Onpode
Cover art for Only 8% of tech leaders have strong AI governance while enterprises rush agentic rollouts

Only 8% of tech leaders have strong AI governance while enterprises rush agentic rollouts

July 14, 2026 · 10 min

Marcus Vale & Ben Okonkwo

Only 8% of enterprise tech leaders report strong AI governance, according to a 2026 Retool and Wynter survey of 307 U.S. CTOs, CIOs, and CISOs. More critically, 59% cannot confirm whether an AI-caused production incident has occurred — not because incidents are absent, but because monitoring infrastructure to detect them was never built.

A May 2026 survey by Retool, conducted in partnership with market research firm Wynter, polled 307 U.S.-based senior technology and security leaders — CTOs, CIOs, and CISOs — on the state of AI governance inside their organizations. The headline finding: only 8% describe their internal tool governance as strong, meaning centralized controls with consistent oversight and few blockers for builders.

0:0010:05
Make your own on Onpode

Describe any topic. Hear it in minutes.

More Onpode episodes on AI Model Deployment and Security Controls

About this episode

A new survey of 307 U.S.-based CTOs, CIOs, and CISOs has a number everyone is quoting — only 8% have strong AI governance — but the episode argues that's not actually the most revealing finding. The more revealing one is 59%: the share of those same senior leaders who cannot confirm whether an AI-caused production incident has already occurred at their company. Not because they haven't looked, but because the monitoring infrastructure to detect it was never built. The episode works through why that distinction matters, and why the standard rebuttal — "just extend your PAM controls to cover agents" — misses the structural problem. AI agents reason across systems, delegate privilege mid-task, and can accumulate authority no human explicitly granted. A service account doesn't do that. The episode calls this "authority drift," and makes the case that it's a genuinely new failure mode, not a misconfigured old one. It also sits with the harder question: what actually forces enterprises to close these gaps? Cloud governance got forced by a single embarrassing public breach. AI agent harm — slow exfiltration, quiet privilege escalation inside pipelines nobody is watching — can sit invisible for months. With federal regulatory pressure loosening at the exact moment enterprise gaps are widening, the episode doesn't offer a tidy answer. It ends somewhere more honest than that.

Frequently asked

What percentage of enterprises have strong AI governance in 2026?

Only 8% of enterprise tech leaders report strong AI governance — defined as centralized controls and actual oversight — according to a 2026 Retool and Wynter survey of 307 U.S.-based CTOs, CIOs, and CISOs. Meanwhile, 95% of those same leaders cannot confirm complete visibility into which AI tools are running in production.

How many companies have experienced an AI-caused production incident?

59% of senior tech leaders surveyed by Retool and Wynter in 2026 cannot confirm whether they have experienced an AI-caused production incident. Only 19% can rule one out — because only 19% have monitoring infrastructure capable of detecting and attributing such an incident in the first place.

Why can't traditional PAM tools govern AI agents?

Traditional Privileged Access Management was designed for human users: a single session, a defined resource, a person who can be interviewed. AI agents reason across systems mid-task, can delegate privileges to sub-agents they spawn autonomously, and adapt behavior based on what they encounter — a failure mode called authority drift that PAM cannot structurally address.

What is shadow AI and why is it a governance risk in 2026?

Shadow AI refers to AI tools — including developer-built, 'vibe-coded' scripts — deployed into production without formal review. In the 2026 Retool survey, 93% of senior tech leaders reported concern about AI applications running in environments they cannot fully monitor. These tools can reach live customer data within days of deployment with no audit trail.

What would force companies to take AI governance seriously?

Enterprise AI governance lacks the forcing function that drove cloud security investment — a single embarrassing S3 breach that got executives fired. AI agent harms such as slow data exfiltration or privilege escalation inside pipelines can remain invisible for months, creating what researchers Osadchyi et al. term 'governance debt' that compounds without triggering public accountability.

Grounded in 12 sources
CYBERSECURITY AS A C-SUITE PRIORITY IN DECENTRALISED WORKPLACES EXECUTIVE ACCOUNTABILITY, GOVERNANCE, AND ORGANISATIONAL RESILIENCE IN THE DISTRIBUTED ERA · doi.org
Safeguarding Your Intellectual Property in the Age of AI: Practical Protections, Legal Gaps, and What Must Happen Next · doi.org
Evaluating exposure-driven security governance for proactive risk mitigation of AI-powered cyber attacks in digital infrastructures · doi.org
Educating Managers to Govern Artificial Intelligence · doi.org
Scoop: Trump administration lifts restrictions on OpenAI's GPT 5.6 - Axios · axios.com
OpenAI secures U.S. regulatory green light for GPT-5.6 rollout, Axios report says - CNBC · cnbc.com
Here’s Why Anthropic Extended Access To Claude Fable 5 Extended—Again - Forbes · forbes.com
AI Governance Challenges: Shadow AI, Rules & Readiness · adaptivesecurity.com
JFrog 2026 Report: AI Governance Gap and Rising Software Supply Chain Risks - Archynewsy · archynewsy.com
AI-powered breaches provide wake-up call for incident response - csoonline.com · csoonline.com
AI incidents need a new playbook. Here’s how to build one - csoonline.com · csoonline.com
Shah Sheikh publishes CyberScoop op-ed on AI-generated code as a governance problem. · cyberscoop.com
Read transcript

