects 65% of the surveyed organizations. This lack of centralized control makes it difficult to secure systems and build trust in AI-generated outcomes. Even in well-resourced large organizations, one-third lack a formal framework, suggesting that investment alone is insufficient without a structured approach to accountability and transparency.
Protiviti’s research underscores a perception gap regarding the severity of AI-related risks. IT leaders, who interact more closely with day-to-day operations and third-party vendor platforms, are significantly more concerned about cybersecurity than board members and executives. This disconnect often leads to blind spots in an organization's defense strategy, potentially delaying the investment in necessary controls and slowing the response to emerging AI-driven threats.
As organizations transition from experimentation to using AI in critical financial and customer-facing processes, the need for scalable monitoring and continuous oversight becomes vital. Experts suggest that organizations must move beyond static policies and toward dynamic, continuous monitoring of AI tools and third-party ecosystems. Early investment in transparency and governance is positioned as a competitive advantage, enabling firms to scale AI securely while maintaining long-term resilience and value.
"Organizations can't manage what they can't see. As AI becomes more deeply embedded across the enterprise, leaders are often making decisions based on an incomplete picture. That lack of visibility makes it significantly harder to secure systems, enforce governance and build trust in AI-enabled outcomes." — Sameer Ansari, Global Lead, CISO Solutions at Protiviti
"As AI extends deeper into business processes and third‑party ecosystems, organizations need to revisit and strengthen controls. Those that invest early in governance, transparency and accountability will be far better positioned to scale AI securely." — Sameer Ansari, Global Lead, CISO Solutions at Protiviti
About Protiviti
Protiviti is a global consulting firm that helps clients transform and protect their businesses, and respond to planned and unexpected events. Through a network of more than 90 offices in over 25 countries, Protiviti delivers expertise across technology, artificial intelligence, data, risk, and internal audit, enabling organizations to accelerate innovation and navigate emerging risks.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.