Governance Research

88% of Organizations Running AI Agents Were Breached in the Past Year

AvePoint and Osterman Research surveyed 750 enterprise leaders across financial services, healthcare, and government to measure how organizations are actually deploying AI agents and generative AI tools. The results are specific and uncomfortable. Deployment is accelerating, governance is stalling, and the gap between what enterprises believe they can control and what is actually happening inside their environments is measurable and growing.

Updated on July 01, 2026
88% of Organizations Running AI Agents Were Breached in the Past Year

AvePoint published its annual State of AI research on July 1, conducted in partnership with Osterman Research across 750 respondents with direct responsibility for information management, data security, or AI programs at their organizations. The survey covered three industries — financial services, healthcare, and government — split roughly equally across the Americas, EMEA, and APAC, and across three organization size bands ranging from 50 employees to more than 5,000. The sample is global, the industries are among the most regulated in the world, and the results are worse than most AI governance conversations acknowledge.

The report's central finding is that enterprise AI adoption is gated by readiness, where readiness means the ability to govern, observe, and control AI-driven activity so deployment scales without also scaling risk. By that definition, most organizations are deploying AI without being ready for it. Deployments are being delayed by an average of nearly six months — and those delays are caused by unresolved governance and data security concerns, not by lack of interest in the technology. At the same time, organizations that have deployed are experiencing security incidents at rates that contradict the confidence they express in their own controls.

Osterman Research CEO Michael Osterman described the data pattern directly in the report's methodology section: the research shows a consistent pattern where AI adoption is scaling faster than enterprise governance, visibility, and operational control. The numbers behind that summary are the reason this report belongs in front of every CISO and governance program manager who has been asked to sign off on AI agent deployments in 2026.

88.4% Organizations that experienced at least one security breach due to AI agents in the past 12 months.

89.5% Organizations that experienced at least one generative AI security breach. Up from 75.1% in 2025.

35.5% Share of enterprise data currently created by AI. Projected to reach 42.1% within 12 months.

5.92 mo Average delay organizations imposed on AI agent deployments due to data security and governance concerns.

Key Findings

  • High confidence is not preventing security incidents. Among organizations reporting the highest level of confidence in their ability to prevent unauthorized data access, 62% still experienced at least one AI-related unauthorized access incident in the past year. Among those reporting "very confident," that figure rises to 72%. More than four in five respondents describe themselves as very or extremely confident in their ability to prevent unauthorized access, which is up from 75.5% in 2025. Confidence is climbing while incident rates remain widespread. The report identifies this as the most consequential finding in the data.

  • 88.4% of organizations running AI agents experienced at least one security breach in the past 12 months. Data leakage was the most common incident type, affecting 50.1% of respondents, where AI agents improperly exposed or retained sensitive or confidential data including PII, internal strategy documents, regulated data, or policy violations. Manipulation of agents by malicious or untrusted inputs — including prompt injection, malicious documents, and unverified external data — was the second most common incident, affecting 49.6% of respondents.

  • 89.5% of organizations experienced at least one generative AI security breach over the previous 12 months, up from 75.1% in 2025. AI-generated content with integrity risks — inaccurate, untrustworthy, or altered content — was the most common incident at 40.1%. Prompt injection attacks that bypassed security guardrails affected 39.6% of respondents. AI chatbot-to-chatbot data exposure affected 38.3%. The year-over-year increase in reported incidents coincides with a period in which most organizations report increasing confidence in their security posture, producing the paradox the report names as its central finding.

  • Agent observability is collapsing as autonomous deployment expands. Up to one in five organizations reported they do not know whether employees are using unsanctioned AI tools — a figure that has nearly tripled since 2025 for generative AI, rising from 6.3% to 17.6%, and is even higher for AI agents at 21.1%. Organizations that cannot see unsanctioned usage cannot enforce policy, audit exposure, or correct risky behavior before incidents occur. The report frames this visibility loss as a measurable governance failure rather than a temporary blind spot.