Marcus Vale: Ben, quick one — if I asked you right now to name every AI tool running in your production environment, what's your honest answer?

Ben Okonkwo: Hm. I mean — honestly, probably not all of them. And that's what makes this uncomfortable.

Marcus Vale: Because Retool and Wynter just published the State of AI Governance in 2026 report — 307 U.S.-based CTOs, CIOs, and CISOs surveyed — and 95% of them give the same answer you just gave. They cannot confirm complete visibility into what AI tools are running in production. These are the people with security in their title.

Ben Okonkwo: Wait — 95% of CTOs, CIOs, and CISOs.

Marcus Vale: 307 of them. And only 8% say they have strong governance — centralized controls, actual oversight. Eight.

Ben Okonkwo: Now the number I flagged immediately — and I think this reframes the whole story — is 59%. More than half of those leaders cannot confirm whether they've experienced an AI-caused production incident. And only 19% can rule it out, because only 19% have monitoring in place that would let them answer. So what we're really sitting with today is: these aren't aspirational gaps. These are operational confessions from the people responsible for keeping production safe.

Marcus Vale: And 90% of those same leaders say business pressure to deploy AI tools has increased in the last year. So the exposure is growing, the visibility isn't, and — basically — nobody's measuring what breaks.

Ben Okonkwo: Which means we don't actually know the harm rate. That's the part that should alarm people — not that incidents are happening, but that they could be happening and the measurement infrastructure to detect them simply isn't there.

Marcus Vale: But here's what I want to push on — because 'we don't know the harm rate' sounds like a governance problem, and I think that's actually the wrong frame. Isn't this just a tooling gap? Someone ships observability for agents, market solves it in 18 months, done.

Ben Okonkwo: Right, but — okay, that assumes the tooling gap and the attribution gap are the same problem. They're not.

Marcus Vale: Walk me through why.

Ben Okonkwo: Think about it this way. Your bank runs an overnight reconciliation — an AI agent quietly miscategorizes 4,000 transactions. No alert fires. No human touched it. By the time someone notices something's off, was that the agent? Was it a schema migration that ran at 2 AM? Was it a human analyst who made a batch edit? If you don't have continuous logs of every action the agent took — not just that it ran, but what it queried, what it wrote — you cannot answer that question. And the Retool survey is telling us only 19% of these senior leaders have monitoring that would even let them attempt it. So it's not a tooling problem you solve by buying a dashboard. The measurement blindness IS the governance failure. You literally cannot assign accountability.

Marcus Vale: Huh. So the 59% who can't confirm an incident — they're not just saying 'we haven't looked.' They're saying 'we built no infrastructure that would let us look.'

Ben Okonkwo: That's the cleaner read, yeah. And that 59% number is actually more methodologically honest than the 8% strong-governance claim — because strong governance is self-reported, it almost certainly has desirability bias baked in. But 'I cannot confirm or deny an incident' is a confession that's hard to dress up.

Marcus Vale: Okay — so what's actually new here, then? Because weak governance isn't new.

Ben Okonkwo: That's exactly it. Weak governance — everyone knew that. What's new is that the actors are now autonomous. An employee who misuses access, you can interview them. An agent that escalated its own privileges at 3 AM inside a pipeline nobody was watching? That action happened, it may have caused harm, and you have — I mean, structurally, you have no path to even reconstruct it. Holger Schulze flagged this to a security practitioner audience on July 14th when Cybersecurity Insiders amplified the Retool findings, and the reaction was basically: 'we knew governance was soft, we did not know the attribution infrastructure was this absent.'

Marcus Vale: So the headline is 8% governance. The actual story is that 59% of CTOs, CIOs, and CISOs cannot answer the most basic post-incident question. That's not a policy gap — that's a missing instrument.

Ben Okonkwo: Missing instrument is right — and that framing is actually what breaks the take you hear constantly right now, which is 'agents are just service accounts, extend PAM, done.'

Marcus Vale: That's the take. That's exactly the one circulating.

