85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.

Organizational leaders are nearly twice as likely to hide their AI use compared to all other employees, at 42% versus 23%, according to new Ivanti research surveying 3,900 employees across six countries. Among leaders who conceal that usage, 52% say they do it for a "secret advantage." The same research found 85% of IT professionals claim a named owner exists for every AI agent. Only 42% say ownership is actually clear — a 43-point gap that no governance framework was designed to close. Sam Evans, CISO of Clearwater Analytics, stood before his board and laid out the risk to the $8.8 trillion in assets his firm's platform supports. "The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don't manage," Evans told VentureBeat. He brought a solution, not just a problem. Many CISOs VentureBeat interviewed did not. Menlo Security CEO Bill Robbins relayed a conversation with a Top 3 U.S. bank CISO who called shadow AI discovery "a bit of a fool's errand": AI is embedded in every application and browser employees touch. The bank governs from containment, not discovery. The scale justifies that posture. "We see 50 new AI apps a day, and we've already cataloged over 12,000," Prompt Security CEO Itamar Golan told VentureBeat. "Around 40% of these default to training on any data you feed them, meaning your intellectual property can become part of their models." CrowdStrike has detected 1,800 AI applications operating across 160 million endpoint instances. Those are vendor-reported numbers from proprietary telemetry. No independent party can verify them. The directional signal matters more than the exact count. CrowdStrike CTO Elia Zaitsev described what makes the surface so hard to govern. "It looks indistinguishable if an agent runs your web browser versus if you run your browser," Zaitsev told VentureBeat at RSAC 2026. "Observing actual kinetic actions is a structured, solvable problem. Intent is not." The shadow AI surface is no longer a list security teams can maintain. It is an environment they have to assume. The Ivanti survey was administered independently by Ravn Research and MSI Advanced Customer Insights across 1,500 IT professionals. Among companies with AI policies, just 24% of employees say those policies are followed "very consistently" in day-to-day work. Kayne McGladrey, IEEE senior member, told VentureBeat why that governance gap persists. "Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn't affect the business, like a financial loss, then nobody's going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it," McGladrey told VentureBeat previously. Brokerage partners at major consulting firms shared over Signal that they build shadow AI applications in Google Colab and store them in S3 buckets to compress a week of financial analysis into an hour. The approval process takes too long, so they route around it. VB Transform · July 14–15 · Menlo Park · Agentic security & identity Your agents have email access, credit card access, and terminal access. What happens when they’re compromised? Sessions on agentic security cover prompt injection, sandboxing in regulated environments, and the trusted agent protocols Visa is testing against its own critical infrastructure. See the full agenda →Governance at deploy time, failure at runtime Reviews check functional requirements when a model ships, but they never check model provenance, behavioral drift, or whether the agent expanded its own permissions after launch. CrowdStrike CEO George Kurtz disclosed at RSA Conference 2026 that a Fortune 50 CEO's AI agent rewrote the company's security policy to expand its own autonomy. The company caught it by accident. Every credential check had passed. "In the agentic era, defending against AI-accelerated adversaries and securing AI systems themselves require operating at machine speed," Kurtz said. Quarterly governance reviews do not operate at machine speed. Mike Riemer, Field CISO at Ivanti, built that lesson into his own team's AI agent development. "It's great at what I intended it for, but it's also great at what I didn't intend it for, and what I didn't intend it for is dangerous," Riemer told VentureBeat. Hallucination data compounds the problem. Sixty-eight percent of IT professionals have personally witnessed AI generate hallucinations with potential operational impact, according to Ivanti. More than half caught the errors before damage, but 16% did not. Yet among the most advanced users of AI, 49% fully trust AI-generated outputs that influence IT decisions. Riemer described the pattern in an exclusive interview with VentureBeat. "There are people that are just accepting what's been given to them without any full understanding of what it is doing, which we've found in the tech industry for decades," Riemer said. "They don't question how it's doing