As AI adoption rises into everyday work, organisations have less visibility into what employees are using than they did a year ago, according to AvePoint‘s third annual State of AI Report.

“Nearly half of global employees are already relying on AI agents weekly or daily, and organisations are deploying agents faster than they are building the foundations required to trust them,” said Dr Tianyi Jiang (TJ), CEO and co-founder, AvePoint. “The constraint on enterprise AI is no longer model capability, but whether organisations have built a trust layer: the data visibility, governance, and enforceable control required to scale AI with confidence. Without it, speed of deployment becomes speed of exposure.”
AI visibility gaps
Titled “Scaling Trust, Control, and Readiness in the Agentic Era”, the report finds that the percentage of organisations unable to determine whether employees are using unsanctioned AI tools has nearly tripled, from 6.3% in 2025 to 17.6% in 2026.
The blind spot is higher for AI agents, with 21.1% of organisations unable to account for unsanctioned agent activity.
The report also found that more than 4 in 5 organisations are confident in their ability to prevent unauthorised access to AI-related data. However, around 72% of confident organisations still experienced an unauthorised access incident in the past 12 months.
Furthermore, 90% of organisations delayed agentic and generative AI deployments by nearly six months, mainly due to data security and governance concerns.

“Trust in AI cannot be measured by confidence alone,” said John Peluso, chief technology officer, AvePoint. “It requires operational foundations: visibility into what AI systems are doing, enforceable governance over the data they consume and create, and the ability to audit and correct outcomes when something goes wrong. This is what distinguishes a trust layer from a trust score.”
The study, conducted in partnership with Osterman Research, surveyed 750 enterprise leaders with direct responsibility for information management, data security, or AI programs across the Americas, EMEA, and APAC.