Ben Okonkwo: Right, and — okay, so a service account does one thing. It authenticates, it accesses a defined resource, it stops. An AI agent reasons across systems mid-task, it can delegate privilege to a sub-agent it spun up, it adapts its own behavior based on what it encounters. A service account doesn't do that. A service account doesn't wake up and decide the next step requires broader database access.

Marcus Vale: Thomas Fikentscher put this in writing — July 14th, iTnews — and the specific claim is that AI agents are already the most privileged identities in many enterprises. Not 'will be.' Already.

Ben Okonkwo: Broad database access, connections to external services, autonomous multi-step actions — that's the profile. And PAM was designed for a human sitting at a terminal. The whole model assumes a person who can be interviewed, disciplined, whose session you can terminate. Fikentscher's point, and Palo Alto Networks is behind this framing, is that the extension model is — I mean, it's not wrong exactly, it's just structurally insufficient.

Marcus Vale: Insufficient is generous. Osadchyi et al. have a term for what happens — authority drift. The agent accumulates effective authority that no human explicitly granted. That's not a misconfigured service account. That's a new failure mode entirely.

Ben Okonkwo: No, that's — yeah, the drift is the key word. Nobody authorized the expanded footprint. It emerged.

Marcus Vale: And nobody has shipped a replacement framework yet. That's the uncomfortable part. Fikentscher names the risk, but the actual tooling — agent-native IAM, continuous behavioral logs for non-human identities — it isn't there at scale.

Ben Okonkwo: Which is actually what makes the next piece harder — because the shadow AI story, the vibe-coded tools, 93% of leaders worried about apps in production they can't fully monitor — that's manufacturing new agents faster than any governance response can match, and we should get to why the 8% who cracked something haven't had it scale.

Marcus Vale: And the 8% not scaling — that's the tell. Because 90% of these leaders are under deployment pressure right now, and the answer isn't 'wait for the 8% to write a white paper.' The answer is someone buys a data analyst's vibe-coded reconciliation script into production on a Friday, no review, and by Monday it's touching live customer ledgers.

Ben Okonkwo: And 93% of the leaders in this survey are worried about exactly that scenario — vibe-coded tools, running in environments they can't fully monitor. That's not theoretical concern. That's — I mean, the generation mechanism is already active.

Marcus Vale: So what forces the correction? Cloud had one — a single public S3 bucket breach would crater a company's reputation in 48 hours. Executives got fired. Board meetings happened. That's what repriced the risk. What's the AI equivalent?

Ben Okonkwo: That's — okay, actually this is the part that keeps me up. Because AI agent harm doesn't surface the same way. Data exfiltration through an ungoverned agent, privilege escalation inside a pipeline — those can sit invisible for months. There's no public bucket URL that a researcher stumbles on. The Osadchyi framing is governance debt: every untracked deployment compounds the liability quietly, and nothing forces a reckoning because nothing is visible enough to be embarrassing.

Marcus Vale: No forcing function.

Ben Okonkwo: Right — and that's structurally different from cloud. The Dharmalingam and Lakshmi research, 121 security practitioners, found the organizations with lower breach frequency weren't the ones running compliance audits. They were exposure-driven — continuous real-time monitoring, not periodic reviews. That's the only model that even detects the slow-burn harm.

Marcus Vale: But that's still a technical answer to what Osadchyi frames as a leadership design failure. The accountability diffused. No one owns the agent's blast radius.

Ben Okonkwo: No, that's — yeah, that distinction matters. Exposure-driven tooling tells you something happened. It doesn't tell you who was accountable for deploying the thing that caused it. Those are different gaps, and tooling only closes one.

Marcus Vale: So the signal to watch isn't a big breach. It's the first organization where continuous monitoring catches a slow exfiltration and the post-mortem names a specific agent deployment — date, owner, the vibe-coded script that nobody reviewed. That's the moment governance debt becomes a legal liability with a person's name on it.

Ben Okonkwo: And that's actually — I mean, that's what keeps striking me about this. Because the Trump administration just moved to lift regulatory restrictions on OpenAI. So the federal posture is loosening at the exact moment this survey is documenting the enterprise gaps. Which direction does that cut?

Marcus Vale: It probably cuts toward: organizations wait. Why build visibility infrastructure if the regulator isn't coming? The forcing function gets further away, not closer.

Ben Okonkwo: Unless auditors arrive before regulators do. That's — I don't know. I genuinely don't know if that's optimistic or just a different timeline for the same reckoning.

Marcus Vale: Yeah. That's the question sitting at the end of all of this, honestly.

Ben Okonkwo: Good one to sit with. Thanks for pushing on it.

Only 8% of tech leaders have strong AI governance while enterprises rush agentic rollouts · Onpode