Market Insights

Companies Keep Raising AI Budgets. Only a Third Report Sustained Returns.

Accenture's latest survey finds that 86% of executives plan to raise AI spending this year, while only 32% report sustained, enterprise-wide impact from what they have already bought. Security exposure and untracked internal usage account for much of the shortfall.

Updated on July 08, 2026
Companies Keep Raising AI Budgets. Only a Third Report Sustained Returns.

Accenture's latest Pulse of Change survey, which polled 3,650 executives, found that 86% of C-suite leaders plan to increase their AI spending in 2026. Only 32% said their organizations have reached sustained, enterprise-wide impact from the AI they have already deployed. The same survey found that 78% expect AI to drive revenue growth, yet just 21% have redesigned a core business process around it, and fewer than one in ten have changed the roles of the people who do that work. Spending is running well ahead of the operational changes that would turn it into a return anyone can measure.

Tom Bruss, a managing director at Accenture, described the problem at ServiceNow's Knowledge 2026 conference in a line reported by Forbes contributor Melody Brue:

If you're just applying AI to an inefficient process, you're automating inefficiency.

Tom Bruss, Managing Director, Accenture

The reasons companies struggle to show a return sit mostly outside the models themselves. Two of them stand out. The first is a class of security exposure that most corporate defenses were never built to detect. The second is that a large share of the AI already doing work inside these companies is invisible to the people who have to account for it.

When The Money Goes Out, The Work Becomes Hard to Trace

A return on software is only visible if someone can measure what the software did. For a growing share of enterprise AI, no one can. Some of that is a security problem, because AI systems have themselves become a target that conventional tools do not watch. Some of it is an accounting problem, because much of the AI performing real work never appears in the systems that record spending and output. Both leave the same hole. Work gets done, and the company cannot say by what, at what cost, or to what effect.

Prompt injection turns ordinary text into an attack.

CrowdStrike's 2026 Global Threat Report, published in February, described prompts as the new malware and documented attacks at more than 90 organizations during 2025, where intruders fed malicious instructions into generative AI tools to steal credentials and cryptocurrency. The firm recorded an 89% year-over-year rise in activity from AI-enabled attackers and found that 82% of intrusions involved no traditional malicious code at all. Prompt injection sits at the top of the OWASP list of security risks for large language model applications, because the models cannot reliably separate a developer's instructions from the text they read while doing their work. A customer-service agent reads a poisoned document, or an internal assistant opens a booby-trapped email, and it follows the buried instruction instead of company policy.

Adam Meyers, who runs Counter Adversary Operations at CrowdStrike, described how much the timeline has changed:

Adversaries are moving from initial access to lateral movement in minutes. AI is compressing the time between intent and execution while turning enterprise AI systems into targets.

Adam Meyers, Head of Counter Adversary Operations, CrowdStrike

Defenses have lagged, though the size of that gap is easy to overstate. A VentureBeat survey of 100 technical decision-makers, published in December 2025, found that only 34.7% had deployed dedicated prompt-injection defenses. The remaining 65.3% had either not bought such tools or could not confirm whether their organization had. That figure captures uncertainty as much as absence, and the sample is small, so it reads better as a signal than a precise measurement. OpenAI has said publicly that prompt injection is unlikely to ever be fully solved, which sets a ceiling on how much of this problem any buyer can expect a vendor to remove.

Much of the AI doing real work is invisible on the books.

A report from the software firm Lanai, covered by Forbes contributor Guney Yildiz in June, found that 53% of executives believe most automated work in their companies already runs through applications no one is monitoring. The measurement figures are sharper. Lanai reported that while 92% of technology executives watch AI-generated work in some form, only 2% formally record even half of it as a business outcome. Ninety percent of the organizations surveyed had no dedicated function for measuring AI's return, and 79% worried about budget cuts precisely because they could not prove the value of what they had already spent. Credit for AI-assisted work usually goes to a person. The report found that 87% of such output is booked as human work alone, which leaves the software's contribution out of every performance number that matters.

