In early 2026, hyperscaler capital expenditure commitments locked in memory allocation priorities — and conventional DRAM supply began its steepest collapse in a decade. The problem isn’t cyclical. It’s structural. AI needs a specialised form of memory called HBM (high-bandwidth memory), and making it cannibalises the supply of the DRAM that goes into everything else — your PCs, your smartphones, your enterprise servers.
Here’s the ratio you need to know: every HBM stack eats roughly three times the silicon wafer capacity of conventional DRAM. As IDC put it: “every wafer allocated to an HBM stack for an Nvidia GPU is a wafer denied to the LPDDR5X module of a mid-range smartphone or the SSD of a consumer laptop.” Three manufacturers control virtually all global memory production. They’ve all made the same allocation decision.
This article traces the full causality chain: from LLM architecture through fab economics to why your next hardware refresh costs more. If you want the full scope of the AI memory shortage, we’ve put together a broader overview.
Large language models are memory-bandwidth-limited. Not compute-limited — memory-bandwidth-limited. That distinction matters because it changes what you need to throw money at to make AI work.
The “memory wall” is the point where GPU compute throughput outpaces how fast data can be transferred from memory. Your GPU sits there ready to go, but data can’t reach it fast enough. Micron’s Sumit Sadana put it plainly: “the processor spends more time just twiddling its thumbs, waiting for data.”
Think of it as a motorway feeding into a single-lane road. You can add as many lanes to the motorway as you want — more GPUs, faster GPUs — but if the road into town stays one lane wide, traffic doesn’t move any faster.
This is why LLMs changed the game. Earlier AI architectures like CNNs were compute-hungry but didn’t ask that much of memory. LLMs load billions of parameters, attention weights, and intermediate states, and they need a sustained high-bandwidth data flow to keep it all moving. AI systems have evolved from large-model training to systems that combine inference, memory, and decision-making, and that evolution has pushed memory demand well past what anyone planned for.
Conventional DDR5 DRAM delivers roughly 50–60 GB/s of bandwidth per channel. HBM delivers 1–2 TB/s. That’s a 20–40x gap. You’re not bridging that with incremental improvements. HBM isn’t optional for AI at scale. It’s architecturally mandatory.
HBM takes multiple thinned-down DRAM dies — currently 8 to 12, moving to 16 — stacks them vertically, connects them with thousands of microscopic through-silicon vias (TSVs), and mounts the whole stack right next to the GPU inside the same package.
The stacking is what delivers the bandwidth. Data flows through thousands of parallel vertical connections simultaneously rather than through a narrow external bus. It works. But it comes at a cost that’s reshaping the entire memory market.
Here’s the ratio that matters most. Micron’s Sumit Sadana confirmed it: “As we increase HBM supply, it leaves less memory left over for the non-HBM portion of the market, because of this three-to-one basis.” A 12-die HBM stack uses 12 wafers’ worth of DRAM dies to produce one memory unit, compared to a single die for a conventional module. Every wafer that goes to HBM is a wafer denied to DDR5, LPDDR5X, and everything else.
Samsung, SK Hynix, and Micron are all doing the same maths. HBM costs roughly three times more per gigabyte and makes up over 50% of the packaged cost of an AI GPU according to SemiAnalysis. The margins are better. The customers are richer. If you’re running a fab, the allocation decision is obvious. If you’re buying laptops, less so.
And it’s about to get worse. HBM4 moves to 16-die stacks. Nvidia’s Rubin GPU comes with up to 288GB of HBM4 per chip, with the NVL72 server rack combining 72 of those GPUs — over 20TB of HBM per rack. For a deeper look at who is profiting from HBM demand, we cover the manufacturer strategies separately.
This wasn’t a gradual trend. It was a tipping point.
Combined cloud provider CapEx is expected to exceed $710 billion in 2026, with AI infrastructure as the dominant allocation. That locked in HBM demand at a scale that forced all three memory makers to make irreversible wafer allocation decisions at the same time.
SK Hynix reported its HBM, DRAM, and NAND capacity was “essentially sold out” for 2026. Micron’s Sadana was equally blunt: “We’re sold out for 2026.” Micron exited the consumer memory market entirely to focus on enterprise and AI.
The timing was a perfect storm. Windows 10 end-of-life drove PC refresh demand, AI PC specs required 16–32GB RAM, and supply contracted — all at once.
The price data tells the story. DRAM prices rose 80–90% in Q1 2026 according to Counterpoint Research. Enterprise DDR5 64GB RDIMMs more than doubled, from roughly $7/unit to $19.50/unit. Samsung raised 32GB consumer module prices 60%, from $149 to $239.
TrendForce analyst Tom Hsu called the Q1 2026 price increases “unprecedented.” Intel CEO Lip-Bu Tan was more direct: “There’s no relief until 2028.” Gartner’s Ranjit Atwal noted the speed at which memory pricing has increased “has shocked everybody”, with an expected 130% year-on-year rise in 2026.
For the price data quantifying this shift, we break down the numbers in detail.
Training is a one-time memory allocation. Inference is where the compounding demand lives, and it comes down to something called the KV cache.
During inference, the model stores intermediate attention results in the KV (key-value) cache — essentially the model’s “short-term memory.” During an active session, this KV cache sits in HBM. When the session goes idle, it gets pushed to slower memory. But while it’s active, it’s sitting in the most expensive, most contested memory on the planet.
The KV cache grows linearly with context window length. Frontier models now reach 128K to 1M tokens of context. Each user session maintains its own cache in GPU memory. So the maths is straightforward: more concurrent users multiplied by longer context windows equals more HBM consumed per deployment. Usage, context windows, and user counts are all growing at the same time — the demand is multiplicative.
It gets worse with agentic AI. RAG, tool use, and long-running agent conversations all extend effective context and therefore memory footprint. This is why hyperscalers keep ordering more. It’s not hoarding. Actual usage growth consumes every gigabyte delivered.
Building a new semiconductor fab takes 3–5 years from ground-breaking to volume production. You cannot buy your way out of physics.
Here’s what’s in the pipeline. Micron has a Singapore fab reaching production in 2027, a Taiwan fab in H2 2027, and a New York megafab not in full production until 2030. SK Hynix has a South Korea fab completing in 2027 and Indiana facilities by end of 2028. Samsung plans a new Pyeongtaek plant in 2028. Billions of dollars of investment. None of it provides meaningful relief before 2027 at the earliest.
Even existing fabs face yield problems. Drilling thousands of TSVs per die and achieving sub-micron alignment across 12–16 stacked dies pushes manufacturing tolerances to their limits. Advanced packaging is a separate bottleneck — even if you had more HBM dies, packaging them using techniques like CoWoS requires specialised capacity that’s also constrained.
After the 2022 bust, memory companies were wary of expanding. As memory expert Thomas Coughlin noted, “there was little or no investment in new production capacity in 2024 and through most of 2025.” That caution is now colliding with a demand shock nobody prepared for.
Micron predicts the total HBM market will grow from $35 billion in 2025 to $100 billion by 2028 — larger than the entire DRAM market in 2024. For a detailed look at when new fabs can resolve the supply crunch, we cover the timelines separately.
The downstream numbers are already in. PC shipments will fall 10.4–11.3% in 2026 according to Gartner and IDC. Smartphone shipments are forecast to decline 8.4–12.9%. PC prices are expected to rise 17%, with memory now accounting for 23% of PC bill-of-materials cost, up from 16% in 2025.
HP said memory now accounts for 35% of the costs to build a PC, up from 15–18% the previous quarter. Dell COO Jeff Clarke warned “I don’t see how this will not make its way into the customer base” — and followed through, raising PC prices in January after cutting them just months earlier.
Lenovo, Dell, HP, Acer, and ASUS have warned clients of 15–20% price hikes and contract resets. Enterprise refresh cycles are extending by 15% as organisations delay purchases — but deferring just creates a demand backlog that amplifies future price pressure when those purchases can’t wait any longer.
On the smartphone side, LPDDR5x prices are forecast to jump roughly 90% quarter-on-quarter — the steepest increase in their history according to TrendForce. Rising memory costs could make low-end devices economically unsustainable, with some budget models pulled from the market altogether.
The procurement landscape has shifted structurally. Hyperscalers lock in supply through long-term reservations and direct fab investments. Mid-market firms rely on shorter contracts and spot sourcing. Gartner’s Ranjit Atwal summed it up: “Vendors aren’t guaranteeing prices for long now. They’re saying this is the price and it’s available for two or three weeks.” His advice: buy now, because whatever you’re paying today is likely the best price you’ll see for a while.
For our overview of the memory crisis, we put it all in context.
No. The COVID shortage was demand surging across many chip categories at the same time. The 2026 shortage is structurally different: it’s a deliberate wafer reallocation within the memory industry from conventional DRAM to HBM, driven by AI economics. The constraint is internal to the memory market, not external.
SemiAnalysis estimates HBM costs roughly three times more per gigabyte. It also represents over 50% of the total packaged cost of an AI GPU — the single most expensive component in AI accelerator hardware.
DDR5 delivers roughly 50–60 GB/s per channel. HBM delivers 1–2 TB/s. LLMs need sustained high-bandwidth data flow to keep GPU compute units busy. Using DDR5 would leave GPUs idle most of the time, making the compute investment largely wasted.
No meaningful price relief is expected before mid-2027 at the earliest, with structural pressure continuing through 2028. Intel CEO Lip-Bu Tan put it bluntly: “There’s no relief until 2028.” Deferring risks higher prices and longer lead times as deferred demand creates a backlog.
The KV cache stores intermediate computation results from LLM attention mechanisms during inference. It grows linearly with context window length and has to be maintained separately for each concurrent user session. As context windows expand and user counts grow, the KV cache becomes a major driver of HBM consumption.
Three companies — Samsung, SK Hynix, and Micron — manufacture virtually all of the world’s DRAM. Their wafer allocation decisions directly determine supply availability for every device category globally.
Chinese manufacturers such as ChangXin Memory Technologies are catching up but remain years behind. U.S. export controls restrict access to advanced lithography and packaging equipment needed for HBM production. No meaningful supply relief is expected in the 2026–2028 timeframe.
Cloud providers are themselves major HBM buyers with rising infrastructure costs. While long-term supply agreements partially insulate hyperscalers from spot volatility, increased memory costs will eventually flow through to cloud service pricing.
Advanced packaging — techniques like CoWoS and hybrid bonding — integrates HBM stacks and GPU dies into a single package. This capacity is limited and requires specialised equipment. Even if more HBM dies were manufactured, packaging constraints limit how quickly finished modules reach the market.
DRAM prices rose 80–90% in Q1 2026 alone (Counterpoint Research). Enterprise DDR5 64GB RDIMMs more than doubled, from roughly $7/unit to $19.50/unit. Samsung raised 32GB consumer modules 60%, from $149 to $239.
Rubin uses up to 288GB of HBM4 per chip, with the NVL72 rack combining 72 GPUs — over 20TB of HBM per rack. HBM4 moves to 16-die stacks, which means even more wafer consumption per unit. Each new GPU generation deepens structural HBM demand.
Some companies are exploring alternatives. Majestic Labs is designing an inference system with 128TB of memory using non-HBM architectures. But these involve significant performance trade-offs and aren’t proven at scale. For mainstream AI training and inference, HBM remains a hard architectural requirement.
What Is the AI Governance Gap and How Do You Close ItThe percentage of companies integrating AI into at least one business function surged to 72% in 2024, up from 55% the year before. Governance has not kept pace. Only 25% of organisations have fully operational AI governance programmes, and 76% say AI is moving faster than their governance can handle.
The distance between those two realities — rapid AI adoption on one side, immature governance on the other — is the AI governance gap. It creates exposure across data security, regulatory compliance, and operational accountability.
This page is a structured overview of the governance gap: what it is, where the exposure concentrates, and how to close it. The sections below cover shadow AI and why it differs from shadow IT, mid-market exposure patterns, the gap between policy and execution, what mature operating models look like, how to measure governance effectiveness, and what regulators now require. Each section links to a dedicated article where you can go deeper.
The AI governance gap is the measurable distance between your organisation’s rate of AI adoption and the maturity of the governance frameworks managing that AI. AI tool adoption surged from 55% to 72% of organisations between 2023 and 2024. Governance has not kept pace — nearly 74% of organisations report only moderate or limited coverage in their AI risk and governance frameworks. The gap creates real exposure across data security, regulatory compliance, and operational accountability.
The gap matters now because governance has shifted from aspiration to enforcement. For most of the last decade, AI governance was treated as a matter of intent — write a policy, signal good faith, move on. That stopped working in 2025 when regulators moved from guidance to enforcement.
The distinction to understand is between a policy and a framework. 75% of organisations have a written AI policy, but only 36% have adopted a formal governance framework. A policy is a document. A framework is an operational system with enforcement, accountability, and monitoring. The distance between those numbers — 75% and 36% — is where most organisations currently sit: documented intent without operational execution. That produces what governance practitioners call “governance theatre” — checkbox compliance that generates paperwork without reducing risk.
The most visible symptom of this gap is what shadow AI is and why it differs from shadow IT — and why this new threat is structurally harder to contain than its predecessor.
For a deeper look at the scale of the governance gap problem, see Shadow AI vs Shadow IT — What Makes the New Threat Harder to Govern. The difficulty of governing shadow AI is compounded when organisations lack the structural resources to detect it.