  • 86% of organizations delayed AI agent deployments by an average of 5.92 months, driven by data security and governance concerns. The delay curve for AI agents is nearly identical to the delay curve for generative AI assistants, where 86.9% of organizations delayed deployment by an average of 5.88 months. The report concludes that the constraint on enterprise AI deployment is not the technology or the interest level. It is governance and operational readiness. The near-identical patterns across both technology types reinforce that these delays are structural.

  • 35.5% of enterprise data is now created by AI systems, and respondents expect that share to reach 42.1% within 12 months. This AI-generated data behaves differently from human-created records. Unlike human content, AI outputs lack clear lineage, carry inherent uncertainty, and can be reused as input to other AI systems. Inaccurate or outdated AI-generated content gets amplified rather than contained when agents act on it autonomously, shifting the risk from poor outputs to poor decisions executed at speed and scale.

  • 46.9% of employees already rely on AI agents daily or weekly to complete work tasks. Work processes that incorporate AI agents are expected to nearly double within 12 months, rising from 39.1% of processes today to a projected 54.8% in 12 months, compared to 26.6% a year ago. Organizations are deploying agents into critical workflows well ahead of the governance maturity those deployments require.

  • The reasons organizations are using AI agents rank efficiency and employee amplification far above headcount reduction. Increasing process efficiency was rated very or extremely important by 85.5% of respondents. Freeing employees for strategic work was rated highly by 81.7%. Reducing headcount ranked last at 68.8%. The ROI framing the report documents is shifting toward work displaced, accelerated, or augmented rather than toward headcount eliminated, with the report identifying agent run cost versus the manual cost replaced as where the real ROI conversation lives.

  • 62.4% of organizations plan to increase investment in third-party governance tools that monitor AI agent actions for policy alignment over the next 12 months. This investment category ranked first on the planned spending list, above data security tools (55.7%), cost management tools (52.4%), and analytics tools (50.3%). The report identifies this investment pattern as an early operational signal of adoption of the AI Agent Management Platform category that Gartner has projected will receive more than $15 billion in enterprise investment by 2029.

  • Organizations expect AI agents to replace 26.7% of human work within 12 months and 49.7% within five years. At the same time, Gartner's projection cited in the report states that the average Fortune 500 enterprise will manage 150,000 AI agents by 2028. Those two figures together describe an environment where the governance surface area is expanding at a rate that current programs were not designed to handle.

  • 86.3% of organizations require a return on AI investments within 12 months, up from 81.9% in 2025. The percentage of organizations willing to wait longer than a year for AI returns fell from 18.1% to 13.7%. This compression of the ROI timeline is happening while governance programs are still working through foundational questions about inventory, access control, and audit infrastructure.

  • More organizations are canceling generative AI rollouts rather than accepting unresolved security risks. The share of organizations that canceled generative AI assistant deployments due to security concerns rose from 31.7% in 2025 to 40.7% in 2026, a 28.1% increase. The share doing nothing to mitigate security concerns fell from 8.3% to 2.5%. Organizations are acknowledging that deploying AI without resolved governance foundations produces incidents they cannot absorb.

What the Report Covers

The report covers AI agent deployments and generative AI assistant usage across three major sections, each tracking implementation status, current issues, identified concerns, rollout timeframes, and security incident frequency. Expert perspectives from three AvePoint executives are woven through each section, providing practitioner context for the survey data. The report concludes with investment intentions for the next 12 months and a conclusion framing readiness as the primary determinant of enterprise AI outcomes.

Sections covered

  • Section 1 — The State of Enterprise AI: Implementation status across six technology categories including AI agents, generative AI, machine learning, predictive analytics, robotics and automation, and virtual representatives. Across every category, maturity trails importance by a consistent margin. AI agents show the widest gap between how important organizations rate the technology and how mature they are in using it. The section also covers data quality and lifecycle governance, documenting the rise of AI-generated enterprise data and the governance implications of training AI on AI-produced content.