A company that cannot see what its AI is doing has no honest way to report a return on it, and no real basis for deciding whether to spend more.

A Visibility Problem Pretends to be a Productivity Problem

The gap between spending and return is usually filed as a productivity question. It reads more accurately as a governance one. The four control layers that a mature AI program depends on each break in the same place once a company loses sight of its own systems.

  1. Governance, the layer of named ownership and accountability, fails first. When 90% of firms have no function that measures AI's return, what the Lanai data describes is an accountability vacuum, with no one whose job is to answer for what the systems produce.

  1. Security fails next, in the way CrowdStrike documented, because an attack surface made of text does not respond to tools built for networks and endpoints.

  2. Compliance fails because work that never enters a system of record cannot be shown to an examiner, and the obligations attached to AI use are already in force in several jurisdictions.

  3. Monitoring fails last and most quietly, because a company that has never inventoried the AI running across its cloud accounts, its software-as-a-service tools, and its employees' browsers has no complete picture to monitor.

Return is what those four layers produce when they operate together. A company that has not built them will not generate a number it can trust, whatever it spends on the models sitting above them.

Sustained return is the output of governance, security, compliance, and monitoring doing their jobs at once. The 32% figure is what the market looks like before most companies have built any of them.

What's Still Missing

A category of software has appeared to close the measurement gap, promising to track AI adoption and output across an enterprise, including the tools employees bring in on their own. The category is early, and it shows. Vendors disagree on what the product even is. Some are genuine adoption-measurement companies. Others are security or observability firms extending an existing product into new territory and relabeling it. A buyer cannot assume that two platforms described with the same words will do the same job, and the marketing has run well ahead of any settled standard for what good measurement looks like.

There is a deeper limit. Measurement on its own does not create accountability. A dashboard that shows what every agent did last week is useful, and it still assigns no one the duty to act on what it shows. Lanai's own proposed answer, a Chief Intelligence Officer with authority over how AI is used across the business, points at where the real shortage sits. Companies can already see more than they are empowered to act on. The authority to standardize AI use and to move budget off failed pilots tends to rest with no one in particular. Until a named person owns the return, better instrumentation mostly produces better-documented failure.

Our Take

AI ROI Take

The companies that will be able to defend their AI spending a year from now are the ones building the accounting for it today. That work starts with an inventory. A firm that cannot list the AI systems running across its cloud accounts, its software subscriptions, and its employees' browsers should treat that census as the first project, cross-checked against network logs and expense records rather than against a survey of what people admit to using.

From there, the measurement of AI's contribution belongs inside the governance program, with an owner who has the authority to act on what it shows, rather than parked in an IT or finance spreadsheet that no one is accountable for. Vendor contracts deserve the same scrutiny. A team evaluating an AI tool should ask how it behaves in the unusual, low-frequency cases where automated judgment tends to fail, and should require documentation of that behavior instead of a single headline accuracy figure. None of this is exotic, and none of it waits on a new platform. It waits on a decision, before the next budget cycle, about who answers for the return.

Related Articles

74% of AI’s Economic Value Is Being Captured by Just 20% of Companies — Here’s What Separates the Leaders Market Insights

Apr 13, 2026

74% of AI’s Economic Value Is Being Captured by Just 20% of Companies — Here’s What Separates the Leaders

Read More
Crowdstrike Securing The Era Of Enterprise Agentic AI Market Insights

Apr 17, 2026

Crowdstrike Securing The Era Of Enterprise Agentic AI

Read More
The GAIG Weekly — Issue #001 — May 4, 2026 Market Insights

May 3, 2026

The GAIG Weekly — Issue #001 — May 4, 2026

Read More

Stay ahead of Industry Trends with our Newsletter

Get expert insights, regulatory updates, and best practices delivered to your inbox