Shadow AI — AI tools used without organisational knowledge or approval — is harder to govern than traditional shadow IT because the exposure is less visible and potentially irreversible. A shadow SaaS tool creates an integration risk you can unwind. A shadow AI tool can ingest, analyse, and generate content from sensitive data in a single interaction. The data leaves your perimeter the moment the prompt is submitted.
71% of office workers use AI tools without IT approval, and OpenAI accounts for 53% of all shadow AI usage — more than the next nine platforms combined. At smaller firms, the density is even higher: companies with 11–50 employees average 269 unsanctioned AI tools per 1,000 employees.
Prohibitive bans do not work. As IBM Distinguished Engineer Jeff Crume puts it, “saying no doesn’t stop the behaviour, it just drives it underground”. Governance has to enable sanctioned use while containing unsanctioned exposure — which means publishing an approved tool list that gives people enterprise-grade alternatives to the tools they are already using.
For the full evidence base and practical containment strategies, read Shadow AI vs Shadow IT — What Makes the New Threat Harder to Govern.
Smaller organisations face disproportionate shadow AI risk for structural reasons, not because they are less competent. Accountability for AI governance is fragmented — CIOs hold it at 29% of firms, CDOs at 17%, CISOs at 14.5% — with no clear mandate for the technical executive running delivery. Governance tooling designed for enterprises with dedicated compliance staff does not translate to resource-constrained teams.
Companies with 11–50 employees show the densest shadow AI usage relative to headcount, yet only 23% of small organisations have a dedicated team driving generative AI adoption, compared to 52% of large enterprises. The smaller the firm, the larger the gap relative to capacity. Understanding how mid-market companies face disproportionate shadow AI exposure — and why the CTO accountability gap is most acute at this scale — is the starting point for right-sizing governance to the actual organisation.
For the full mid-market analysis, see Shadow AI in Mid-Market Companies — Why the Exposure Is Disproportionate.
An AI policy is a written statement of rules. An AI governance framework is the operational system that makes those rules real — roles, controls, monitoring, and measurement. Having a policy without a framework is the most common state: 75% of organisations have a written AI policy, but only 36% have adopted a formal governance framework. The distance between those numbers is the governance execution gap, and it is where most organisations currently sit.
The execution gap has four failure modes: role ambiguity (nobody owns enforcement), policy staleness (rules written for last year’s tooling), measurement absence (no way to know whether controls are working), and governance theatre (documentation that looks like control without providing it). An AI governance policy without enforcement mechanisms is a wish list.
Structurally, governance operates across five interlocking domains — Strategy, Compliance, Operations, Ethics, and Accountability. A strategy decision to prioritise a high-risk use case triggers compliance review, operations readiness, ethics evaluation, and accountability assignment simultaneously. What moves governance from policy to programme is an oversight function — an AI governance committee with clear RACI assignments, decision rights, and an operating cadence. That committee turns written rules into daily practice. It does not need to be large. It needs to be accountable. The practitioner’s execution playbook for moving from AI policy to AI practice covers every step of this transition in detail.
For the practitioner’s execution playbook, read From AI Policy to AI Practice — How to Build Governance That Actually Executes.
A mature AI operating model embeds governance into the daily mechanics of AI development and deployment. Governance leaders are 2.5x more likely to embed AI as a core pillar of business strategy. Their operating models include executive ownership proximity, a structured oversight function, risk-tiered use-case management, and continuous monitoring — not an annual audit. Laggards, by contrast, have written policies with diffuse or absent responsibility and no direct CEO oversight of AI governance at 72% of organisations.
Only 7% of organisations have fully embedded AI governance. Most sit at the Ad Hoc or Developing stages of a five-level maturity progression (Ad Hoc, Developing, Defined, Managed, Optimising). The pattern that produces the largest governance gaps is high adoption maturity with low governance maturity — you are deploying AI widely but governing it loosely.
Three governance model archetypes exist: centralised (one oversight body sets policy across the enterprise), federated (local governance per business line, coordinating centrally), and hybrid (central policy with federated execution). The hybrid model is the default for scaling organisations because it balances consistency with operational flexibility. How governance leaders differ from laggards comes down to how deliberately they have designed this operating model, not just how much they have documented.
For the strategic architecture of governance leadership, read The AI Operating Model — What Separates Governance Leaders from Laggards.
Governance that employees follow is governance that makes the right path the easy path. Start with an AI tool inventory, then publish an approved AI tool list that provides enterprise-grade alternatives to the shadow tools already in use. Role-based access controls create the technical enforcement layer. Distributed enablement — AI champions embedded in teams — creates the cultural adoption layer, bridging the gap between central policy and frontline practice.
The communication gap is wide: 78% of organisations have not communicated a clear plan for AI integration, and 58% of employees have not received formal training on safe AI use. Governance that nobody knows about is governance that nobody follows.
An intake-to-value mechanism — a structured approval process for new AI use cases — keeps governance proportional to organisational capacity. Instead of blanket rules, each proposed use case is assessed against risk tier, data sensitivity, and regulatory scope, then routed to the appropriate approval path. This keeps governance from becoming a bottleneck while maintaining oversight where it counts. How to build AI governance that actually executes — with role-based controls, lightweight approval workflows, and shadow AI detection — is covered step-by-step in the dedicated execution guide.
For the step-by-step execution guide, read From AI Policy to AI Practice — How to Build Governance That Actually Executes.
Fewer than 20% of organisations track well-defined GenAI KPIs. Without measurement, governance effort cannot be verified, improved, or demonstrated to regulators or boards. As IBM Distinguished Engineer Jeff Crume notes, “it’s pretty hard to know if you’re succeeding if you’ve never even defined the benchmarks”.
A working governance programme tracks four core indicators: Policy Compliance Rate (what percentage of AI use cases are governed by approved policies), Incident Response Time (how quickly governance failures are contained), Use Case Review Cycle Time (how efficiently new AI deployments are approved), and Model Coverage (what percentage of production AI systems are fully documented).
The shift in 2025–2026 is from policy to proof. Regulators, enterprise buyers, and insurers are now asking for demonstrated governance, not stated intent. Governance that cannot produce evidence of its own operation — audit trails, model cards, incident logs — will not satisfy a regulatory or due-diligence inquiry. Continuous monitoring is what separates governance from periodic audit compliance. Building a governance measurement framework that tracks both operational effectiveness and regulatory evidence is the next step once execution foundations are in place.
For the full measurement framework, read How to Measure Whether Your AI Governance Is Actually Working.
The EU AI Act is legally binding and applies to any organisation placing AI on the EU market — regardless of where that organisation is headquartered. For SaaS companies serving EU customers, any AI-powered feature used by EU-based users is potentially in scope. High-risk provisions are fully in force by August 2026. US states have begun regulating AI in parallel, creating overlapping obligations for multi-state SaaS companies.
The EU AI Act classifies AI systems into four risk tiers: Unacceptable (prohibited), High (conformity assessments, audit trails, human oversight), Limited (disclosure requirements), and Minimal (few requirements). Where your deployments land on that scale depends on use case — most mid-market SaaS features will sit in the Limited or High-risk tiers.
In the US, states have begun regulating AI in the absence of federal legislation. Colorado, Texas, Illinois, and California all have laws taking effect in 2026, creating overlapping obligations for multi-state SaaS companies. Governance frameworks like NIST AI RMF and ISO/IEC 42001 serve as the operational backbone for satisfying multiple regulatory requirements simultaneously. NIST AI RMF provides the operational structure; ISO/IEC 42001 certification provides portable regulatory evidence. Understanding what the EU AI Act and US state laws require now — including the enforcement timeline and penalty exposure — is the external forcing function that makes governance investment non-negotiable.
For the full regulatory analysis, read The Regulatory Forcing Function — What EU AI Act and US State Laws Require Now.
Start with visibility. You cannot govern AI you cannot see. The first step is an AI tool inventory — a complete catalogue of all AI tools in use across the organisation, including tools employees have adopted without approval. From that inventory, classify tools by risk tier, establish an oversight function with defined decision rights, and publish an approved tool list. Governance that skips visibility and goes straight to policy produces enforcement without foundation.
From that baseline, the sequenced path looks like this:
The gap is widening. But governance is not a one-time project — it is an operational capability you build incrementally. The organisations that will be best positioned in 2026 are those that build evidence instead of narratives and normalise assurance instead of treating it as exceptional.
For the execution playbook, start with From AI Policy to AI Practice — How to Build Governance That Actually Executes. For the accountability infrastructure, read How to Measure Whether Your AI Governance Is Actually Working.
Shadow AI vs Shadow IT — What Makes the New Threat Harder to Govern — Why the most visible symptom of the governance gap is harder to contain than its predecessor, with evidence on how far it has already spread.
Shadow AI in Mid-Market Companies — Why the Exposure Is Disproportionate — How shadow AI risk accumulates differently at 50–500 employee companies and why accountability fragmentation is most acute at this scale.
The Regulatory Forcing Function — What EU AI Act and US State Laws Require Now — Why regulatory pressure is converting AI governance from aspiration to legal requirement and what the enforcement timeline means for your organisation.
From AI Policy to AI Practice — How to Build Governance That Actually Executes — The practitioner’s execution playbook: role-based access controls, distributed enablement, lightweight approval workflows, and shadow AI detection.
The AI Operating Model — What Separates Governance Leaders from Laggards — What the strategic architecture of mature AI governance looks like and the operating model choices that distinguish high-performing organisations.
How to Measure Whether Your AI Governance Is Actually Working — The measurement framework for governance execution quality: KPIs that matter, audit trail infrastructure, and how to demonstrate governance effectiveness.
Governance theatre is the failure mode where organisations generate documentation — policies, frameworks, reports — without building the operational controls that make governance real. The signals: high self-reported compliance alongside frequent AI-related incidents, and risk reviews completed on paper but never enforced in practice. You avoid it by assigning accountability to named people (not functions), deploying monitoring that runs continuously, and measuring operational outcomes rather than documentation volume.
Yes. The EU AI Act has extraterritorial scope — it applies to any organisation placing AI systems on the EU market, regardless of headquarters location. For SaaS companies serving EU customers, any AI-powered feature accessible to EU-based users is potentially in scope. High-risk AI provisions are fully in force by August 2026. See The Regulatory Forcing Function for the full analysis.
An AI policy is a written document stating what is permitted and prohibited. An AI governance framework is the operational system that makes the policy enforceable — enforcement mechanisms, accountability structures, monitoring capabilities, and measurement processes. Having a policy without a framework is the most common state: 75% of organisations have written policies, but only 36% have a governance framework.
NIST AI RMF is a voluntary US framework organised around four functions (Govern, Map, Measure, Manage) that provides a practical structure for AI risk management. ISO/IEC 42001 is the international standard for AI management systems, where certification provides documented evidence satisfying multiple EU AI Act requirements. They are complementary: NIST for operational structure, ISO/IEC 42001 for portable regulatory evidence.
Risk-tiered governance matches oversight controls to the criticality of each AI use case. Low-risk use cases (content drafting, scheduling) require minimal controls; high-risk use cases (hiring decisions, credit scoring) require conformity assessments, audit trails, and continuous monitoring. For resource-constrained organisations, tiering is what makes governance feasible — it allocates effort where it materially reduces risk rather than applying enterprise-level controls to everything.
A minimum viable programme — AI tool inventory, risk classification, oversight committee, approved tool list, and basic monitoring — can be operational within 90 days if treated as a structured project. More comprehensive programmes including full KPI tracking, model card documentation, and regulatory alignment typically require six to twelve months. The priority is reaching operational visibility before investing in measurement infrastructure. See From AI Policy to AI Practice for the execution sequence.
The Regulatory Forcing Function — What EU AI Act and US State Laws Require NowAI governance is no longer something you can slot into next quarter’s roadmap. It is a legal obligation with dated deadlines and real penalties — and some of those deadlines have already passed. The EU banned manipulative AI, social scoring, and workplace emotion detection in February 2025. That is done. It is law.
The EU AI Act’s staggered enforcement timeline means high-risk system requirements kick in from August 2026. Meanwhile, US states — California, Texas, Illinois, Colorado — have gone ahead and enacted their own AI laws. Most took effect on January 1, 2026. So you are now dealing with a multi-jurisdictional patchwork, and it is only going to get thicker.
This article maps the concrete obligations, timelines, and penalties across both jurisdictions — and lays out the business case for acting now rather than later. If you want the broader picture on the AI governance gap regulators are now targeting, start there.
The EU AI Act (Regulation EU 2024/1689) is the world’s first comprehensive AI regulation. It sorts AI into risk buckets: unacceptable (banned), high-risk (strict obligations), limited risk (transparency rules), and minimal risk (largely left alone).
There are four enforcement dates. The first one has already come and gone:
February 2, 2025 — Prohibited AI practices banned outright. Manipulative AI, social scoring, real-time biometric surveillance in public spaces, workplace emotion detection. AI literacy requirements now active for providers and deployers.
August 2, 2025 — GPAI model rules come into force. Providers need technical documentation, copyright policies, and training data summaries.
