AvePoint has released its third annual State of AI report. The report found that many organizations have less visibility into their workforce’s use of AI than they did a year ago.
The report, based on a survey of 750 business leaders in the Americas, EMEA, and APAC conducted in collaboration with Osterman Research, notes that large organizations are increasingly using both generative AI tools and AI agents. It also suggests that governance and data security management have not kept up.
One of the most revealing findings concerns unauthorized use. The percentage of organizations unable to determine whether employees are using unauthorized generative AI tools increased from 6.3% a year ago to 17.6%. For AI agents, this number was even higher at 21.1%.
As companies implement AI into their daily operations, that loss of visibility is coming to the fore. According to the study, 46.9% of employees currently use AI agents on a daily or weekly basis, while the number of processes involving AI agents is expected to double over the next 12 months.
security concerns
The findings also highlight the gap between confidence and results. Although 82.7% of respondents said they were very or very confident in their ability to prevent unauthorized data access related to AI, there are still many incidents reported.
Of those who said they were very confident, 72% had experienced an AI-related compromise incident in the past 12 months. In the very confident group, 62% said the same. Of all respondents, 89.5% reported at least one generative AI-related security breach, and 88.4% reported at least one breach involving an AI agent.
This data shows that organizations are struggling to translate policy into day-to-day management, especially as AI tools extend beyond central IT teams and into broader employee use. The biggest concerns about AI agents were the risk of making bad decisions or doing things that could damage data, followed by the possibility of agents evading human oversight.
These concerns appear to be slowing down developments. Nearly 9 out of 10 organizations delayed both generative and agent AI projects by an average of nearly six months, primarily due to data security and governance issues.
This creates a trade-off for companies looking to improve efficiency through automation. Organizations expect AI agents to take over a quarter of human jobs within one year and almost half within five years, leading to attrition, which ranks last among reasons for deploying AI agents.
Instead, respondents measured benefits through reduced manual labor, faster process times, and shifting staff to other tasks. The report links this to the emergence of AI FinOps, as organizations look to tie agent spend more directly to business outcomes.
Data growth
Governance challenges are further exacerbated by the amount of data that AI systems generate. According to the report, 35.5% of enterprise data is currently generated by AI assistants, and that percentage is expected to rise to 42.1% within 12 months.
At the same time, 84.1% of organizations said they manage at least 1 petabyte of data, up from 79.2% a year ago. Additionally, 78.1% of respondents said at least half of their data is more than five years old, up from 70.7%.
The combination of old, redundant or low-quality data and rapidly growing AI-generated content increases the risk that automated systems will manipulate weak information at scale. The question is no longer just whether companies will allow their employees to use AI, the report argues, but whether those systems can track what they consume, produce and modify.
Dr. Tianyi Jiang, CEO and co-founder of AvePoint, made his views known in the report’s findings.
“Nearly half of the world’s workforce already relies on AI agents on a weekly or daily basis, and organizations are deploying agents faster than they can build the foundation needed to trust them,” Dr. Zhang said. “The constraint on enterprise AI is no longer the power of the model, but whether organizations have built a layer of trust: the data visibility, governance, and enforceable controls needed to scale AI with confidence. Without that, the speed of adoption becomes the speed of publication.”
investment shift
Despite reported violations and delays, research shows that organizations are still spending to address weaknesses. Securing data used for AI training is cited by 79.5% of respondents as a top priority for future investments.
Third-party governance tools that monitor agent behavior for policy adjustments are also among the top investment areas planned for the next 12 months. AvePoint tied its spending to the emergence of an AI agent management platform aimed at allowing organizations to monitor how software agents operate and what data they access.
Most respondents said they had already taken action. The study found that 95.5% of organizations took at least one step to address AI agent security concerns in the past year, while the percentage of organizations taking no action fell to 2.5% from 8.3% a year ago.
John Peluso, AvePoint’s chief technology officer, said the issue is not rhetorical, but operational.
“Trust in AI cannot be measured by confidence alone,” Peluso said. “It requires an operational foundation: visibility into what the AI system is doing, enforced governance over the data it consumes and creates, and the ability to audit and correct the results if something goes wrong. This is what distinguishes trust layers and trust scores.”