it. They just start gauging it by its outcome." Qualtrics CSO Assaf Keren identified the core tension in an exclusive interview with VentureBeat. Organizations are introducing "non-deterministic decisioning into environments built for deterministic." Keren cited internal Qualtrics data showing that 22% of SOC triage is now AI-driven. No codified threshold separates what an agent can auto-execute from what requires a human in the loop. The 18-month window The window for fixing this is closing. IT organizations expect AI to automate 46% of their operations within 18 months, according to Ivanti. U.S. companies project 52%. Governance is already the most commonly cited barrier to faster deployment, ahead of skills, technology, and data challenges. The maturity divide makes the governance gap more dangerous. IT professionals at AI-mature organizations save six hours per week, double the three hours saved at the least mature level. Nearly 9 in 10 IT professionals at scaled organizations say AI frequently helps detect or resolve issues before employees are affected. At early experimentation organizations, that number drops to four in ten. Sixty-nine percent of scaled organizations report fully embedded governance, compared to 15% at early experimentation. Cisco President Jeetu Patel walked through a hypothetical scenario in an interview at RSAC 2026: an agent that charges $40,000, invites competitors to a Slack channel, and publishes home addresses. "The apology is not a guardrail," Patel told VentureBeat. Cato Networks VP of Threat Intelligence Etay Maor framed the accountability problem in a separate RSAC interview. "They're closer to humans. Why are we not doing background checks on agents?" "AI is compressing the time between intent and execution while turning enterprise AI systems into targets," CrowdStrike VP of Intelligence Operations Adam Meyers told VentureBeat. "Proceed on one action does not mean proceed on the next," Cisco SVP of AI Software and Platform DJ Sampath said in a separate interview. McGladrey described the root cause. Organizations default to cloning human user profiles for agents, and permission sprawl starts on day one. "It uses far more permissions than it should have, more than a human would, because of the speed of scale and intent," he said. Riemer's team built governance into Ivanti's own development process. "We have AI check on top of AI to make sure that it is fixed. Two different models, two different manufacturers," Riemer said. "If one AI believes the other AI fixed it appropriately, then it passes it off to a human being." Riemer put the vendor question in terms every CISO can use at the negotiating table. "If that vendor doesn't have a way to show you what they've done from a development perspective in order to improve their development processes, you really need to question why you're working with that vendor," he said. The six questions below target governance dimensions where enforcement collapses at runtime. CISOs can use them during Q3 vendor renewals to separate vendors shipping runtime enforcement from vendors shipping documentation. Six governance questions for Q3 renewals Governance dimension | What the data proved | Why governance misses it | Q3 renewal question | Proof artifact to demand | Executive shadow AI | Leaders hide AI at 42% vs. 23% all employees. 52% hide for "secret advantage." Regulated industries have the highest unsanctioned rates. | Governance assumes policy writers follow policy. Leaders sit above the controls they wrote. | Can your DLP, browser, SSE, and endpoint telemetry detect AI data movement at the executive layer with the same coverage as all other users? | Executive-layer DLP, browser, SSE, and endpoint telemetry logs showing identical coverage to all other users. | Named agent ownership | 85% claim a named owner. Only 42% say ownership is clear. 43-point gap. | Owner on a spreadsheet. Agent at runtime. Nobody tested whether the owner can kill the agent under load. | Can you name the owner for every AI agent? Can that owner revoke access in 60 seconds? | Live demo of 60-second agent access revocation under production load. | Pre-deployment review | 65% have pre-deployment risk review. Separately, only 24% say any AI policy is followed "very consistently." Review exists. Enforcement does not. | Review checks functional requirements at deploy. Never checks model provenance or behavioral drift at runtime. | Does your review cover model provenance? Is it enforced or advisory? | Model provenance certificate with enforcement log showing blocked deployments. | Policy enforcement | 58% have acceptable-use policies. 24% followed "very consistently." Documented. Not practiced. | Agent pursued its goal past every boundary. Goal-seeking does not stop at a document the model never reads. | Are policies enforced by server-side gates or by agent compli