August 2, 2026 — High-risk AI obligations become fully enforceable. Conformity assessments, risk management systems, human oversight, post-market monitoring, EU Database registration, CE marking — all required before you can place a high-risk system on the market. These assessments typically take six to twelve months. If you have not started, August 2026 is already tight.
August 2, 2027 — Everything else kicks in.
The penalties are serious: up to EUR 35 million or 7% of global annual turnover for prohibited practice violations. EUR 15 million or 3% for other infringements. That is more than GDPR fines.
Two things worth knowing about scope. First, the Act applies extraterritorially — if your AI touches the EU market, you must comply, no matter where your company is incorporated. Second, the provider/deployer distinction matters. Most SaaS companies are deployers. But if your product involves employment decisions, creditworthiness assessment, health diagnostics, or biometric processing, it is almost certainly high-risk under Annex III. That means conformity assessments and human oversight — whether you built the model or not.
There is no comprehensive federal AI legislation. The states have filled the gap — over 1,000 AI-related bills were introduced in 2025 alone. Here are the ones that actually matter.
California SB 53 (effective January 1, 2026). Frontier model developers need to publish risk frameworks and report safety incidents. Penalties go up to $1 million per violation — though it targets developers pulling in revenue above $500 million.
California AB 2013 (effective January 1, 2026). Generative AI developers must disclose training data sources, types, and copyright status.
Texas TRAIGA (HB 149, effective January 1, 2026). Here is the one to pay attention to: compliance with the NIST AI Risk Management Framework constitutes an affirmative defence. Adopt a governance framework, get legal safe harbour. Penalties run $80,000 to $200,000 per violation.
Illinois HB 3773 (effective January 1, 2026). Bans discriminatory AI in employment decisions. And here is the kicker — it includes a private right of action. That is the only state AI law where plaintiffs can sue you directly. If you use AI anywhere in hiring or workforce decisions, this is where your litigation exposure lives.
Colorado SB 24-205 (effective June 30, 2026). The first comprehensive US state statute going after high-risk AI systems. Requires impact assessments and consumer disclosures. Penalties up to $20,000 per violation. Impact assessments take months — June 2026 is closer than it looks.
What about federal preemption? The Trump Administration’s December 2025 Executive Order signalled intent to challenge state regulation, but an executive order cannot overturn existing state law. The Senate already voted down a provision that would have barred states from enforcing AI regulations for ten years.
The practical advice: comply with the strictest applicable standard now rather than gamble on preemption that may never arrive.
How you talk about your AI practices is itself a regulatory surface. If your company claims to use AI responsibly or to have governance frameworks in place — and those claims are not backed by what you actually do — you have a problem.
The SEC treats AI claims in investor materials, filings, and marketing as material representations. After the landmark 2024 settlements against Delphia and Global Predictions, the SEC’s 2026 Examination Priorities specifically target AI disclosures. The FTC is in on it too, going after deceptive AI capability claims.
What this means in practice: governance is not just an internal exercise. It is an external disclosure risk. What you say about your AI practices has to be verifiable. The gap between governance claims and governance reality is now an enforcement target.
If you want to understand how measurement satisfies compliance obligations, that is where documentation becomes your defence.
SEC enforcement targets what you say about governance. Shadow AI undermines the governance you actually have.
Shadow AI — employees using AI tools without IT approval — introduces unmonitored data flows that compound your compliance obligations. An ISACA survey of 561 European professionals found 83% believe employees use AI without policy coverage. Only 31% have a formal AI policy in place. This is not some edge case. It is the norm.
GDPR requires documented data processing activities and a lawful basis for processing. Shadow AI tools processing personal data outside sanctioned channels violate these requirements without the organisation knowing. HIPAA‘s requirements for protected health information controls fall apart when employees use consumer AI tools to process patient data. SOC 2 trust principles assume known system boundaries — shadow AI pushes processing well beyond those boundaries.
The compounding effect is the real worry. Each unsanctioned tool multiplies the compliance surface without increasing your compliance capacity. You are not failing at one regulation — you are silently failing at several at once. Less than 47% of organisations have adopted formal AI risk management frameworks.
Your regulatory liability does not disappear because IT did not approve the tool. The company bears the liability regardless. That is why governance execution is now a legal requirement.
Governance debt is the gap between how fast you are adopting AI and how mature your governance actually is. Think of it like technical debt — except instead of slower deployments, you get regulatory penalties and financial consequences.
David Talby, CTO of John Snow Labs, puts it directly: “Governance debt will become visible at the executive level. Organisations without consistent, auditable oversight across AI systems will face higher costs, whether through fines, forced system withdrawals, reputational damage, or legal fees.”
The cost breaks into three parts.
Penalty exposure. The EU, California, Texas, Colorado, and Illinois penalties are additive across jurisdictions. One governance failure can trigger enforcement under several laws at the same time.
Remediation cost. Building governance after an enforcement action costs multiples of doing it proactively. Retroactive compliance means documenting and correcting decisions you have already made. That is always harder and always more expensive.
Operational cost. Incident response, legal engagement, crisis management, customer notification. The average data breach costs $4.45 million — and that is before reputational damage.
The financial argument is pretty straightforward: building governance now is a fraction of what governance debt costs when it comes due.
The regulatory forcing function gives you the strongest argument for governance investment you have ever had: external deadlines with quantified penalties that turn “we should” into “we must.”
Timeline pressure. EU AI Act high-risk obligations go live August 2, 2026. US state laws have been in effect since January 1, 2026. Colorado impact assessments are due June 30, 2026. These are enforceable dates.
Penalty quantification. Present the aggregate exposure across jurisdictions — the EU, US state, and SEC enforcement figures laid out above. Your legal team can calculate the specific exposure for your operational footprint.
Framework leverage. NIST AI RMF addresses multiple regulatory surfaces with one framework investment. Organisations aligned with NIST AI RMF find that cost avoidance from risk prevention often exceeds governance programme costs within two years.
Competitor positioning. In regulated industries, transparency and explainability is increasingly a market access requirement. Compliance failures under the EU AI Act can block product sales in entire markets. Governance becomes a market-access credential, not just a cost centre.
Frame it for your board as what governance costs now versus what deferred governance costs when an audit lands on your desk. Let the numbers do the talking. If you need to know how to build the governance execution that regulators require and how measurement satisfies compliance obligations, those are your next steps.
The regulatory landscape has shifted from voluntary frameworks to enforceable obligations with dated deadlines and real penalties. The EU AI Act and US state laws are not parallel — they are additive. If you operate across jurisdictions, your obligations compound, and you cannot address them piecemeal.
Governance debt is accumulating right now. The question is whether you invest proactively at a planned cost or reactively at penalty cost. The numbers favour doing it now.
Start with the gap between AI policy and AI practice, then move to how to build the governance execution that regulators require.
Yes. The EU AI Act has extraterritorial scope. If your AI systems are placed on the EU market or your AI outputs affect people within the EU, you must comply — regardless of where your company is headquartered. US-based SaaS, FinTech, and HealthTech companies with EU customers are in scope.
High-risk AI systems operate in regulated domains — employment, healthcare, credit assessment, law enforcement — and must meet strict obligations including conformity assessments, risk management systems, and human oversight. GPAI models are large-scale models adaptable to many tasks, and they come with different transparency and documentation requirements.
Yes. Regulatory obligations attach to the organisation, not to individuals. If an employee uses an unsanctioned AI tool that processes personal data in violation of GDPR, or makes employment decisions using AI in violation of Illinois HB 3773, the company bears the legal liability. IT not knowing about it does not change that.
If your product involves AI-driven decisions in employment, creditworthiness assessment, health diagnostics, biometric identification, or critical infrastructure management, it is likely high-risk under Annex III. Classification depends on what your product does, not on what technology stack it is built on.
NIST AI RMF 1.0 is a voluntary US federal framework with four functions: govern, map, measure, and manage. Compliance gives you an explicit affirmative defence under Texas TRAIGA — legal safe harbour in at least one jurisdiction while providing a foundation that maps well to EU AI Act obligations.
No. All enacted state laws remain enforceable until courts rule otherwise. The FTC was directed to issue a preemption statement by March 11, 2026, but that would not automatically invalidate existing state laws. Comply now.
AI washing means making unsubstantiated claims about AI capabilities or governance practices — think of it as greenwashing but for AI. The SEC treats AI claims in investor materials and marketing as material representations. If what you actually do does not match what you say, that is a potential securities law violation.
Colorado SB 24-205 (effective June 30, 2026) goes after high-risk AI systems, requiring reasonable care to prevent algorithmic discrimination, impact assessments, and consumer disclosures. It focuses specifically on algorithmic discrimination rather than the EU’s broader safety framework. Penalties are up to $20,000 per violation versus EUR 35 million or 7% of turnover under the EU Act.
Conformity assessments require technical documentation, risk management systems, data governance controls, and human oversight mechanisms. For a mid-sized company, expect six to twelve months — which means the August 2, 2026 deadline requires action now, not next quarter.
EU AI Act: up to EUR 35 million or 7% of global turnover for prohibited practice violations; EUR 15 million or 3% for other infringements. Colorado: up to $20,000 per violation. Texas TRAIGA: $80,000 to $200,000 per violation. California SB 53: up to $1 million per violation. Illinois HB 3773: civil liability through private right of action. These are additive across jurisdictions — one governance failure can trigger penalties under multiple laws.
How to Measure Whether Your AI Governance Is Actually WorkingHere is a number that should bother you: 72% of enterprises now formally measure Gen AI ROI. Measuring productivity? Sorted. But ask those same companies whether their AI governance is actually working — whether policies are being followed, whether anyone can prove compliance — and the room goes quiet. Only 32% operate at what Acuvity calls “measured effectiveness” on governance. The other 68% either track nothing at all or track whether reviews got completed, which tells you almost nothing about whether anything is actually being enforced.
This article lays out a practical measurement framework: what to track, how to figure out where you stand, and how to build lightweight monitoring without needing enterprise-scale resources. It covers the AI governance gap that measurement addresses and looks at the execution mechanisms this measurement framework is designed to assess. Governance is not a project with a completion date. It is an ongoing operational capability, and you need to measure it like one.
The Wharton finding is pretty stark. In their third-wave Gen AI adoption study, 72% of enterprise leaders formally measure Gen AI ROI. The productivity side has moved past experimentation into what they call “Accountable Acceleration.”
Governance is a different story. Acuvity’s 2025 State of AI Security survey found that nearly 40% do not have managed governance at all — they are running on ad hoc practices or literally nothing. IBM’s research lines up with this: nearly 74% of organisations report moderate or limited coverage in their AI risk and governance frameworks.
So companies know exactly how much value AI is generating but cannot tell you whether it is being used compliantly or within policy boundaries. That is a problem.
Part of it is governance theatre. Organisations tick checklists without actually verifying enforcement. Process metrics — policies written, reviews completed — create an illusion of control. Less than 47% have adopted formal risk management frameworks for AI. Half of business leaders say their organisation lacks the governance structures needed to manage Generative AI’s ethical challenges.
But the deeper cause is structural. Governance got treated as a one-time project: write a policy, form a committee, move on. Every undocumented deployment, every skipped review widens the gap between what you believe is governed and what actually is. As IBM’s Jeff Crume put it, “it’s pretty hard to know if you’re succeeding if you’ve never even defined the benchmarks.”
That gap between perceived governance and actual governance — that is the gap this measurement framework is designed to close.
The DX AI Measurement Framework, built from research across 184 companies and 135,000+ developers, structures measurement across three dimensions: Utilisation, Impact, and Cost. It was designed for engineering productivity, but the parallel to governance is direct.
Utilisation — is AI being used as intended within governance boundaries?
This is your compliance layer. Track policy compliance rate — the percentage of deployments that completed the required governance review steps. Track model coverage — the percentage of production AI systems with complete documentation, including model cards, audit trails, and risk assessments. Track governance participation rate — are the right people actually showing up? And track shadow AI detection rate. One in five organisations experienced breaches from unsanctioned AI usage, costing $670,000 more than traditional breaches. If you needed a business case for measuring shadow AI, there it is.
Impact — is governance producing measurable risk reduction and compliance improvement?
Impact metrics tell you whether governance is producing results you can actually point to. Track incident response time — how fast you identify and resolve AI-related incidents. Track use case review cycle time — if governance review takes too long, teams bypass it, and that is what drives shadow AI. Track risk reduction metrics — measurable decreases in compliance violations, bias incidents, or data exposure. And track governance maturity score progression over time.
Cost — what is governance consuming, and is it proportionate?
Governance costs money. The question is whether that cost is proportionate to the value AI delivers. Track governance overhead per deployment and the opportunity cost of governance delays. For context: organisations that treat governance as a strategic capability see a 30% ROI advantage over those treating it as a compliance afterthought.
O’Reilly’s DX Core 4 framework complements this structure for engineering-specific contexts where developer experience metrics overlap with governance participation.
Acuvity’s research defines four maturity levels. Most organisations sit lower than they think.
Level 1 — Ad Hoc. No systematic governance. AI deployments happen without formal review. Measurement capability: zero. You cannot measure what you do not track. The tell: nobody can say how many AI systems are in production. 39% of organisations operate below managed governance levels entirely.
Level 2 — Defined. Governance policies exist on paper. Some review processes are in place. You can measure process — policies written, reviews completed — but that is about it. The risk here is governance theatre. High process scores masking zero enforcement. A perfect Regulatory Compliance Score means nothing if teams circumvent governance because they find it burdensome.
