Organizational leaders are nearly twice as likely to hide their AI use compared to all other employees, at 42% versus 23%, according to new Ivanti research surveying 3,900 employees across six countries. Among leaders who conceal that usage, 52% say they do it for a “secret advantage.” The same research found 85% of IT professionals claim a named owner exists for every AI agent. Only 42% say ownership is actually clear — a 43-point gap that no governance framework was designed to close.Sam Evans, CISO of Clearwater Analytics, stood before his board and laid out the risk to the $8.8 trillion in assets his firm’s platform supports. “The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don’t manage,” Evans told VentureBeat. He brought a solution, not just a problem. Many CISOs VentureBeat interviewed did not.Menlo Security CEO Bill Robbins relayed a conversation with a Top 3 U.S. bank CISO who called shadow AI discovery “a bit of a fool’s errand”: AI is embedded in every application and browser employees touch. The bank governs from containment, not discovery.The scale justifies that posture. “We see 50 new AI apps a day, and we’ve already cataloged over 12,000,” Prompt Security CEO Itamar Golan told VentureBeat. “Around 40% of these default to training on any data you feed them, meaning your intellectual property can become part of their models.” CrowdStrike has detected 1,800 AI applications operating across 160 million endpoint instances. Those are vendor-reported numbers from proprietary telemetry. No independent party can verify them. The directional signal matters more than the exact count.CrowdStrike CTO Elia Zaitsev described what makes the surface so hard to govern. “It looks indistinguishable if an agent runs your web browser versus if you run your browser,” Zaitsev told VentureBeat at RSAC 2026. “Observing actual kinetic actions is …
