A joint research report published today by OneTrust and Information Security Media Group (ISMG) finds that generative AI has become embedded in core business operations at most organizations - yet the governance frameworks meant to manage that deployment remain largely unfinished, unenforced, or entirely absent.

The "Securing the GenAI Era" report, the third annual edition in the series, draws on responses from 180 cybersecurity leaders, technology executives, and business decisionmakers surveyed between November 2025 and January 2026. Its central finding is stark: AI adoption has outpaced the organizational infrastructure built to control it, creating measurable gaps in visibility, enforcement, and readiness across sectors including technology, banking, healthcare, and manufacturing.

Adoption has accelerated sharply over three years

The scale of the shift becomes clearer when viewed against prior editions of the same study. According to OneTrust and ISMG, the share of organizations with GenAI in production or fully integrated rose from 15% in Year 1 to 23% in Year 2, reaching 63% in Year 3. Over the same period, the proportion still in the planning phase fell from 27% in Year 1 and 25% in Year 2 to just 4% in the current edition. Nearly all organizations, in other words, have already moved past early evaluation.

The top operational use cases reflect a shift toward embedded workflows. According to the report, 56% of respondents cite data analysis and insights, 55% report automation of repetitive tasks, 51% point to customer service and support, and 48% use GenAI for cybersecurity-specific applications including threat detection, incident response, and vulnerability management. These are not peripheral functions. They are, in many cases, the systems organizations depend on to operate day to day.

That dependency matters. As the report notes, when AI is embedded in workflows such as analysis, automation, and security operations, failures affect not only outputs but the underlying business processes those workflows support. The transition from tool to infrastructure changes what is at stake when something goes wrong.

Governance exists on paper; enforcement does not

The governance data is where the sharpest contradictions emerge. According to OneTrust and ISMG, only 15% of respondents report governance frameworks that are both centrally defined and fully operationalized across their organization. A larger share - 40% - report frameworks that are centrally defined but not systematically operationalized. Another 30% report governance defined in an ad hoc manner within individual business units. The remaining 15% have no formal governance in place at all.

Taken together, 85% of surveyed organizations cannot verify that their AI controls are consistently applied in practice. The report frames this as a distinction between governance in theory and governance in practice - a gap that is difficult to close because the existence of a framework can create a false sense of control when that framework is not supported by monitoring, enforcement mechanisms, and clearly assigned ownership.

Accountability compounds the problem. According to the report, nearly a third of respondents - 29% - report there is no single accountable owner for AI-related risk at their organization. Without clear ownership, enforcement lacks a mechanism. Policies may exist; nobody is responsible for ensuring they run.

Shadow AI visibility follows a similar pattern. Only 35% of respondents report complete visibility into how AI is being used within their environments through monitoring tools. A further 27% report partial visibility, 21% rely on policy-based approaches that do not involve active monitoring, and 11% report limited or no visibility at all. That means 65% of organizations are managing AI risk with an incomplete picture of where and how their AI systems are actually operating.

The report is direct about the structural implication: "Without this operational layer, governance frameworks risk remaining static rather than functioning as active control systems that shape behavior and reduce risk across the organization."

PPC Land has documented this pattern before, noting in April 2026 that 76% of marketing professionals use GenAI daily while governance structures have failed to keep pace - a gap that mirrors the findings in the OneTrust and ISMG data across a different but overlapping population.

Employee data leakage is now the primary risk

One of the more notable shifts between the earlier editions of this study and the current one concerns where risk is perceived to originate. Earlier surveys, according to OneTrust and ISMG, emphasized technical risks such as hallucinations and model integrity. In the current data, those concerns have been displaced by a focus on how AI systems are used in practice - particularly how employees handle sensitive data when interacting with AI tools.

The leading implementation concern, cited by 48% of respondents, is employee-driven sensitive data leakage: situations where staff enter confidential or proprietary information into AI tools, often without clear guardrails around where that data goes or how it is retained. Hallucinations or inaccurate outputs follow at 40%. Compliance violations and data poisoning or malicious data ingestion both register at 37%. Transparency-related concerns are cited by 34%.

