Nearly Half of Large Enterprises Lack Full Visibility Into AI Use by Employees, According to New Protiviti AI Pulse Survey AI blind spots are increasing cybersecurity, operational and third party risk as adoption acceleratesMENLO PARK, Calif. – May 6, 2026 – As artificial intelligence becomes embedded across core business functions, many organisations still lack a clear understanding of how and where AI is being used across their enterprises. According to new research from global consulting firm Protiviti, nearly half (47%) of large organisations report they do not have full visibility into employee AI tool usage, creating growing challenges related to cybersecurity, governance and operational risk.The findings come from the fourth Protiviti AI Pulse Survey, titled “No Visibility, No Confidence, which examines how C suite executives, board members and IT leaders are managing AI adoption, oversight and risk as usage expands across the enterprise and into third party platforms.AI Adoption Is Outpacing Oversight and GovernanceThe survey reveals a widening gap between the pace of AI adoption and organisations’ ability to govern it effectively:47% of large organisations lack full visibility into AI tools used by employees.65% report challenges with “shadow AI,” where systems are deployed or used without proper oversight.Only four in 10 organisations have a formal AI governance framework in place. Even among large organisations, one in three lack a formal framework, underscoring that resources alone do not guarantee effective oversight. According to the survey, organisations that have a formal AI governance framework in place report:Greater visibility into AI usageHigher confidence in managing AI-related riskStronger recognition of AI-driven cyber and operational threats at the executive level“Organisations can’t manage what they can’t see,” said Sameer Ansari, Global Lead, CISO Solutions at Protiviti. “As AI becomes more deeply embedded across the enterprise, leaders are often making decisions based on an incomplete picture. That lack of visibility makes it significantly harder to secure systems, enforce governance and build trust in AI-enabled outcomes.”Visibility Gaps Expose Organisations to Higher Cyber and Operational RiskThe research also highlights a disconnect between executive leadership and IT teams when it comes to assessing AI-related risk:Close to half of IT leaders (45%) believe AI has increased cyber risk significantly, versus fewer than one in three (30%) executives and board members.IT teams, which are closer to day to day AI usage, are more likely to identify gaps that extend beyond internal systems to include vendor platforms, embedded AI tools and third party services. These blind spots can delay decision making, slow investment in controls and limit an organisation’s ability to respond quickly to emerging AI-driven threats.As AI Scales, Visibility and Control Must Scale with ItAs organisations move beyond early experimentation and their use of AI more significantly impacts customers, financial processes, and other critical elements of the business, the importance of scalable governance, accountability and continuous AI tool monitoring grows.“As AI extends deeper into business processes and third party ecosystems, organisations need to revisit and strengthen controls,” Ansari said. “Those that invest early in governance, transparency and accountability will be far better positioned to scale AI securely, respond to threats and sustain long term value.”MethodologyThe Protiviti AI Pulse Survey was conducted in February 2026 and includes responses from approximately 345 C suite executives, board members and IT leaders across global organisations. The survey, the fourth in an ongoing series of surveys designed to assess the ever-evolving AI landscape, looks at how businesses are addressing AI-related cybersecurity, governance and resilience challenges.Protiviti has also published an AI Governance FAQ guide. It provides practical, cross-functional perspectives on the governance of AI systems and data, while also addressing broader implications across compliance, cybersecurity, finance, people and culture, customer experience, operations, internal audit and board oversight. About ProtivitiProtiviti (www.protiviti.com) is a global consulting firm that helps clients transform and protect their businesses, and respond to planned and unexpected events. Through a network of more than 90 offices in over 25 countries, Protiviti and its independent and locally owned member firms deliver deep expertise and tailored capabilities across technology, artificial intelligence, data, operations, finance, legal, compliance, HR, marketing, digital, risk, and internal audit—enabling organisations to accelerate innovation, navigate risks and safeguard what matters most.Named to the Fortune 100 Best Companies to Work For® list since 2015, Protiviti Inc. has served more than 80 percent of Fortune 100 and nearly 80 percent of Fortune 500 companies. The firm also works with government agencies and smaller, growing companies, including those looking to go public. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI).