Level 3 — Managed. Governance is enforced with tooling. Outcome metrics sit alongside process metrics — policy compliance rate, model coverage, incident response time. The milestone here: a governance scorecard exists and gets reported to leadership. This is where governance becomes visible to the people who fund it.
Level 4 — Optimised. Continuous monitoring, drift detection, and accountability reporting are automated. Leading indicators — rising undocumented deployments, declining participation rates — trigger proactive intervention before things go sideways. Only 32% of organisations operate here.
You do not have to climb each rung one at a time. You can leapfrog from Ad Hoc to Managed by adopting a measurement-first approach. As David Talby, CTO of John Snow Labs, put it: the most successful organisations are those that can explain, defend, and adapt their systems under sustained scrutiny.
Think of the maturity ladder as a diagnostic tool, not a compliance requirement. Use it to figure out where you are so you can prioritise where to invest.
What happens after your AI systems go live? For most organisations, the honest answer is: not much. And that is exactly where the risk concentrates.
38% of organisations identify runtime as their most vulnerable phase. Another 27% say it is where they are least prepared. Pre-deployment concerns rank far lower.
Most governance frameworks focus on pre-deployment review and then neglect post-deployment monitoring entirely. But AI models drift over time. Training data goes stale, usage patterns shift, edge cases pile up. Without continuous monitoring, governance documentation becomes outdated within months.
IBM’s CIO Matt Lyteson described it directly: “We’ve even seen instances where you put it out there and then, a week later, it’s producing different results than you initially tested for.” When their Ask IT support agent’s resolution rate dropped from 82% to 75%, they investigated immediately. That is what runtime measurement looks like in practice.
For teams without enterprise tooling, a lightweight monitoring layer still does the job. Scheduled model performance reviews — quarterly at a minimum. Automated alerts for usage anomalies. Quarterly policy currency checks with an emergency update process for new capabilities. And periodic shadow AI sweeps — the average enterprise runs over 320 unsanctioned AI applications, so scanning SaaS subscriptions and API integrations regularly is not optional. It is just something you have to do.
Agentic AI adds another layer. Measurement needs to extend to decision traceability, tool call logs, and human escalation triggers. And if you need a regulatory reason to care: regulators are signalling that documentation gaps themselves may constitute violations. That connects directly to the measurable evidence regulators now require.
Most 50-to-500-person companies do not have a dedicated governance team, enterprise GRC platforms, or six-figure tooling budgets. That is fine. Measurement scales down.
No tooling required — spreadsheet level.
Start here. AI inventory: list every AI system in production with owner, purpose, and last review date. If you cannot answer “how many AI systems are in production?” then you are at Level 1. Policy compliance rate: a manual quarterly audit of whether deployments followed governance steps. Governance participation rate: are the right people showing up to reviews? Declining attendance is the earliest signal that teams are treating governance as optional. Policy currency check: are your policies less than six months old? A dated document review takes one hour per quarter.
Basic instrumentation — existing observability stack.
Model coverage: track it via a Jira or Linear ticket that cannot close until the model card and risk assessment are attached. Use case review cycle time: tracked via your ticketing system — if average review time is climbing, teams are bypassing governance. Incident response time: measured from your existing incident management tooling. Shadow AI detection: a manual sweep of expense reports and browser extensions surfaces most unsanctioned AI tool usage.
Enterprise tooling — dedicated platforms.
Continuous drift detection and automated alerting. Real-time governance dashboards through platforms like IBM watsonX Governance and Credo AI. Automated audit trail generation and regulatory reporting.
The enterprise tier is optional. Governance measurement works at every budget level. As IBM’s Jeff Crume observed, “saying no doesn’t stop the behaviour, it just drives it underground” — measurement lets you govern with evidence, not blanket restrictions.
Here is a self-assessment you can run by Friday. Five questions: How many AI systems are in production right now? When was the last governance policy update? Who is accountable for AI risk in each business unit? How long does it take to approve a new AI use case? How many unsanctioned AI tools were discovered last quarter?
If you cannot answer those, you know where to start.
Governance is a continuous operational capability. The moment measurement stops, governance debt starts piling up.
The “governance project” failure mode is common. Organisations that treat governance as a discrete initiative — write policy, implement, declare success — fail slowly. Governance decay is invisible until an audit, an incident, or a regulatory inquiry surfaces it. As David Talby put it, “governance is no longer judged by policy statements, but by operational evidence.”
Continuous measurement acts as an immune system. It catches policy drift, rising shadow AI, declining participation, and emerging risks before they turn into compliance failures. And it sustains investment — boards fund what they can see working. IBM’s daily cost visibility per AI use case demonstrates the kind of granular accountability that keeps governance funded.
The regulatory trajectory makes this non-negotiable. The EU AI Act, NIST AI RMF, and ISO/IEC 42001 all assume continuous governance. The EU AI Act’s high-risk obligations become fully applicable in August 2026. Compliance is not a one-time assessment. It is an ongoing obligation.
The organisations that treat governance execution as permanent infrastructure — not a project deliverable — are the ones that will scale AI safely. The 32% that operate at measured effectiveness are not done. They are simply measuring continuously. That is the difference.
No. ROI measurement tracks business value — productivity gains, revenue, cost reduction. Governance measurement tracks whether AI is being used responsibly and within policy boundaries. The 72% (ROI) versus 32% (governance) split shows these are entirely separate disciplines.
Start with four. AI inventory completeness — do you know every AI system in production? Policy compliance rate — did each deployment follow your governance process? Policy currency — are your policies less than six months old? Governance participation rate — are the right people showing up to reviews? You do not need anything beyond a spreadsheet and a calendar for these.
The NIST AI RMF is structured around four functions — Map, Measure, Manage, and Govern. The Measure function defines what to track: risk metrics, performance thresholds, and stakeholder feedback. The Cybersecurity Profile layers security-specific measurement on top. Together they give you a government-endorsed measurement backbone you can adopt without building from scratch.
Process metrics measure activity: policies written, reviews completed, training sessions held. Outcome metrics measure impact: incidents prevented, compliance violations reduced, model drift detected before harm. Mature governance programmes lead with outcome metrics. Organisations stuck on process metrics alone risk governance theatre — high activity scores with no verified enforcement.
Focus on three translations. Model coverage becomes “percentage of AI systems under documented control.” Incident response time becomes “how quickly we contain AI-related problems.” Governance maturity score becomes “our progress on a four-level scale benchmarked against industry.” Boards respond to trend lines and benchmarks, not raw technical data.
Quarterly for formal review, with monthly pulse checks on leading indicators — shadow AI discoveries, participation rate changes, policy expiry dates. Organisations at maturity Level 4 run continuous automated monitoring. Match your review cadence to how fast you are deploying AI.
Five warning signs. Rising undocumented AI deployments. Declining attendance at governance reviews. Policies not updated in over six months. Increasing use case review cycle times — which suggests teams are bypassing governance. And nobody can name the person accountable for AI risk in their business unit.
Both. Basic metrics — AI inventory, policy currency, participation rates — need manual tracking or simple automation. Advanced metrics — drift detection, continuous compliance monitoring, automated audit trails — need dedicated tooling. Start manual, automate incrementally, and do not wait for perfect tooling to start measuring.
Agentic AI introduces new measurement dimensions. Decision traceability — can you reconstruct why the agent acted? Tool call logging — what external systems did the agent access? Human escalation frequency — how often did the agent defer to a human? Most existing frameworks were designed for traditional or generative AI, not autonomous agents. They need extending.
A governance scorecard aggregates four to six KPIs into a single view: model coverage, policy compliance rate, incident response time, governance maturity score, shadow AI count, and governance participation rate. Each metric shows current value, trend direction, and a red/amber/green status. The dashboard is what makes governance visible to leadership and keeps the funding flowing.
The AI Operating Model — What Separates Governance Leaders from LaggardsMost organisations have an AI strategy. Very few have an AI operating model — the actual architecture of governance, data, people, and process that determines whether your AI investment turns into business outcomes or just burns cash.
And the gap between the ones who get it right and the ones who don’t is getting wider. BCG’s Build for the Future 2025 research found a five-fold revenue gap between the top 5% of firms and everyone else, along with three times the cost reductions. Meanwhile, 60% of companies are getting almost nothing back. Despite spending real money.
This article looks at what separates governance leaders from laggards at the operating model level. We’ll give you a diagnostic framework for assessing your governance maturity and help you work out whether centralised or federated governance fits your situation. For the bigger picture on the AI governance gap this operating model closes, start with the pillar article. For tactical execution mechanics, we’ll point you to the companion piece on operationalising governance.
Three independent research programmes — BCG, TEKsystems, and Deloitte — all land on the same finding. The difference between AI leaders and laggards is operating model maturity. Not tooling. Not budget. Not talent access.
BCG’s Build for the Future 2025 study is the clearest. Only 5% of companies qualify as “AI future-built.” Another 35% are scaling AI. The remaining 60% are reaping minimal returns despite real investment. The future-built firms do spend more on IT and dedicate more of that budget to AI — but the spending differential is not what separates them. It is how the spending is structured.
TEKsystems backs this up from a workforce angle. Their 2026 State of Digital Transformation report shows digital leaders are 2.5 times more confident their investments will meet ROI expectations. Enterprise-wide AI adoption has doubled year over year — 24% of organisations in 2026, up from 12% in 2025. Among leaders, 38%. Among laggards, 9%.
Deloitte’s 2026 State of AI in the Enterprise report frames the challenge as “ambition to activation.” Only 34% of organisations are genuinely reimagining their businesses with AI. The rest are surface-level. And here is the telling detail: 42% believe their strategy is highly prepared for AI, but feel less prepared on infrastructure, data, risk, and talent. Strategically ready, operationally unsure. Sound familiar?
These are independent data sets from different methodologies arriving at the same conclusion. You should be able to locate your organisation on this curve — and chances are you are further from the top than you think.
BCG identifies structural markers that separate future-built companies from everyone else. Not just outcomes — observable design choices you can check against your own setup.
Signal one: executive ownership proximity. AI-serious organisations place AI strategy under direct CEO or CTO oversight. Not middle management. Not IT operations. This is a structural commitment that says AI is a strategic priority, not a cost centre experiment. Deloitte backs this up: enterprises where senior leadership actively shapes AI governance achieve significantly greater business value.
Signal two: data treated as a strategic asset. Future-built companies define data policies, maintain inventories, and codify data governance into operating standards. Data governance is the foundation the AI operating model sits on. Without it, everything else is built on sand.
Signal three: broad definition of AI scope. Leaders define AI broadly — automation, ML, analytics, agentic systems — not narrowly as “chatbots” or “generative AI.” This makes sure governance covers the full portfolio, not just the visible tip.
IBM adds a reality check. Nearly 74% of surveyed organisations have only moderate or limited AI governance coverage. Only 23.8% have comprehensive frameworks. PwC confirms that operationalisation — turning principles into repeatable processes — is the hurdle most executives point to.
Here is your quick self-assessment. Can you answer yes to all three? AI strategy owned at C-level? Data treated as a governed strategic asset? AI scope covering the full portfolio? If not, governance investment is premature until you fix these first.
The three signals tell you whether you are structurally serious about AI. The next question is whether your operating model integrates the components to actually act on it.
BCG, Deloitte, and TEKsystems all identify the same structural components: strategy, talent, operating model, technology, data, and adoption at scale. These work as an integrated system where governance is the connective tissue — not as independent workstreams you can pick and choose from.
When elements are disconnected, things go wrong in predictable ways. Strategy without governance produces pilot purgatory — that graveyard of proof-of-concepts that never scale. Technology without data governance produces shadow AI. Talent without an operating model produces individual productivity gains that never compound into anything useful.
Walk through each element with a governance lens:
Strategy. Is governance embedded, or bolted on as compliance? If it only appears in your risk register, it is bolted on.
Talent. Do you have governance-literate people, or just AI-literate people? Nine in ten organisations face skills gaps in AI, ML, and cybersecurity. That gap hits governance hardest because governance requires cross-functional understanding — it is not something you can hand to one team and forget about.
Operating model. Is governance a repeatable process, or a one-off policy document gathering dust on SharePoint?
Technology. Does your stack include governance tooling, or just AI tooling? Leaders are building modular, cloud-native platforms with privacy, sovereignty, and security baked in from the start.
Data. Is data governance the foundation, or an afterthought? Organisations that codify data standards are getting more ROI from AI today.
Adoption and scaling. Can governance scale with AI adoption, or does it become a bottleneck?
When all six elements work together, the result is what BCG calls “enterprise as code” — capturing how a business operates as structured, machine-readable code instead of documents, spreadsheets, and tacit knowledge. When processes are explicitly defined, they can be tested, automated, and improved. Governance gets built into operating logic from the start, not bolted on afterwards.
The performance gap is not incremental. It is structural.
Future-built firms expect twice the revenue increase and 40% greater cost reductions by 2028 compared to laggards. They reinvest AI returns into stronger capabilities. The gap accelerates.
Organisations treating governance as a strategic capability see a 30% ROI advantage over those treating it as compliance overhead. That is not a rounding error. That is governance paying for itself versus governance being a cost centre.
