Most IT Leaders Can't Control Their Company's AI

A new report shows most IT leaders are now accountable for AI systems they don't fully control, thanks to shadow AI.

A new report from the IBM Institute for Business Value highlights a growing crisis for IT leaders. It found that two-thirds of Chief Information Officers and Chief Technology Officers are now held accountable for artificial intelligence systems they do not fully control. This widening "accountability gap" is a direct result of employees and various business departments independently launching new AI agents and tools without formal IT oversight. The survey also revealed that 70% of these IT leaders confirm their organizations are deploying new technologies faster than they can address the potential risks, creating a significant blind spot in corporate governance. This trend, often called "shadow AI," means unvetted tools are becoming embedded in workflows across the company.

This lack of control presents serious risks for businesses. When teams deploy unsanctioned AI, they can inadvertently expose sensitive company data, violate privacy regulations, or make critical business decisions based on unreliable or biased outputs. For IT and security teams, the challenge is immense. They are tasked with securing a technology landscape they cannot fully see or manage, making it difficult to enforce security policies, patch vulnerabilities, or ensure compliance. The pressure falls squarely on leaders who are ultimately responsible for any data breaches, financial losses, or reputational damage that may result from these uncontrolled AI implementations. The problem affects everyone from developers who may be building on insecure foundations to founders who carry the ultimate liability.

The report frames these findings as an early warning for the coming era of autonomous AI agents. The current ad-hoc approach to AI adoption is unsustainable and will only lead to greater security and operational failures. To close the accountability gap, organizations must establish clear and practical AI governance frameworks. This includes creating policies for acceptable use, providing employees with a set of approved and vetted AI tools, and investing in continuous education about the risks and responsible use of AI. Without proactive governance, companies risk letting their AI strategy be dictated by uncontrolled experimentation, leaving them vulnerable.