According to the report, the concern about data leakage is not misplaced. Once sensitive data enters an AI system - whether personal information or company intellectual property - tracing and removing it later becomes extremely difficult. The risk, as the report frames it, starts at the point of input. Control after that point is substantially harder.

This has a direct regulatory dimension. GDPR fines can reach up to 6% of global annual turnover. According to OneTrust and ISMG, the EU AI Act goes further, with penalties reaching up to 7%. For organizations processing personal data at scale through AI tools, the compliance exposure from uncontrolled data inputs is substantial.

PPC Land reported in May 2026 on research from the University of California, Davis finding that 17 of 20 popular AI chatbot services share information with at least one third party during a normal chat session - a finding that illustrates how data entered into AI tools can flow beyond what users or organizations anticipate.

Adversarial AI has moved from theoretical to operational

The report documents a clear escalation in adversarial use of AI between survey years. Nearly half of respondents - 46% - report encountering AI-generated social engineering at scale. Enhanced phishing and automated vulnerability discovery or exploitation each register at 36%. Deepfakes, in the form of synthetic video or audio, are reported by 33% of respondents. Malicious code generation is cited by 28%, and voice cloning used in business email compromise scenarios by 24%.

Only 14% of respondents in the current survey report no observed adversarial AI activity at all - a significant shift from earlier editions, when a meaningful share reported no direct exposure. The implication is not that attacks are necessarily more frequent in absolute terms, but that they are becoming more visible and more varied.

What makes this significant is the nature of the shift in attack vectors. Signals previously used to establish legitimacy - voice, video, writing style - can now be replicated with a high degree of accuracy. The report notes that this reduces the effectiveness of informal validation methods that organizations have historically relied on. Recognizing an attack by its pattern becomes harder when those patterns can be convincingly mimicked by automated systems at scale.

The UK's Digital Regulation Cooperation Forum warned in March 2026 that agentic AI systems can carry out 80 to 90 percent of an attack lifecycle - a finding that sits alongside the OneTrust and ISMG data as evidence that adversarial AI is no longer a future planning concern.

Controls are in place; readiness is not

The report's fifth chapter documents a gap between control implementation and verified readiness. According to OneTrust and ISMG, the most commonly cited controls in place include staff education and training at 49%, data loss prevention at 45%, tool whitelisting or blacklisting at 33%, monitoring and logging at 31%, and prompt filtering at 28%. Adoption of formal controls has increased significantly over three years - training grew from 26% in Year 1 to 49% in Year 3, while tool whitelisting grew from 17% to 33%.

But growth in control adoption has not been matched by testing, validation, or enterprise-wide coverage. More than half of respondents - 51% - report relying on human-in-the-loop review as their primary validation mechanism. Sixteen percent report no formal validation process at all. Meanwhile, workforce training coverage remains uneven: 44% report training more than half their workforce, which means that for many organizations, the majority of staff interacting with AI tools may be doing so without formal instruction. Eight percent of respondents report no GenAI training currently provided.

Incident response readiness compounds these deficiencies. Only 29% of respondents have a documented and tested AI-specific incident response plan. The remaining 71% report plans that are untested, still in development, rely on general incident response processes that were not designed for AI-specific incidents, or do not exist. This means that for most organizations, the first serious AI-related incident will arrive before the organization has verified that it can respond to it effectively.

The report notes that controls not tested under real-world conditions, or not broadly adopted across the workforce, may not perform as expected when an incident occurs - particularly as GenAI becomes more embedded in production environments where failures carry broader consequences.

Autonomous agents introduce new requirements

More than half of respondents - 59% - are deploying or planning to deploy autonomous AI agents. This introduces a category of governance challenge that differs structurally from managing standard GenAI tools. Agents do not simply respond to queries; they take actions, connect with external tools, and operate with degrees of independence that traditional static governance frameworks were not designed to handle.

According to OneTrust and ISMG, deploying autonomous agents creates new requirements for identity management, centralized logging, and clearly defined limits on what AI systems can do without human approval. Platform concentration adds to this concern: 70% of respondents use OpenAI, 62% use Microsoft, and 49% use Google - meaning that a small number of providers represent the infrastructure through which most of this activity flows. Fewer platforms mean greater dependency. More autonomous agents mean more independent action with fewer human checkpoints.