And the downside of weak governance is concrete. IBM data shows 20% of AI-related breaches involve shadow AI, at an average cost of $670K per incident. The average data breach cost sits at $4.45 million. That is the kind of number that gets attention in a board meeting.
Agentic AI is widening the gap further. BCG projects AI agents account for 17% of total AI value in 2025, rising to 29% by 2028. A third of future-built companies already use agents, compared with 12% of scaling companies and almost none of the lagging 60%. Without governance frameworks for autonomous agents, you cannot safely deploy them — and that locks you out of a growing share of AI value.
The compounding effect is the part that should worry you. Leaders reinvest returns. Laggards cannot, because there are no returns to reinvest. Every quarter without a functioning operating model widens the gap. It is not a problem that fixes itself.
Governance maturity is not binary. It progresses through levels, and where you sit determines what to do next.
Here is a four-level framework synthesised from IBM, PwC, and Agility at Scale research:
Ad hoc. No formal governance. AI use is untracked. Shadow AI everywhere. You cannot answer “how many AI systems are in production?” If this sounds like your situation, you are in the majority — IBM’s data suggests roughly three-quarters of organisations are here or one level up.
Managed. Policies exist. You can audit which tools are in use. But governance is manual, reactive, and dependent on individual effort. You have a policy document, but you cannot prove it actually works.
Measured. Governance effectiveness is quantifiable. You can demonstrate compliance to a board. Risk assessments are tiered and systematic. Companies at this stage are 1.5 to 2 times more likely to describe their responsible AI capabilities as effective.
Optimised. Governance is embedded in the AI lifecycle. Automated monitoring, bias testing, compliance reporting. Enterprise-as-code principles are operational. This is the end state.
The Managed-to-Measured transition is where most organisations stall. PwC’s data maps directly: half of executives cite operationalisation as their biggest hurdle.
So what does crossing that threshold actually require? An AI governance intake system — a centralised mechanism that captures all AI initiatives, categorises returns, and assigns risk profiles. Tiered risk assessment, so low-risk systems get streamlined review while high-risk systems get comprehensive assessment. Lifecycle monitoring. And the ability to report governance ROI to leadership.
Here is the good news: governance benefits compound. Year one costs are front-loaded. Years two and three show accelerating returns. If you want to know how to measure whether this operating model is performing, that is the measurement article’s territory.
Centralised versus federated governance is a structural architecture decision. The right answer depends on your size, regulatory exposure, AI portfolio complexity, and engineering culture.
Covasant identifies three canonical structures:
Centralised. One governance function owns all AI oversight. Best for companies early in AI maturity, regulated industries, and smaller organisations. The trade-off: business units may find the central team slow to respond.
Federated. Each business unit owns governance execution with light-touch central oversight. Best for organisations with high AI maturity and engineering cultures that can self-govern within guardrails. The trade-off: harder to enforce, inconsistent integration.
Hybrid (the governance spine). A central team defines standards, risk frameworks, and audit processes. Business units execute within those guardrails. This is the model most future-built companies converge on.
PwC’s data supports the hybrid direction — 56% of executives say first-line teams now lead responsible AI efforts. That puts responsibility closer to where decisions are made, which is federated execution within centralised standards.
What must be centralised regardless: risk classification, compliance reporting, policy definition. What can be federated: use-case-specific risk assessment, tool selection within approved categories, operational monitoring.
The practical advice is simple. Start centralised. At your scale, one governance function can cover the portfolio without bottleneck risk. But document the governance spine from day one — central standards, risk frameworks, audit processes — so when complexity grows, you can federate without rewriting foundations. For how to operationalise this operating model with specific mechanisms, that is what the execution article covers.
The AI operating model is the structural layer that determines whether AI investment compounds or evaporates in pilot purgatory. The evidence from BCG, IBM, Deloitte, PwC, and TEKsystems all points the same way: leaders and laggards are separated by operating model maturity.
Assess your governance maturity honestly. Design the governance spine. Plan for federation as complexity grows. To understand what the AI governance gap looks like at operating-model level, start with the pillar overview. To operationalise this operating model with specific mechanisms, move to the execution companion. And to measure whether this operating model is performing, the measurement article lays out the metrics.
An AI strategy defines what you want to achieve with AI. An AI operating model defines how the organisation is actually structured to deliver it — governance, data, people, process, and technology architecture that converts strategy into repeatable execution. You can have a strategy without an operating model, but you cannot scale AI without one.
Yes. BCG’s future-built characteristics are structural, not scale-dependent. Executive ownership proximity, data-as-strategic-asset, and broad AI scope definition do not require enterprise budgets. If anything, smaller scale means faster decision cycles and less organisational inertia working against you.
Use the four-level framework — Ad hoc, Managed, Measured, Optimised — and answer three questions. Can you list every AI system in production? Can you demonstrate governance effectiveness to a board? Can governance scale without manual intervention? IBM’s data showing only 23.8% with comprehensive frameworks gives you the calibration point. If you can answer yes to all three, you are ahead of most.
Shadow AI emerges when governance blocks legitimate use without offering sanctioned alternatives. The operating model answer is to provide approved tools with clear acceptable use policies, fast provisioning, and visible guardrails — making the sanctioned path easier than the shadow path. If your people are going around governance, governance is the problem.
Enterprise as code (BCG, December 2025) means capturing your organisation’s operating logic — processes, decision rules, workflow sequences — as structured, machine-readable code rather than documents or tacit knowledge. When processes are explicitly defined, they can be automated, measured, and continuously improved. Think of it as infrastructure-as-code, but for how your business actually runs.
IBM data shows 20% of AI-related breaches involve shadow AI at an average cost of $670K per incident. The average data breach costs $4.45 million. On the flip side, organisations with mature governance see a 30% ROI advantage over those treating governance as pure compliance overhead. So weak governance costs you coming and going.
The Managed-to-Measured transition. Most organisations can write policies and audit tool usage. Far fewer can quantify governance effectiveness or connect governance costs to business outcomes. PwC confirms it — half of executives cite operationalisation as their biggest hurdle.
Agentic AI — autonomous systems taking multi-step actions without human intervention — requires governance for delegation of authority, action boundaries, and automated oversight. BCG projects agents will account for 29% of AI value by 2028. Without agent-specific governance, you cannot safely deploy them. And if you cannot deploy them, you are locked out of a growing share of AI value.
Start centralised. At 200 employees, one governance function can oversee the portfolio without bottleneck risk. Document a governance spine from the start so you can federate execution later without rewriting foundations. You will know it is time to federate when the central team becomes a bottleneck — not before.
A centralised mechanism that captures all AI initiatives, categorises expected returns, assigns risk profiles, and tracks governance requirements across the portfolio. It is the infrastructure that makes governance repeatable — and the key piece required to move from Managed to Measured maturity. Without it, you are flying blind.
They define data policies, maintain comprehensive inventories, and codify data governance into operating standards. BCG’s enterprise-as-code research makes it explicit: organisations that codify data policies are getting more ROI from AI today. Without data governance as the foundation, the rest of the operating model has nothing solid to stand on.
PwC’s data shows the opposite: nearly 60% of executives report that responsible AI practices boost ROI and efficiency. Governance-mature organisations innovate faster because they deploy with confidence, scale without rework, and avoid costly remediation from ungoverned deployments. Done right, governance is an accelerator, not a brake.
Shadow AI in Mid-Market Companies — Why the Exposure Is DisproportionateShadow AI is not spread evenly across organisations. If you’re running a company with 50 to 500 employees, your people are almost certainly using more unsanctioned AI tools per head than their counterparts at large enterprises. Reco AI’s 2025 State of Shadow AI Report found 269 unsanctioned AI tools per 1,000 employees at the smallest companies studied. The reasons are structural — fewer gatekeeping layers, faster adoption, and informal approval processes that let AI tools bed down before anyone notices. Meanwhile, accountability for AI risk is scattered across roles, with no clear mandate for the CTO who ends up holding the bag by default.
This article looks at why mid-market exposure is structurally different, who should own it, and how to sequence governance when resources are thin. If you want the broader context on the AI governance gap affecting most organisations, that’s worth reading first.
At the smallest companies studied, Reco AI found roughly 27% of employees actively using shadow AI without IT knowing about it. Mid-market companies sit in the worst spot — they’ve got the adoption speed of small companies without the control layers of large ones.
Large enterprises have centralised procurement, SaaS management platforms, and dedicated security teams that intercept unapproved tools before they take root. A 150-person company has none of that. No procurement gate, no SaaS security posture management, often no security team at all.
Microsoft WorkLab reports that 80% of employees at small and medium-sized companies bring their own AI tools — what gets called BYOAI. Someone on your team can sign up for ChatGPT, Otter.ai, or Perplexity AI and weave it into their daily workflow within days. No approval friction, no security assessment. OpenAI alone accounts for 53% of all shadow AI usage — more than the next nine platforms combined.
And the problem compounds. An employee starts using a new AI app in minutes, but it may take months for anyone to notice. Reco AI found some shadow AI tools had median usage durations exceeding 400 days without formal approval. After 100 days of continuous use, that tool is woven into how your business operates. Removing it is a business disruption, not just an IT task. Understanding what the governance gap is helps frame why this entrenchment matters.
Acuvity’s 2025 State of AI Security Report shows the CIO holds AI security responsibility in 29% of organisations, the CDO in 17%, the CISO in just 14.5%. No single role dominates. And close to 40% have no managed governance structure at all.
At a 200-person company, there’s often no CIO, no CISO, and no CDO. The CTO handles technology decisions, a VP of Engineering manages the dev pipeline, and someone in finance or operations deals with compliance. AI governance falls into the gap between these roles. Nobody has the formal mandate, so nobody acts until something goes wrong.
The capacity gap makes it worse. McKinsey’s 2025 State of AI report found that 52% of large organisations have a dedicated generative AI team, compared to just 23% of small ones. Your CTO is simultaneously the technical leader, the de-facto security owner, and the AI risk accountable executive — without the budget, team, or formal authority for any of it.
You can’t rely on people coming forward, either. 52% of employees won’t voluntarily disclose their AI usage. And only 31% of organisations have formal AI policies at all. The accountability fragmentation isn’t a management failure — it’s a structural consequence of how mid-market companies are designed. This is the wider problem of AI policy without execution.
Once you accept that no single role will own AI governance cleanly, the question becomes how to distribute that responsibility.
Centralised AI governance — one team handling tool approval, monitoring, and policy enforcement — works at enterprise scale where you can staff it. At sub-200 employee scale, centralised typically means one person doing everything. That collapses under its own weight.
The alternative is federated governance, where responsibility is distributed across team leads with lightweight central coordination. Here’s the thing: most direct managers already know about or approve the shadow AI their teams are using. The de facto governance at most mid-market companies is already federated — people just haven’t called it that. Formalising it is more realistic than imposing a centralised structure that doesn’t match how your company actually works.
In practice, engineering leads vet tools for their teams, product leads assess data handling, and the CTO provides the policy framework and escalation path. The trade-off is consistency — federated models are faster to deploy but harder to maintain uniformly.
Shadow AI thrives when governance is too heavy. If requesting a new AI tool means writing a 40-page document with dozens of appendices, teams will skip it. Nearly 60% of employees use unapproved AI tools at work. Your governance model has to be frictionless enough that people actually use it.
Start federated. It matches your headcount and your reality. Companies between 200 and 500 employees can layer in centralised policy and audit as the function matures.
McKinsey data confirms what you probably already suspect: only 23% of small organisations have a dedicated AI adoption team. Just 13% have hired AI compliance specialists. Everyone else is winging it.
Building internal governance — a dedicated team, custom policies, bespoke tooling — requires sustained investment that most 50 to 200-person companies simply can’t absorb. You probably don’t have a security team yet. Hiring a governance team before a security team doesn’t make sense.
Buying a SaaS governance platform gives you immediate visibility. Tools like Nudge Security and Varonis provide network monitoring, user activity tracking, and data discovery — capabilities that would require significant headcount to replicate internally.
Here’s the practical framework: buy tooling for discovery and monitoring, where speed matters. Build policy and process internally, where organisational context matters. The approval process — what gets approved, what gets rejected, how fast — that has to be yours. No vendor can build that for you.
At 50 to 200 employees, buy-first dominates. At 200 to 500, the balance shifts toward building a dedicated governance function. And doing nothing isn’t neutral — 98% of organisations already have employees using unsanctioned apps. So wherever you land, the next question is where to start.
Most governance advice falls apart here. Everyone says “govern AI” but nobody tells you what to do first when you’ve got limited people and limited budget. Here’s a sequenced approach that works at mid-market scale.
Discovery comes first. If you skip straight to policy-writing you’re governing blind — you don’t know which tools are in use, what data flows through them, or which teams are exposed. OAuth authorisation logs are your best starting point because most shadow AI tools authenticate via Google Workspace or Microsoft 365 leaving a visible trail. Browser extension audits and SaaS spend reports for unfamiliar vendors fill in the gaps.
Risk classification follows discovery. Rank tools by data exposure severity. Tools handling customer PII, financial data, or proprietary code are higher priority than internal productivity tools. Reco AI found three apps with failing security grades — Jivrus, Happytalk, and Stability AI — for lacking encryption, MFA, and audit logging.