  • Section 2 — AI Agents: The most detailed section of the report. Covers implementation status and access to sanctioned and unsanctioned agent-building tools, the six primary use cases organizations are prioritizing, deployment issues and delay timeframes, concerns about unpredictable agent behavior, the reasons organizations run pilot programs before full deployment, actions taken to mitigate security concerns, investment plans for governance and security tooling, and the frequency distribution of seven distinct categories of agent-related security breach over the past 12 months.

  • Section 3 — Generative AI: Tracks usage patterns across sanctioned and unsanctioned generative AI tools, comparing 2025 and 2026 data at the cadence level. Documents the year-over-year increase in concerns across all seven tracked concern categories, the rising rate of deployment delays and cancellations, and the frequency of eight specific types of generative AI security breach. Establishes that generative AI governance failures are compounding into the agentic environment rather than being resolved before agents were introduced.

  • Expert perspectives: Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint, on why data readiness is now AI readiness and why AI governance failures propagate at machine speed when agents act on poor data. John Peluso, CTO at AvePoint, on why AI trust is a control problem rather than a model problem, and why organizations that close the confidence-incident gap build readiness foundations that scale with AI. Dr. Tianyi Jiang, CEO and Co-Founder of AvePoint, on why AI agents rewrite the enterprise risk equation by shifting the primary risk from flawed outputs to flawed autonomous actions.

  • Investment data: The report closes with 12-month investment intentions across governance tools, data security tools, cost management tools, and analytics tools for both AI agents and generative AI. Third-party governance tools that monitor agent actions for policy alignment top the planned investment list on the agentic side, and third-party governance tools that assess generative AI output for accuracy and alignment with data governance policies top the list on the generative side.

"AI agents completely rewrite the enterprise risk equation. Because agents can execute autonomously, the risk shifts from flawed outputs to flawed actions. Controls built for human judgment break down when decisions are made continuously and executed at machine speed."

Dr. Tianyi Jiang, CEO and Co-Founder, AvePoint, State of AI 2026

"Trust in AI is increasingly a control problem rather than a model problem. As AI becomes embedded in workflows, the key question is not only whether users are trained or whether a policy exists, but whether organizations can reliably control what AI can access, audit what AI did, and remediate outcomes when something goes wrong."

John Peluso, Chief Technology Officer, AvePoint, State of AI 2026

Our Take

The AI Governance Take

GAIG has been tracking the governance readiness argument across every major research publication this year. The Gartner MQ established the product category. The Chartis quadrant documented who built the deepest governance capabilities and why. The Gartner workforce costs research showed that organizations making AI workforce decisions without measurement infrastructure are flying blind. The $234 billion SaaS displacement research showed that agents are about to absorb workflows that current governance programs were never designed to handle.

AvePoint's data is the operational picture underneath all of those strategic arguments. 750 enterprise practitioners across heavily regulated industries told Osterman Research what is actually happening inside their organizations in 2026. What they reported is that 88.4% of them experienced an agent-related security breach in the past year, 62% of the most confident organizations also experienced unauthorized access incidents, and one in five of them don't know whether their employees are using unsanctioned AI tools. Those aren't predictions or projections. They are documented outcomes from organizations that have been deploying AI for long enough to generate a 12-month incident record.

The AvePoint report's own conclusion is the right summary: readiness, not models, will decide who wins with AI. The organizations that realize sustained value from AI will be defined by whether they built the governance foundations that persist across technology shifts, not by which models they chose to deploy. The data in this report describes in specific percentages what the cost of skipping those foundations looks like in practice. The 88.4% is the number.

Related Articles

The State of AI in the Enterprise A Deloitte report Governance Research

Mar 3, 2026

The State of AI in the Enterprise A Deloitte report

Read More
ValidMind Publishes Governing Agentic AI in Financial Services Governance Research

Mar 30, 2026

ValidMind Publishes Governing Agentic AI in Financial Services

Read More
MIND and CISO ExecNet Research Report: Data Trust Is the Decisive Factor in AI Success Governance Research

Apr 9, 2026

MIND and CISO ExecNet Research Report: Data Trust Is the Decisive Factor in AI Success

Read More

Stay ahead of Industry Trends with our Newsletter

Get expert insights, regulatory updates, and best practices delivered to your inbox