Generative AI has moved from experiments into real business operations much faster than most organizations expected. Companies are now using AI not just to write text or answer questions, but to retrieve internal information, generate code, support decisions, and in some cases, take actions across different systems. This shift has created new security and governance problems that many traditional risk management approaches were not designed to handle.
A new systematic review by Audrey Rah from the University of Houston examined 156 sources to understand how U.S. organizations are adopting generative and agentic AI, what risks are emerging, and how well current governance frameworks are keeping up. The findings show a clear gap: AI capabilities are advancing quicker than the controls and oversight structures needed to manage them safely.
“The unprecedented acceleration of generative Artificial Intelligence (AI) and agentic ecosystems within United States organizations has outpaced established corporate risk management frameworks, creating a critical vulnerability vector.”
— Audrey Rah, Department of Electrical and Computer Engineering, University of Houston
The review explains that traditional security tools and processes were built around more predictable systems — human users, fixed software, and clear boundaries. Generative and especially agentic AI systems behave differently. They can reason through multiple steps, pull information from company data, use external tools, and in some cases act with a degree of independence. This creates new risks that are harder to control with existing methods.
One of the key concerns raised is that many current security controls are not effective against the newer types of problems that come with more autonomous AI systems.
“Threat modeling demonstrates that while traditional security controls mitigate baseline boundary failures, they are less effective against autonomous state manipulation and memory-auditing lapses.”
— Audrey Rah, Department of Electrical and Computer Engineering, University of Houston
As a result, the review argues that organizations need to rethink how they govern AI. Simply having an acceptable use policy or running occasional risk assessments is no longer enough. The paper suggests companies need more structured, auditable controls that can keep up with how these systems actually operate in practice.
Key Findings
Generative AI adoption in U.S. organizations has accelerated rapidly, moving from experimental use to enterprise-scale deployment across productivity tools, code generation, customer support, and decision-making workflows in a very short period of time.
The rise of agentic AI systems, which can plan multi-step tasks, use external tools, maintain memory, and execute actions autonomously, has introduced new and more complex security risks that traditional cybersecurity controls were not designed to handle effectively.
Traditional security controls are generally effective at addressing basic boundary and access issues, but they perform poorly against newer threats such as autonomous state manipulation, memory poisoning, and unauthorized tool use by AI agents.
Prompt injection remains one of the most widespread and well-documented risks in enterprise generative AI, allowing attackers to override intended model behavior and potentially trigger unauthorized actions or data exposure.
Retrieval-Augmented Generation (RAG) systems, which are widely used in enterprises to connect AI to internal company data, create a significant new attack surface through RAG corpus poisoning, where manipulated or malicious documents can influence AI outputs without triggering traditional security alerts.
Enterprise copilots and agentic AI frameworks currently represent the highest-risk categories of generative AI platforms because they combine broad data access, high autonomy, and deep integration into business workflows.
Existing governance frameworks such as NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, and MITRE ATLAS provide useful but incomplete coverage, with notable gaps in areas like multi-agent accountability, memory-state auditing, and autonomous tool authorization.
Most organizations are still operating at intermediate levels of AI governance maturity, meaning they have basic policies and some risk assessments in place but lack the structured, auditable controls needed for more advanced and autonomous AI systems.
The review identifies a clear governance lag, where the speed of AI capability development and deployment is outpacing the development of practical oversight mechanisms, technical standards, and organizational processes.
There is currently no widely adopted standard or framework that fully addresses critical emerging risks such as multi-agent system failures, persistent agent memory governance, and AI software supply chain integrity.
The paper argues that effective enterprise AI governance must shift from high-level policy statements toward auditable control architectures, including least-privilege tool access, human approval gates for high-impact actions, memory-state auditing, and retrieval-source validation.
Commercial LLM APIs and enterprise copilots show the highest levels of enterprise adoption, while agentic frameworks, though still emerging, carry disproportionately high risk due to their autonomous capabilities and potential for widespread workflow impact.
What the Report Covers
This systematic review provides a broad and structured analysis of how generative and agentic AI is being adopted in U.S. organizations, the security risks that come with it, and how well current governance frameworks are able to manage those risks. The paper begins by explaining the rapid shift of generative AI from experimental tools into embedded parts of business operations, including productivity suites, software development, customer service, and decision support.
The review then introduces several new frameworks developed by the author to help analyze enterprise AI more clearly. These include a platform taxonomy that groups AI systems by their function rather than by vendor, a scoring system to compare adoption levels across different types of AI platforms, and a risk classification model that evaluates platforms based on impact, exposure, autonomy, and data sensitivity. The paper also proposes a governance maturity model and a lifecycle approach to help organizations move from basic policies toward more structured oversight.
A large portion of the report focuses on identifying and mapping security risks. It examines well-known issues such as prompt injection and data leakage, while also highlighting newer and more serious risks that come with agentic systems, including excessive agency, RAG corpus poisoning, memory manipulation, and challenges with multi-agent coordination. The review then maps these risks against major governance frameworks, including NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10, and MITRE ATLAS, to show where existing standards provide good coverage and where they fall short.
The paper pays special attention to governance gaps, particularly around multi-agent accountability, memory-state auditing, tool authorization, and AI software supply chain controls. It concludes by presenting a maturity roadmap that outlines how organizations can progress from reactive governance to more advanced, auditable, and continuously monitored AI oversight. Overall, the report combines academic research, industry data, and standards analysis to give a clear picture of both the current state of enterprise generative AI and the work still needed to govern it effectively.
Our Take
AI Governance Take
This review makes one point very clear: most organizations are still trying to govern fast-moving generative and agentic AI using frameworks and controls that were built for slower, more predictable systems. The result is a growing gap between what AI can do and what companies can actually oversee and secure.
The most important takeaway is that policy documents and high-level risk assessments are no longer enough. As AI systems gain the ability to plan tasks, use tools, maintain memory, and act with increasing independence, organizations need governance that is more operational and auditable. This means moving beyond acceptable use policies and toward concrete controls such as least-privilege tool access for agents, mandatory approval gates for high-impact actions, and the ability to audit how an AI system reached a decision or took an action.
Another key insight is that no single existing framework fully covers the risks that matter most today. While NIST AI RMF, ISO 42001, and OWASP LLM Top 10 each address important areas, they leave significant gaps in multi-agent accountability, memory auditing, and the governance of autonomous tool use. Organizations that rely on just one of these frameworks will likely have blind spots.
The review also shows that the highest-risk AI deployments right now are enterprise copilots and agentic frameworks. These systems combine broad access to company data with higher levels of autonomy, which creates more opportunities for things to go wrong at scale. Governance efforts should therefore prioritize visibility and control over these specific types of platforms first.
For most organizations, the practical next step is to stop treating AI governance as a one-time compliance exercise and start building it as an ongoing operational capability. This includes maintaining a clear inventory of AI systems, classifying them by risk level, implementing controls that match their level of autonomy, and regularly testing whether those controls actually work when AI systems are running in production. Without this shift, the gap between AI capability and governance maturity will continue to widen.