A pre-approved tool list is the single most effective action. Create a vetted registry of sanctioned AI tools and channel employee adoption toward secure alternatives before risky tools become entrenched. When the official path is easy and meets employee needs, there’s less incentive to go rogue.
A lightweight approval process makes the list sustainable. The approval process must be faster than the time it takes an employee to sign up for a free AI tool. If your process is slower than the shadow path, shadow AI wins every time.
Formalised policy and training close the awareness gap. Write the AI acceptable use policy — only 31% of organisations have one. Include data handling boundaries, disclosure expectations, and the approved tool list. 58% of employees haven’t received formal training on safe AI use at work.
Ongoing monitoring catches what the other steps miss. Buy continuous monitoring at mid-market scale — don’t try to build it — and run periodic audits to catch new shadow AI adoption. You can measure governance effectiveness without enterprise tooling once this is in place.
The sequencing matters. Discovery and classification have to come before policy because you can’t write effective policy without knowing what you’re governing. The pre-approved list has to come before the approval process because employees need an immediate alternative.
The financial argument has gotten concrete. IBM’s Cost of a Data Breach Report (2025) documents a $670,000 breach cost premium for organisations with high shadow AI exposure. And 97% of organisations that reported AI-related breaches lacked proper AI access controls. That $670K shadow AI premium is the number you put in front of your board.
Organisations treating governance as a strategic capability see a 30% ROI advantage over those treating it as a compliance afterthought. Frame governance as a cost-avoidance multiplier — tie it to customer trust, sales cycle impact (enterprise buyers will ask about your AI governance posture during SOC 2 and ISO 27001 reviews), and insurance premium reduction.
63% of organisations have no AI governance policies. The first quarter of shadow AI existence is the cheapest quarter to act.
Mid-market companies carry disproportionate shadow AI exposure because they sit between the informality of small companies and the control structures of large enterprises. Ownership is fragmented, tooling is absent, and the governance debt compounds with every quarter of inaction. But the path forward is sequenced, practical, and doesn’t require enterprise-scale resources. Start with discovery, publish a pre-approved list, and make the business case before a breach makes it for you. For context on the AI governance gap affecting most organisations and why mid-market exposure is disproportionate, start with the overview. If you’re ready to move from the business case to implementation, here’s how to actually execute governance at mid-market scale.
No. FinTech companies face regulatory obligations — SEC, SOC 2 — that make unsanctioned AI usage a compliance violation, not just a governance gap. SaaS companies see higher adoption velocity because engineering culture normalises self-service tooling. HealthTech carries the highest risk profile due to FDA requirements and EU AI Act high-risk classification. The problem varies by vertical, size, and regulatory exposure.
Yes, but only with a federated model. Set the policy framework, maintain the pre-approved tool list, and define the escalation path. Engineering and product leads handle tool review within their teams. The 77% of small organisations without a dedicated AI team (McKinsey 2025) still need governance — they just can’t centralise it.
Three things: a pre-approved AI tool list (what employees can use), a lightweight approval process for new tools (how to request something not on the list), and a quarterly shadow AI discovery scan (what employees are actually using). One person can implement this without dedicated governance staff and produce measurable risk reduction within 30 days.
Reco AI’s 2025 report found 269 unsanctioned AI tools per 1,000 employees at companies with 11 to 50 employees. Varonis reports 98% of organisations have employees using unsanctioned apps including AI tools. OpenAI/ChatGPT alone accounts for 53% of all shadow AI usage.
All three, but data leakage is the most immediate and measurable. Employees share customer PII, proprietary code, and financial data with external AI systems that have no contractual data handling obligations. IBM reports 97% of AI-related breaches lacked proper AI access controls. Compliance violations create legal exposure. Operational dependency creates removal risk.
The entrenchment window starts at around 100 days of continuous use. After that, the tool is woven into daily workflows — data pipelines depend on its output, team processes assume its availability. Removing it becomes a migration project, not a quick switch. Early discovery within the first 90 days keeps switching costs manageable.
The CTO owns infrastructure, the VP of Engineering owns the development pipeline, and operations or finance owns compliance reporting. AI governance touches all three but sits cleanly in none. Without a formal mandate, governance happens reactively — someone scrambles to write a policy after a client asks about AI data handling, or after an employee feeds customer data into an unsanctioned tool.
OAuth logs, browser extension audits, and SaaS spend reviews all work without dedicated security staff. If budget allows, a SaaS security posture management tool automates discovery continuously. Don’t rely on employee surveys as your primary method — 52% of employees won’t disclose AI usage voluntarily.
No. A SaaS governance tool solves discovery and monitoring — it tells you which AI tools are in use and what data they access. It doesn’t solve the policy problem (what’s acceptable use), the ownership problem (who decides), or the cultural problem (employees adopt tools because approval processes are too slow). Buy for visibility. Build policy and process internally.
Varonis data shows 98% of organisations already have employees doing exactly this. The consequence isn’t a single event — it’s a gradual accumulation of data exposure, compliance gaps, and operational dependencies on tools the company doesn’t control. IBM’s $670,000 breach cost premium for high-shadow-AI organisations quantifies the financial risk.
From AI Policy to AI Practice — How to Build Governance That Actually ExecutesMost organisations now have an AI policy. Far fewer have governance that actually does anything.
That gap between a policy document and real enforcement? That’s where shadow AI thrives, compliance theatre takes hold, and risk piles up without anyone noticing. 97% of organisations that reported an AI-related breach lacked proper AI access controls, and 71% of employees already use AI tools without authorisation. The policy exists. The enforcement doesn’t.
This article walks you through the concrete execution mechanisms — role-based access controls, distributed enablement, lightweight approval workflows, and shadow AI detection — that turn a policy document into a functioning governance programme that addresses the AI governance gap. If you own this problem and you don’t have a dedicated GRC team, this is your practical starting point. Not another framework diagram.
It means live, measurable enforcement of your AI usage rules. Not a PDF sitting in a shared drive that nobody has read since the day it was uploaded.
AI policy states intent — acceptable use, data handling rules, ethical guidelines. AI governance operationalises that intent through controls, workflows, roles, and detection. Most organisations stop at the policy layer and call it done. A majority of breached organisations — 63% — either don’t have an AI governance policy or are still developing one. Even among those with policies, less than half have an approval process for AI deployments, and only 34% perform regular audits for unsanctioned AI.
You need four layers working together to make this real: technical controls (role-based access), process controls (approval workflows), cultural controls (AI Champions), and detection controls (shadow AI visibility). IBM’s governance model is a well-documented example of all four operating at scale — their License to Drive certification, AI Fusion Teams, streamlined provisioning, and continuous monitoring show how the gap between policy and execution forms when any of these layers is missing.
As Jeff Crume, IBM Distinguished Engineer, puts it: “Saying no doesn’t stop the behaviour, it just drives it underground.” That one sentence captures why policy without execution is worse than useless.
If you’ve got experience with infrastructure access management, this is familiar territory. Role-based AI access controls assign AI tool permissions based on job function, data access level, and use-case risk. It’s RBAC applied to AI tooling — the same principle you already use for infrastructure access, extended to cover which AI tools each role can use and what data they can process. The problem? 80% of AI tools operating within companies are currently unmanaged by IT or security teams. That means most organisations have zero role-based controls on AI.
Differentiated access replaces the binary choice — allow everything or block everything — that drives shadow AI in the first place. People get access appropriate to their role without waiting for manual approval every time.
Here’s a practical starting point:
Can a smaller organisation do this without enterprise tooling? Yes. Many organisations benefit from offering a corporate instance of a preferred AI platform with sensitivity labels and DLP policy enforcement — even at small scale, this gives you centralised access and consistent controls.
As Diana Kelley, CISO at Noma Security, notes: “Clear guardrails not only prevent misuse but also build employee confidence in knowing what’s safe, legal and compliant.” People follow rules they understand and that make their work easier, not harder. This is the operating model context that makes these mechanisms work.
Technical controls define what each role can access. But someone needs to own and adapt those controls close to where the work happens. That’s distributed enablement — placing AI expertise inside business units rather than centralising every decision in a governance committee that meets quarterly and approves nothing quickly.
IBM’s AI Fusion Teams are the go-to example. These are cross-functional teams that combine people who deeply understand business functions with technologists from the CIO organisation. The procurement expert learns prompt engineering and builds directly on the enterprise AI platform. The IT technologist handles the technical plumbing. As Matt Lyteson, IBM’s CIO of Technology Platform Transformation, explains: “You bring them together and you start to see amazing results.”
IBM’s License to Drive sits alongside this. Just like you need a licence to drive a car, you need certification to build and deploy AI agents on IBM’s infrastructure. It’s a qualification, not a gate. Where you sit on the org chart doesn’t dictate whether you can build with AI — but the certification makes sure everyone builds responsibly.
OpenAI’s AI Champions model, from their State of Enterprise AI 2025 report, takes a different angle. Selected employees within each business unit get trained to drive responsible AI adoption from within their teams. They’re the peer bridge between governance policy and day-to-day practice.
Both models distribute governance ownership rather than centralising it. IBM’s version is infrastructure-heavy. OpenAI’s is culture-heavy. For most mid-size organisations, the AI Champions model is the right-size starting point. Pick one champion per team, train them on the governance framework, give them authority to approve standard use cases. Scale towards the Fusion Teams model as your organisation grows and governance needs become more complex.
If your approved pathway takes weeks and ChatGPT takes seconds, governance has already failed.
IBM’s intake-to-value mechanism shows what’s possible. They went from a two-week process of back-and-forth business case reviews to having an entire environment provisioned in about five or six minutes. A structured intake form triggers automated checks, and the whole flow completes in minutes rather than weeks.
The design principle here is enablement-first governance: the approval process exists to make approved AI easier to use than unapproved AI. As David Talby, CTO of John Snow Labs, puts it: “We need to stop treating governance as a gatekeeper. It’s supposed to give teams safe lanes to use AI, rather than forcing them underground.”
For organisations without IBM’s infrastructure, here’s the practical version:
The approval process and RBAC work hand in hand. RBAC defines what each role can access by default. The approval workflow handles exceptions and new tool requests. Together they create a system where 59% of employees who currently use unapproved tools have a governed alternative that’s genuinely easier to use.
Shadow AI detection gives you visibility into what’s actually in use so your governance applies to reality rather than assumptions.
There are three categories of detection tooling:
CASB (Cloud Access Security Broker) monitors cloud traffic and flags access to unapproved AI services. The blind spot: AI features embedded within approved SaaS platforms. Copilot features inside Microsoft 365, for example, often slip through because the platform itself is sanctioned.
SaaS Discovery tools like Reco and Grip Security inventory all SaaS applications in use via OAuth grant monitoring and login patterns. The blind spot: tools accessed without OAuth, through direct browser usage.
DDR / Data Detection and Response tools like Cyberhaven track data lineage in real time, catching when sensitive data flows to AI tools regardless of how the employee accessed them. Broadest coverage, but the most complex to deploy.
If you’ve got an existing CASB or web proxy, start there — immediate visibility at zero incremental cost. If you’ve got nothing, start with SaaS Discovery via OAuth audit. No agent deployment required, and it surfaces the shadow AI pattern you’ll see most often.
The numbers make the case for acting quickly. Small organisations with 11–50 employees show the densest shadow AI usage, averaging 269 unsanctioned AI tools per 1,000 employees. Many shadow AI tools show median usage durations exceeding 400 days — at that point, they’re not experiments. They’re embedded in how the business actually runs.
The goal of detection isn’t to ban things. Discovered tools become candidates for formal evaluation. Bring shadow AI into the governed pathway rather than pushing it further underground.
Compliance theatre is the appearance of AI governance without the substance. Policy documents exist, approval committees meet, checklists get completed — but employees still use unapproved AI tools daily, sensitive data flows unmonitored, and the organisation has false confidence that risk is managed.
It’s worse than having no governance at all. Leadership believes risk is handled when it isn’t, which delays investment in the execution mechanisms that would actually reduce it.
Here are the diagnostic signs. You might be doing compliance theatre if:
The root cause is predictable: policy without corresponding execution mechanisms. This is shadow AI and the governance gap in its most visible form — documented intent with no operational substance behind it. In 2025, regulators moved from guidance to enforcement — AI governance is no longer judged by policy statements but by operational evidence. The fix is the execution stack we’ve been walking through in this article: RBAC, lightweight approval workflows, AI Champions, and detection tooling. As Jeff Crume notes: “It’s pretty hard to know if you’re succeeding if you’ve never even defined the benchmarks.”
Neither works alone. The real question is sequencing.
A policy-first approach writes comprehensive policies, establishes review committees, then gradually enables AI use within those constraints. The predictable failure mode: approval friction creates bottlenecks before enablement catches up. 78% of employees bring their own AI tools to work, and 68% use free-tier AI tools via personal accounts. Those numbers are the direct result of policy-first approaches that didn’t provide fast alternatives.
An enablement-first approach makes approved tools available quickly with basic guardrails, then layers governance controls as usage patterns emerge. IBM demonstrates what this looks like in practice. They start with provisioning access — License to Drive plus Fusion Teams — and embed governance into the provisioning flow rather than gating access behind it.
For a mid-size company, here’s a practical sequencing:
The key insight: policy that emerges from observed practice is more durable than policy imposed before practice begins. When official tools are available and effective, the temptation to use shadow tools declines. Design the system so the approved path is the path of least resistance, then build policy around what you learn.
