Only 7% of companies are ready for the AI agents they deployed
Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data and AI Trust Gap report. The systems that are supposed to keep an eye on them have not caught up.
That gap is the heart of the report. Most executives say their data problems are already holding their AI back. The issues are familiar ones: data that is out of date, data that contradicts itself, and data locked away in systems that do not talk to each other. An agent acting on shaky data does more than make a single mistake. It can repeat that mistake across thousands of decisions before anyone notices.
Nobody is clearly in charge
Responsibility for AI agents has no settled home. Some companies point to an innovation lead, some to engineering, some to the data team, and some to security. A fair number admit it is split across several groups with no real structure. When an agent does something wrong, there is often no one whose job it was to catch it.
Ownership turns out to matter. Confidence in spotting a misbehaving agent goes up when the security chief owns the problem, and it drops when the responsibility is shared with no clear lead. Spreading the job around feels safe and tends to make outcomes worse.
Leaders and their tech teams are looking at different maps
CEOs are far more confident than their CISOs and CIOs that the company has a complete picture of every AI system in use. That matters because the CEO is usually the one setting the rules for compliance and risk. A leader working from an inventory that is missing pieces will make calls that rest on a gap they cannot see.
The stakes here are rising with regulation. The EU AI Act carries real financial penalties for companies that deploy high-risk AI systems without the required oversight and record-keeping. Plenty of executives say the Act has changed how they invest, and many CEOs feel ready for it. Their technical teams are less sure.
Shadow AI is already everywhere
Almost every organization knows its employees are using AI tools that were never approved, and most leaders treat this as a problem. The common responses are training campaigns, access controls, and network monitoring. Staff who want a tool the company has not sanctioned can simply switch to a personal device and keep going. Only a quarter of organizations give all their employees approved tools to use, so people reach for whatever is available.
The good news in the report is that the fix is within reach. A small group of companies has combined ambition, visibility, and governance, and nearly all of them report measurable business results from their AI work. Veeam CEO Anand Eswaran summed up the pattern in one line: “Most organizations don’t have an AI adoption problem; they have an AI trust problem.” The starting move for everyone else is unglamorous. Find out what data you hold, decide who owns it, and locate the gaps before an agent does.
Simplify security management with CIS SecureSuite Platform