top of page
Search

AI Adoption Outpaces Governance as Shadow Identity Risks Grow

  • Dec 2, 2025
  • 2 min read

Key Findings


  • 83% of organizations use AI in daily operations

  • Only 13% have strong visibility into how AI systems handle sensitive data

  • AI increasingly behaves as an ungoverned identity, with a non-human user that reads faster, accesses more, and operates continuously

  • 67% have caught AI tools over-accessing sensitive information

  • 23% admit they have no controls for AI prompts or outputs


Background


The report, produced by Cybersecurity Insiders with research support from Cyera Research Labs, reflects responses from 921 cybersecurity and IT professionals across industries and organization sizes. It highlights the rapid adoption of AI in enterprises, coupled with a concerning lack of governance and visibility over these systems.


AI as a Shadow Identity


The data shows that AI is increasingly behaving as an ungoverned identity within enterprises - a non-human user that can read faster, access more data, and operate continuously. Yet most organizations still use human-centric identity models that break down at machine speed, leading to issues such as:


  • Two-thirds of respondents have caught AI tools over-accessing sensitive information

  • 23% admit they have no controls in place for monitoring AI prompts or outputs


Autonomous AI Agents: The Biggest Risk


Autonomous AI agents stand out as the most exposed frontier, with:


  • 76% of respondents saying these agents are the hardest systems to secure

  • 57% lacking the ability to block risky AI actions in real time


Visibility and Governance Challenges


The report highlights significant visibility and governance challenges:


  • Nearly half of respondents report no visibility into AI usage, and another third have only minimal insight

  • Only 7% of organizations have a dedicated AI governance team

  • Just 11% feel prepared to meet emerging regulatory requirements on AI


The Path Forward


The report calls for a shift toward data-centric AI oversight, including:


  • Continuous discovery of AI use across the enterprise

  • Real-time monitoring of AI prompts and outputs

  • Identity policies that treat AI as a distinct actor with narrowly scoped access based on data sensitivity


As Holger Schulze of Cybersecurity Insiders states, "AI is no longer just another tool - it's acting as a new identity inside the enterprise, one that never sleeps and often ignores boundaries. Without visibility and robust governance, enterprises will keep finding their data in places it was never meant to be."


The full 2025 State of AI Data Security Report is available for download at: [https://www.cybersecurity-insiders.com/portfolio/2025-state-of-ai-data-security-report-cyera/](https://www.cybersecurity-insiders.com/portfolio/2025-state-of-ai-data-security-report-cyera/)


Sources


  • https://hackread.com/ai-adoption-surges-while-governance-lags-report-warns-of-growing-shadow-identity-risk/

  • https://securityonline.info/ai-adoption-surges-while-governance-lags-report-warns-of-growing-shadow-identity-risk/

  • https://unsafe.sh/go-378915.html

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page