Start with discovery, not enforcement. Use SaaS Discovery or CASB tools to inventory what’s in use. Evaluate each tool against your risk tiers. Bring compliant tools into the governed pathway with proper RBAC assignments. For non-compliant tools, provide governed alternatives before removing access — abrupt bans just drive usage further underground.
An AI Champion is a single person embedded in a business unit who advocates for responsible AI use and acts as the local governance contact. An AI Fusion Team is a cross-functional group combining business domain experts with IT and security personnel who jointly manage AI deployment. Champions suit smaller organisations. Fusion Teams suit enterprises with the headcount to staff them.
Yes. Start with three access tiers mapped to your existing IAM system and enforce via your identity provider or a simple AI gateway proxy. The RBAC section above walks through the steps.
Auto-approve low-risk requests, route mid-tier requests to the relevant AI Champion for same-day review, and escalate high-sensitivity cases to the CTO or security lead. The goal is sub-24-hour turnaround for standard requests. The approval workflow section above has the full step-by-step.
IBM’s benchmark is 5–6 minutes for standard provisioning. For a mid-size company, aim for same-day approval for Tier 1 and Tier 2 requests. Any process that consistently exceeds one week is actively creating the problem it was designed to prevent.
A CASB monitors network traffic and flags access to unapproved cloud services. SaaS Discovery monitors OAuth grants and login patterns to inventory all SaaS applications. CASB works at the network layer. SaaS Discovery works at the identity layer. CASB misses tools accessed on personal devices. SaaS Discovery misses tools used without OAuth.
Because the approved pathway is harder to use than the unapproved one. Shadow AI is a governance design failure, not an employee behaviour problem. The fix is reducing friction in the approved pathway, not increasing penalties.
Track operational metrics: percentage of AI tools in use that are governed, mean time to approve new tool requests, volume of shadow AI detected over time, data exposure incidents related to AI tools. If those metrics aren’t available, your governance programme lacks the visibility layer it needs to verify execution.
Governance-as-infrastructure embeds controls into platform tooling and provisioning flows — access controls enforced by the AI gateway, approval checks automated in the pipeline, detection built into the network layer. Governance-as-process relies on human reviewers, committee meetings, and manual checks. The infrastructure approach scales. The process approach creates bottlenecks.
Govern what’s already in use. Banning tools employees depend on creates immediate productivity loss and drives usage to channels that are harder to detect. Start with detection and visibility, then apply governance to discovered tools. Reserve bans for tools with unacceptable risk profiles after evaluation, and always provide a governed alternative.
Shadow AI vs Shadow IT — What Makes the New Threat Harder to GovernShadow IT was the governance headache of the last decade. Most organisations eventually built a playbook for it — CASB, network monitoring, SaaS discovery tools. It worked well enough. But shadow AI has turned up and that playbook doesn’t cover it. AI tools are often free, invisible to network proxies, and increasingly baked into the SaaS platforms you already approved.
The numbers tell the story. 78% of employees now bring their own AI tools to work, yet only 31% of organisations have a formal AI governance policy. That gap between adoption and governance — the broader AI governance gap — is getting wider every quarter.
This article lays out the structural differences between shadow AI and shadow IT, puts numbers on the governance gap using independent data, and introduces the concept of governance debt: a compounding risk that grows every day ungoverned AI use continues.
Shadow AI is the unauthorised use of AI tools, models, and embedded AI features within your organisation without IT approval or oversight. Shadow IT was unauthorised software, cloud services, or hardware — and you probably dealt with it years ago using CASB proxies, network traffic analysis, and SaaS discovery tools.
Here is the thing: shadow AI is not just “shadow IT with chatbots.” It introduces risk categories that have no shadow IT equivalent — training data exposure, hallucination liability, model output compliance. None of those map onto the frameworks you built for catching rogue Dropbox accounts.
The employee behaviour driving this has a name: BYOAI (Bring Your Own AI). 91% of AI tools used in companies are unmanaged. That is not a fringe problem. That is the default state.
Cyberhaven’s framework makes the distinction concrete. Shadow IT has moderate detection difficulty — it shows up in network logs. Shadow AI has high detection difficulty because it happens in browser sessions, personal accounts, and API calls that are invisible to traditional monitoring. Shadow IT was mainly a tech-team problem. Shadow AI affects everyone — anyone can open a browser tab and paste company data into a free-tier chatbot.
Then there is the embedded AI problem. When Microsoft 365, Slack, or Notion ship AI features, employees can enable them with a single click. The host application passed procurement. The AI feature did not. 18% of organisations already worry about GenAI features embedded within approved SaaS — capabilities that are often switched on automatically in tools like Zoom, Salesforce, and Grammarly. Employees may not even realise they are using AI that is analysing company data.
So you need to think about AI in two categories: sanctioned and unsanctioned. ChatGPT is shadow AI when employees use the free public version and paste sensitive data into it. It is sanctioned AI if your organisation has reviewed it, approved it, and put guardrails around it — like ChatGPT Enterprise with proper data handling agreements.
The AI governance gap is the measurable mismatch between how fast AI is being adopted and how mature the governance frameworks are that are supposed to manage it. It is not a compliance failure. It is a structural disconnect between having a policy and actually executing on it.
Four independent sources — IBM, ISACA, Acuvity, and McKinsey — all land on the same answer: roughly two-thirds to three-quarters of all organisations lack mature AI governance. This is not a single-vendor claim. It is the expected state, not the exception.
ISACA’s EU AI Pulse Poll (2025, n=561): only 31% of organisations have a formal, comprehensive AI policy — despite 83% believing employees are already using AI. Acuvity’s 2025 AI Security report (n=275 enterprise security leaders): nearly 70% lack optimised AI governance maturity, only 32% say their governance is managed, and 50% expect a data loss incident from AI within the next year.
IBM’s AI at the Core 2025: 74% report moderate or limited coverage in AI risk and governance frameworks. McKinsey’s State of AI 2025 (n=1,993 across 105 countries): 88% use AI in at least one function, but only 39% report enterprise-level EBIT impact. That means roughly 61% are experimenting without governance — taking on risk without capturing proportional value.
The mid-market gets hit harder. Reco AI’s 2025 report found companies with 11–50 employees average 269 unsanctioned AI tools per 1,000 employees — a higher concentration than large enterprises. 98% of organisations have employees using unsanctioned apps.
If your organisation has a governance gap, you are in the majority. That is what the governance gap means in practice. And it should not be comforting.
Three structural reasons. And they explain why your existing governance toolbox is not going to cut it.
Invisibility to traditional detection tools. Shadow IT was a network-level problem — you caught it with CASB proxies and SaaS discovery tools. Shadow AI is a browser-level and feature-level problem. Data enters AI models via copy-paste, not file uploads that DLP catches. API calls to AI services blend with legitimate traffic. 68% of employees use free-tier AI tools via personal accounts — free versions that lack the data protections of enterprise plans. Traditional security focuses on blocking unauthorised applications. Shadow AI operates within authorised software.
AI features embedded in approved platforms. This is the hardest vector because it bypasses procurement entirely. When Zoom, Slack, or Notion ship AI features, employees enable them without IT review. The host application was approved — the AI feature was not. Every query can leak data, every plugin creates new attack vectors, and conventional security tools cannot monitor these pathways.
New risk categories with no shadow IT equivalent. Shadow IT risks were data leakage and compliance violations. Shadow AI adds categories your existing frameworks never accounted for. Training data exposure: Samsung developers inadvertently leaked source code into ChatGPT while seeking debugging help. Hallucination liability: two New York lawyers submitted a court filing with fake ChatGPT-generated citations, resulting in sanctions and a $5,000 fine. Data lineage failures: the inability to trace what data entered which model and when.
CASB catches shadow IT but misses shadow AI. Traditional DLP misses copy-paste data flows. Modern Data Detection and Response (DDR) solutions are built for this — but adoption is still early.
As IBM Distinguished Engineer Jeff Crume put it: “It’s pretty hard to know if you’re succeeding if you’ve never even defined the benchmarks.”
Harder to detect means more expensive when it goes wrong.
IBM and the Ponemon Institute found in their 2025 Cost of a Data Breach Report that shadow AI-related breaches carry a $670,000 cost premium — a 16% increase over organisations with low or no shadow AI. Shadow AI is now one of the top three costliest breach factors.
20% of organisations in the IBM study experienced a breach involving shadow AI. 97% of those lacked proper AI access controls at the time. Shadow AI incidents compromised PII at a higher rate than the global average (65% vs 53%) and intellectual property at 40%.
Regulatory exposure makes this urgent. The EU AI Act and emerging US state AI laws create compliance obligations that ungoverned AI use directly violates. Under GDPR alone, sensitive data exposure from unvetted AI models can lead to fines of up to EUR 20 million or 4% of global annual turnover. For the full regulatory picture, see the regulatory stakes that make this urgent.
And there is a liability nobody tracks: AI-generated hallucinations used in customer-facing proposals, reports, and legal documents create exposure with no audit trail.
If you have a developer background, this will click immediately. Governance debt works like technical debt: each day of ungoverned AI use compounds future remediation cost and risk. The longer shadow AI runs undetected, the harder and more expensive it becomes to bring under governance.
The evidence is concrete. Reco AI’s data shows that shadow AI tools had median usage durations of approximately 400 days — well over a year without formal approval. After that long, an AI tool is not a trial. It is embedded in daily workflows. Trying to remove it means business disruption.
The accumulation mechanism has four parts. More employees adopt AI tools every month. Data enters AI models and cannot be recalled. AI features ship inside approved SaaS faster than governance can review them. And regulatory obligations tighten while governance maturity stalls.
Daily AI use increased 100% year-over-year from June 2024 to June 2025, while only 22% of organisations have communicated a clear plan for integrating AI. That widening gap is governance debt in action.
To be clear about the distinction: the AI governance gap measures the current distance between policy and execution. Governance debt is the compounding future cost of not closing it — and it explains why governance execution consistently lags policy.
Governance debt is accumulating and the gap is widening. But not for everyone.
McKinsey’s data shows the divide. 88% of organisations use AI in at least one function, but only 39% report enterprise-level EBIT impact. The difference is governance maturity, not AI adoption itself.
Organisations that are capturing value have moved beyond policy to governance execution: formal AI approval workflows, access controls, data classification for AI-specific data flows, and accountability structures. “AI high performers” are three times more likely to have senior leaders who demonstrate ownership of AI initiatives.
But the “who owns it” question remains unresolved. Acuvity’s data shows CIOs hold AI governance ownership in 29% of organisations. CISOs rank fourth at 14.5%. Organisations have not worked out whether AI security is a technology deployment issue, a data governance challenge, or a traditional security concern.
There is also a size gap. 52% of large organisations have a dedicated team for generative AI adoption, versus 23% of small organisations. That divide creates the conditions where shadow AI thrives.
Here is the bottom line: governance maturity enables faster AI adoption. It provides the guardrails that let organisations adopt AI more broadly and safely. Organisations that use AI and automation in their security operations shortened breach response times by 80 days and lowered average breach costs by $1.9 million.
If you want to see how mid-market companies experience this problem specifically, the dynamics are the same but the resource constraints are tighter.
Not exactly. BYOAI (Bring Your Own AI) describes the employee behaviour — adopting personal AI tools at work without approval. Shadow AI is the resulting risk category — the organisational exposure that behaviour creates. Both terms are widely used, and you will run into either in industry reports.
No. A policy is a document. Governance is an operating capability — enforcement, tooling, accountability. ISACA data shows 31% of organisations have a formal AI policy, but Acuvity data shows 70% lack optimised governance maturity. Having a policy without enforcement is compliance theatre.
Context and data flow. An employee using ChatGPT on a personal device with no corporate data is not creating shadow AI risk. The risk starts when corporate data — customer information, source code, financial data — enters an unreviewed AI tool. Shadow AI is defined by the organisational data exposure, not the tool itself.
Traditional shadow IT detection relies on network-level monitoring — CASB, network logs, SaaS discovery. Shadow AI bypasses these because AI tools are accessed via personal accounts and data enters models via copy-paste rather than file transfers. AI features embedded inside approved SaaS platforms are invisible to tools that only look for unauthorised applications.
Multiple independent sources converge: 78% of employees bring their own AI tools to work (Microsoft Work Trend Index), 71% of AI tool usage is unauthorised (Reco AI 2025), and 98% of organisations have employees using unsanctioned apps (Varonis). The scale is not in dispute.
IBM and the Ponemon Institute found in their 2025 Cost of a Data Breach Report that organisations experiencing shadow AI breaches paid $670,000 more in total breach costs than those without shadow AI involvement. That premium reflects the added complexity of finding, containing, and fixing breaches where AI tools created untracked data flows.
Yes. When SaaS platforms ship AI features, employees often enable them without IT review. The host application passed procurement, but the AI feature did not undergo security or data handling assessment. 18% of organisations already worry about this vector — and employees may not even realise they are using AI that is processing company data.
Governance debt is the compounding cost of putting off AI governance — each day of ungoverned AI use increases remediation cost, entrenches unapproved workflows, and expands regulatory exposure. Just as code shortcuts accumulate maintenance costs, governance shortcuts accumulate security and compliance costs. Reco AI data shows shadow AI tools stay in use for 400-plus days on average before anyone catches them.