The report identifies a pattern that organizations currently in the process of deploying standard GenAI tools may be about to repeat with agents: moving quickly on deployment before controls are adequately established, and then attempting to retrofit governance structures afterward. The report's argument is that with agentic AI, that sequence will not work.

PPC Land's coverage in March 2026 found that agentic AI is already in production at most organizations, with technical and organizational barriers - security approvals, integration complexity, reliability engineering - rather than capability gaps explaining why some deployments remain in earlier stages. The OneTrust and ISMG findings add governance readiness to that list.

What the data means for marketing and ad tech organizations

For marketing technology professionals, the governance findings in this report carry specific implications. Marketing functions are among the fastest adopters of GenAI - content creation, audience segmentation, customer service automation, and campaign optimization have all absorbed generative AI tools at pace. OneTrust's earlier January 2026 forecast noted that 70% of technology leaders acknowledge their governance capabilities cannot match the velocity of AI initiatives - a problem that is acute in marketing teams where experimentation cycles are short and tool adoption can outpace procurement and compliance review.

The employee data leakage finding is particularly relevant. Marketing teams routinely handle first-party customer data, commercially sensitive campaign strategies, and proprietary performance data. Entering any of this into an AI tool without verified data handling controls exposes organizations to the same compliance risk that the report documents across its full sample - and potentially at higher volume given the frequency of AI tool use in marketing workflows.

PPC Land has also documented research finding that AI agents systematically expose owner behavioral data and private documents, with 34.6% of agents in one study exposing sensitive personal data publicly - an operational concern that intensifies as agentic AI systems are deployed in customer-facing marketing and advertising contexts.

The visibility gap the report identifies - only 35% of organizations with complete monitoring - maps directly onto the shadow AI problem that marketing organizations have faced since free-tier consumer AI tools became widely available. Employees using personal AI subscriptions for work tasks create data handling exposures that enterprise AI deployments with formal procurement and governance processes were specifically designed to avoid. Without monitoring, there is no reliable way to know the extent of that exposure.

The survey covered respondents across technology (25%), banking and finance (22%), healthcare (11%), manufacturing (9%), retail (8%), professional services (8%), government and public sector (5%), defense (4%), and energy (1%). Geographic distribution was 76% North America, 14% Europe, 2% Asia, and 8% other regions. The respondent title breakdown included 14% CTOs, 14% CIOs, 13% CISOs, 13% CEOs, 15% other senior executives, 6% Chief AI Officers, and 25% other IT, security, and business management roles. Results from this year are compared with prior surveys from 2023 (180 respondents) and 2024 (363 respondents) for year-over-year directional comparisons.

Timeline

Summary

Who: OneTrust and Information Security Media Group (ISMG), surveying 180 cybersecurity leaders, technology executives, and business decisionmakers across sectors and geographies - primarily North America (76%), with respondents including CTOs, CIOs, CISOs, CEOs, and Chief AI Officers.

What: The third annual "Securing the GenAI Era" research report, documenting that GenAI adoption has accelerated sharply to 63% of organizations in production or fully integrated, while governance enforcement, visibility into AI usage, adversarial AI defenses, and incident response readiness all lag significantly behind that deployment rate. Only 15% of respondents have fully operationalized governance frameworks. Only 29% have a documented and tested AI-specific incident response plan.

When: The survey was conducted between November 2025 and January 2026, with findings published today, June 24, 2026. Year-over-year comparisons draw on prior editions conducted in 2023 (426 respondents) and 2024 (363 respondents).

Where: The survey covered respondents across North America (76%), Europe (14%), Asia (2%), and other regions (8%), spanning industries including technology, banking and finance, healthcare, manufacturing, retail, professional services, government, defense, and energy.

Why: GenAI has moved into production environments at a pace that governance structures, visibility tools, workforce training programs, and incident response plans have not matched. As organizations now expand into autonomous AI agents - 59% are deploying or planning to deploy them - the governance gap documented in the current generation of standard GenAI deployments is at risk of repeating, with greater consequences, in a category of systems that can act independently across business environments without human approval at each step.