Practical Governance for Enterprise AI
Tag
3 items
The Cloud Security Alliance, commissioned by Google, released 'The State of AI Security and Governance,' a data-driven research report examining how enterprises are adopting generative and agentic AI. The report documents significant gaps in AI governance maturity, security integration practices, and data exposure controls across global organizations. It also finds that multi-model AI strategies are concentrated among a small number of providers, and that security teams are among the earliest enterprise adopters of AI in cybersecurity workflows.
Anthropic, Google, Microsoft, and OpenAI have jointly established the Frontier Model Forum, an industry body dedicated to advancing safety and responsibility in the development of frontier AI models. The forum will focus on producing technical evaluations, safety benchmarks, and shared best practices drawn from member expertise. Its formation follows voluntary AI safety commitments announced by the White House, which were signed by seven major technology companies including Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI. For enterprise compliance teams, the forum signals a growing industry-led standard-setting process that may shape expectations around model evaluation, documentation, and risk disclosure ahead of formal regulatory requirements. Organizations deploying or procuring frontier models should monitor outputs from the forum, as its benchmarks and best practices could be adopted as reference points by regulators and auditors. The voluntary commitment framework also represents a precedent for government-industry coordination on AI safety obligations.
Cyberhaven Labs released its 2026 AI Adoption and Risk Report on February 5, 2026, drawing on analysis of billions of real-world data movements across generative AI SaaS platforms, endpoint AI applications, and AI agents used in enterprise environments. The report finds that 82% of the top 100 GenAI SaaS tools are classified as medium to critical risk, and that employees are entering sensitive data into AI tools on average once every three days. A significant shadow IT dimension is documented: 32.3% of ChatGPT usage and 24.9% of Gemini usage occurs through personal accounts rather than corporate-managed accounts, placing that activity outside enterprise data governance controls. For compliance teams, the findings underscore a structural gap between the pace of AI adoption and the maturity of data loss prevention, acceptable use policies, and third-party risk management programs. Organizations lacking visibility into AI tool usage at the endpoint level may face exposure under data protection obligations in multiple jurisdictions, including the EU AI Act, various US state privacy laws, and sector-specific regulations governing sensitive data handling.