Because policy without enforcement, tooling, monitoring, and accountability is not governance — it is compliance theatre. Organisations lack tools to detect violations, processes to approve new AI tools fast enough to prevent workarounds, training to help employees understand why governance matters, and accountability structures that assign ownership of AI risk. 58% of employees have not received formal training on safe AI use at work.
The data suggests disproportionate exposure. Reco AI found that companies with 11–50 employees average 269 unsanctioned AI tools per 1,000 employees — a higher concentration than large enterprises. Mid-market companies typically have smaller security teams, fewer governance resources, and less visibility into employee tool adoption. 80% of employees at small and medium-sized companies use their own AI tools.
What Every Business Needs to Know About AI-Enabled Social Engineering ThreatsIn February 2024, a finance worker at Arup authorised a $25.6 million wire transfer after attending a video conference where every other participant — including the CFO — was an AI-generated deepfake. The attacker’s entire setup cost less than $100.
That incident is no longer an outlier. The scale of the shift is measurable: CrowdStrike recorded a 442% rise in voice phishing incidents in the second half of 2024 alone. Deloitte projects AI-enabled fraud will cost businesses $40 billion annually by 2027. Voice fraud has moved from edge case to operational risk in under three years.
This guide maps the full landscape: how the attacks work, who is running them, which parts of your organisation are most exposed, why existing defences fall short, what a proportionate response looks like, and what you are liable for if an attack succeeds. Each section links to a dedicated article for deeper coverage.
AI-enabled social engineering uses machine learning to synthesise convincing audio and video impersonations of real people. Traditional phishing exploits text-based tells — poor grammar, generic greetings, suspicious formatting. Your team can learn to spot those. AI voice cloning and deepfake video remove those tells entirely. The attack surface becomes psychological: authority, urgency, and familiarity. None of those depend on visual formatting, and none of them trigger the detection heuristics your people have been trained on.
AI-generated voices need only a brief sample of source audio — a conference call, a LinkedIn video — to produce synthetic speech that researchers fail to distinguish from real audio. AI-generated spear phishing emails achieve a 54% click-through rate in controlled trials, compared to 12% for human-crafted phishing. The gap reflects how convincing the impersonation is, not any change in human susceptibility.
Deep dive on attack mechanics: How AI Voice Cloning and Deepfake Technology Actually Works
Voice phishing incidents rose 442% in H2 2024 compared to H1 2024 (CrowdStrike). Deloitte projects AI-generated fraud costs reaching $40 billion by 2027. Organisations lose an average of $14 million per year to voice phishing (Keepnet Labs), with recovery from a single incident averaging $1.5 million. 70% of organisations have already been targeted.
The documented cases tell the story: the Hong Kong deepfake video conference ($25.6 million), a Singapore Zoom deepfake ($499,000), and a UK energy company voice clone ($243,000). South Korea projects $718 million in domestic vishing losses for 2025. Less than 5% of funds lost to voice phishing are ever recovered.
Attacker cost and victim loss analysis: Why AI-Enabled Fraud Is Accelerating — The Economics Behind the Threat
Modern voice cloning requires three to thirty seconds of source audio. The pipeline — identify a target executive, locate their public audio (earnings calls, conference talks, podcast appearances), isolate the voice, train a clone model, and deploy it in a live call — runs automatically on consumer hardware using off-the-shelf tools like ElevenLabs. Total cost: under $5.
AI voice agent platforms like Bland AI and Vapi let attackers run automated, adaptive vishing calls without a human caller. The LLM manages real-time dialogue, adjusts tone, and responds dynamically. Deepfake video extends this further — every participant in a call can be AI-generated. Less-skilled attackers can purchase vishing-as-a-service kits via Telegram for a monthly subscription.
Full technical walkthrough: How AI Voice Cloning and Deepfake Technology Actually Works
Finance teams are the primary target. They hold wire transfer authority, and urgency pressure from a cloned executive voice is designed to bypass normal approval processes. IT help desks are the second highest-risk function — a convincing impersonation call is the most common way attackers obtain MFA resets and new device registrations. Executives with significant public audio presence are the most frequently cloned identities.
In both the Hong Kong and Singapore cases, finance staff followed what appeared to be direct instructions from senior executives. The authority signal was the attack surface, not a technical vulnerability. When Ferrari was targeted by a deepfake attack in July 2024, an employee disrupted it by asking a question only the real CEO could answer — demonstrating that shared-secret verification works when detection cannot.
Risk mapping by business function: The Business Functions Most at Risk From AI Voice Phishing Attacks
Three factors converged: the cost of voice synthesis dropped to sub-dollar levels, AI voice agent platforms removed the need for human callers, and cybercrime-as-a-service ecosystems professionalised the distribution infrastructure. An attack that cost $10,000 and required specialist skill in 2022 now costs a few dollars and is available via Telegram subscription.
The economics are clear. The ViKing experimental vishing bot demonstrated automated attacks at $0.50–$1.16 per call — against an average recovery cost of $1.5 million per successful incident. Synthetic identity kits sell for $5 on criminal markets. Dark LLMs provide uncensored social engineering scripts for $30 per month. At those per-attack costs, the attacker’s cost structure now justifies targeting businesses that were previously too small to be worth the effort.
The data behind the acceleration: Why AI-Enabled Fraud Is Accelerating — The Economics Behind the Threat
The same economic forces that lowered barriers for criminal groups also attracted state-sponsored operations. North Korea’s FAMOUS CHOLLIMA, Iranian APT42, and Russian APT28 use the same commercially available AI voice synthesis and deepfake tools as independent criminal groups. FAMOUS CHOLLIMA deploys AI-generated LinkedIn profiles and deepfake job interview impersonations to place operatives inside Western technology companies as IT contractors. The criminal supergroup Scattered LAPSUS$ Hunters combines ransomware expertise, vishing operations, and state-actor tactics into unified campaigns.
The practical implication: the same AI infrastructure built for nation-state espionage is now pointed at your accounts payable team. What DPRK deploys at scale eventually becomes a Telegram subscription product for low-skill criminals within months. The FBI issued FLASH advisory FLASH-20250912-001 specifically about criminal groups using vishing to compromise Salesforce enterprise environments.
Threat actor intelligence: State Actors and Cybercriminals Are Now Using the Same AI Fraud Infrastructure
People cannot reliably detect AI-generated voices. Research shows humans correctly identify deepfake audio approximately 48% of the time — statistically indistinguishable from a coin flip. Deepfake video detection accuracy drops to 24.5%. Less than 0.1% of people can reliably detect real-time deepfakes (iProov). Training improves vigilance and reporting culture, but it cannot compensate for a sensory limitation.
A study tracking 12,511 employees at a financial technology firm found generic training interventions showed no significant effect on click rates or reporting rates. Yet 56% of businesses claim confidence in their deepfake detection abilities while only 6% have avoided financial losses. That gap is why verification protocols — out-of-band callbacks, dual authorisation, shared secrets — need to replace reliance on “does this sound right?” as a security gate.
Detection failure analysis: Why Security Awareness Training Is Not Enough to Stop AI Voice Fraud
The controls that work best are process-based, not technology-based. A mandatory callback protocol — verify using a pre-registered number from your own directory, never one provided in the suspicious call — defeats every caller-ID-spoofed vishing attack. Add dual authorisation for transactions above a defined threshold, rotating shared secrets between finance staff and executives, and a mandatory cooling-off period before executing unusual transfers.
Phishing-resistant MFA (FIDO2 hardware tokens) is a high-value technical control. It breaks the help desk vishing attack chain at the point where an attacker tries to register a new device after obtaining a fake MFA reset. OSINT exposure mapping — identifying which executives have significant public audio and video profiles — lets you tier verification requirements based on actual risk exposure.
Full implementation guide: Building an AI Voice Fraud Defence Stack Without a Dedicated Security Team
Legal exposure depends on what controls were — or were not — in place before the attack. Regulatory frameworks (FTC Act, GDPR, HIPAA, PCI DSS) apply a “reasonable security” standard that evolves with threat awareness. What counted as adequate in 2022 — annual phishing awareness training — may constitute negligence by 2025 standards given the volume of public regulatory guidance on AI voice fraud.
FinCEN’s deepfake alert (FIN-2024-DEEPFAKEFRAUD) means financial institutions now have explicit SAR reporting obligations for AI-facilitated fraud. Courts and regulators are increasingly reluctant to treat AI fraud as an unforeseeable event when industry guidance has been publicly available since 2023. Documented case precedents are creating a body of legal reference that establishes what a “reasonable” response standard looks like.
Full legal and insurance analysis: Legal and Insurance Exposure When AI-Enabled Fraud Succeeds on Your Watch
Standard cyber insurance policies were not written with AI voice fraud in mind. Funds transfer fraud coverage often contains “voluntary transfer” exclusions that deny claims when the employee chose to make the transfer, regardless of the deception involved. The distinction between “computer fraud” (technically-initiated) and “social engineering fraud” (human-approved under false pretences) determines whether you are covered at all.
Insurers are now requiring documented voice verification protocols as a prerequisite for social engineering fraud coverage. AI exclusion clauses are appearing in policy renewals, shifting the burden to you to demonstrate that controls designed for AI-enabled fraud were in place at the time of the incident. Before your next renewal, ask your broker directly: how does this policy respond to a deepfake-facilitated wire transfer?
Insurance coverage gap analysis: Legal and Insurance Exposure When AI-Enabled Fraud Succeeds on Your Watch Defensive controls that improve insurance eligibility: Building an AI Voice Fraud Defence Stack Without a Dedicated Security Team
How AI Voice Cloning and Deepfake Technology Actually Works — The full technical pipeline from audio harvesting to live call deployment. Covers voice synthesis tools, deepfake video generation, and why current AI output defeats human detection.
The Business Functions Most at Risk From AI Voice Phishing Attacks — Maps the attack surface to specific business roles. Finance team wire transfer fraud, help desk credential resets, and executive impersonation, each with documented case studies.
State Actors and Cybercriminals Are Now Using the Same AI Fraud Infrastructure — Intelligence briefing covering DPRK’s IT worker infiltration programme, the Scattered LAPSUS$ Hunters supergroup, and how nation-state tooling flows into criminal markets.
Why AI-Enabled Fraud Is Accelerating — The Economics Behind the Threat — Data-driven analysis of attacker costs versus victim losses. Sub-dollar per-attack execution costs and why the economics now justify targeting smaller businesses.
Building an AI Voice Fraud Defence Stack Without a Dedicated Security Team — Practical implementation guide: callback verification, dual authorisation, shared secrets, OSINT exposure mapping, and phishing-resistant MFA, scoped for organisations without a dedicated security function.
Legal and Insurance Exposure When AI-Enabled Fraud Succeeds on Your Watch — Regulatory and insurance implications: FTC Act enforcement, FinCEN reporting obligations, cyber policy coverage gaps, and what documented controls mean for your claims position.
Vishing (voice phishing) is a social engineering attack conducted over a phone call, where attackers impersonate trusted individuals to manipulate targets into authorising payments or resetting credentials. It has accelerated because AI voice cloning eliminated the previous technical constraint: attackers no longer need to find someone who sounds like your CFO. They need a few seconds of public audio and a cheap tool. Explore the mechanics in depth.
A synthetic persona is an AI-generated fraudulent identity constructed from fabricated documents, photographs, and personal information. These are used primarily to open fraudulent financial accounts, pass Know Your Customer checks, and create money-laundering funnel accounts. North Korea’s FAMOUS CHOLLIMA group uses AI-generated LinkedIn profiles and deepfake video interviews to place operatives inside Western technology companies as IT contractors.
Yes, and this has been documented in numerous confirmed cases. The source material is publicly available for most executives: earnings calls, conference keynotes, media interviews, or LinkedIn videos provide sufficient audio. Clone generation is automated, takes minutes, and costs very little. The most exposed executives are those with the largest public audio and video profile — a finding that should inform your verification protocol stringency, not a reason to remove executives from public communications.
For high-value fraud — wire transfers, credential resets, executive impersonation — AI voice phishing is significantly more dangerous. A call from the CFO’s cloned voice carries authority that no email can match. The two vectors are increasingly combined: flooding an inbox with spam before a vishing call is documented in over two-thirds of observed campaigns.
Potentially, but with significant gaps. Whether a deepfake-facilitated wire transfer is covered depends on how your policy defines “social engineering fraud,” whether a “voluntary transfer” exclusion applies, and whether AI-specific exclusion language has been added at renewal. The only way to know is to ask your broker directly. Full coverage gap analysis.
The callback verification protocol. Before executing any unusual or high-value transfer, call back the requestor using a number from your internal directory — never a number provided in the request itself. It defeats caller ID spoofing, costs nothing, and works regardless of how convincing the voice was. Full defence stack guide.
The FBI issued FLASH advisory FLASH-20250912-001 specifically on criminal groups using voice phishing to compromise Salesforce environments. FinCEN issued FIN-2024-Alert004 (November 2024) on deepfake fraud targeting financial institutions, mandating SAR filing under the key term “FIN-2024-DEEPFAKEFRAUD.” CISA has published guidance on deepfake threats in conjunction with NSA and DHS. The MITRE ATT&CK framework documents vishing under T1566.004 (Phishing: Voice Phishing).