Nearly 70% of organisations are actively tracking AI regulations and preparing to comply, according to Sprinto’s latest CISO Pulse Check report. However, more than 30% have already faced a major AI-related security incident in the past year, highlighting growing risks.

The report notes that concerns are no longer theoretical. Security leaders point to shadow AI usage and sensitive data leaks through public AI tools as top threats. Despite this, only 21% of organisations have controls in place to prevent confidential data from being shared on external AI platforms.

While awareness is increasing, execution gaps remain. Around 30% of organisations say they are less prepared to handle AI risks compared to traditional cybersecurity threats. The nature of these incidents is consistent across organisations and includes shadow AI usage, data leakage and model inversion, API abuse and unauthorised access, and data poisoning. These risks are already operational realities for enterprises, often advancing faster than internal controls.

Many organisations also take weeks or months to implement policies, and 39% report inconsistent enforcement of AI usage rules.

AI-related incidents commonly include data leakage, unauthorised access, API abuse, and data poisoning. These risks are often moving faster than companies’ internal controls.

Governance systems are still evolving. Only a quarter of organisations report advanced AI governance maturity, with most still in early or developing stages. Policies exist, but enforcement and monitoring remain weak, leading to fragmented oversight.

At the same time, investment is rising. About 69% of organisations have allocated budgets for AI risk mitigation in 2026, with more planning to follow. Key priorities include stronger technical controls, AI risk assessments, and employee training.

The report highlights a mismatch between fast AI adoption and slower governance systems. It suggests companies need continuous and adaptive risk management rather than static policies.

“AI has moved faster than most organisations were prepared for… The companies that win in 2026 will be those building trust, control, and resilience alongside adoption,” said Raghuveer Kancherla, co-founder of Sprinto.

The report concludes that while organisations understand AI risks, most are not yet ready to manage them at scale, making governance a critical priority going forward.