Enterprise AI's adoption gap: investment is up, but security, data, and accountability are lagging
Enterprise investments in AI are rising, with 86% of C-suite executives increasing their budgets. Despite this, only 32% report a sustained impact from these investments. New threats like prompt injection and shadow AI are contributing to the challenges.
This story was produced through MarketScale. See how Software & Technology teams put it to work with Executive Thought Leadership.
Key facts, context, and what it means, in one minute.
Key takeaways
86% of C-suites are increasing AI investment.
Only 32% report sustained impact from AI investments.
Prompt injection and shadow AI are emerging as new threats.
Only 32% of organizations report sustained business impact from AI, even as 86% of C-suites say they are actively increasing AI investment. That gap, drawn from an Accenture survey and reported by Forbes contributor Melody Brue, is the clearest signal yet that enterprise AI has moved out of the pilot phase and into a harder problem: making it work operationally, at scale, without introducing new liabilities.
Three distinct failure modes are now visible across the enterprise. Security defenses have not kept pace with AI-specific attacks. A layer of unsanctioned AI activity is running below the radar of finance and IT. And models are breaking not because of faulty algorithms, but because the underlying data can't handle real-world complexity. Each problem lands differently on different teams, but together they define the operational challenge of 2026.
Prompt injection: the attack vector security teams aren't ready for
CrowdStrike has characterized prompts as the functional equivalent of malware in AI-integrated environments, a framing reported by Forbes contributor Janakiram MSV. The mechanism is prompt injection: attackers embed instructions inside content that an AI agent processes, causing the model to act in ways the operator never authorized. A customer-service bot reads a malicious document; an internal copilot processes a poisoned email. The model follows the embedded instruction, not the enterprise policy.
The exposure is not hypothetical. Janakiram MSV reported that 65% of organizations currently have no dedicated defenses against this attack class. As AI agents take on more consequential tasks, such as writing code, approving workflows, or querying internal databases, the blast radius of a successful injection grows proportionally. Security teams built for perimeter defense and endpoint protection are largely unprepared for an attack surface defined by text inputs.
The operational implication is concrete: any organization deploying agentic AI without input validation, output monitoring, and prompt-specific threat detection is operating with an unacknowledged gap in its security posture. CrowdStrike and other security vendors are beginning to address this, but the market for AI-native defenses is still forming.
Shadow AI: the labor your ledger doesn't see
Finance and procurement leaders face a different kind of exposure. Forbes contributor Güney Yıldız reported that 53% of automated work in enterprise environments now runs on AI applications that aren't tracked in official systems. The term for this is shadow AI, and its implications go well beyond the familiar shadow IT problem.
When a contractor or employee uses an unsanctioned AI tool to complete a task, the output enters the company's workflows but the activity doesn't appear in cost accounting, vendor contracts, or compliance records. That creates a structural accounting gap: AI labor is being consumed and delivered, but it is invisible to the systems that govern spend, data handling, and regulatory reporting. For organizations in regulated industries, or those subject to data residency and privacy obligations, the exposure is direct.
Procurement teams that have spent the past two years building approved vendor lists and AI usage policies now face the reality that a majority of actual AI activity may be happening outside those guardrails. Closing that gap requires both technical controls, such as network monitoring and application allowlisting, and updated procurement policies that account for how individual contributors actually source and use AI tools.
Data quality: why more training data isn't the answer
The third failure mode is less visible but equally consequential. Forbes contributor Anjana Susarla argued that many enterprise AI deployments are not failing because of model architecture, but because the data feeding those models lacks the contextual nuance required to handle edge cases. Real-world business decisions routinely involve ambiguity, exception handling, and judgment calls that clean, structured training datasets don't capture.
The instinct to address underperforming models by adding more data is understandable but often counterproductive. Volume doesn't substitute for representativeness. A procurement model trained on historical purchase orders may perform well on routine transactions and fail badly on contract disputes, single-source justifications, or emergency buys, precisely the scenarios where automated judgment matters most.
Forbes contributor Bernard Marr raised a related structural point: as AI amplifies individual output, influence inside organizations is beginning to shift from seniority toward the employees who use AI most effectively. That has direct implications for how IT and operations leaders staff AI programs. The people best positioned to identify data quality gaps and edge-case failures are often frontline workers, not the data scientists managing the models.
What the Anthropic situation signals about enterprise AI procurement
Separately, the two-and-a-half-week suspension of Anthropic's Fable AI model, which was shut down over security concerns before the company reached a deal with the Trump administration to restore access, offered a live demonstration of a procurement risk that most enterprise buyers hadn't priced in, according to reporting by Amrith Ramkumar and Robert McMillan at The Wall Street Journal. Enterprise teams that had integrated Fable into workflows faced sudden disruption with little warning. The episode underscores that AI model availability is now a vendor-continuity question, not just a capability question, and should be evaluated accordingly in contract and resilience planning.
What this means for your team
- Audit your AI attack surface now: map every workflow where an AI agent processes external input and validate whether prompt-level controls and output monitoring are in place. The 65% of organizations without dedicated prompt-injection defenses represent a specific, correctable gap.
- Run a shadow AI census: require employees and contractors to disclose AI tools in use outside approved vendor lists. Cross-reference with network logs and expense data to get a realistic picture of unsanctioned AI activity before it becomes a compliance finding.
- Reframe data quality as a procurement criterion: when evaluating or renewing AI vendor contracts, require documentation of how models handle edge cases and low-frequency scenarios relevant to your operations, not just aggregate accuracy benchmarks.
- Build vendor continuity clauses into AI contracts: the Anthropic Fable suspension is a template for what enterprise buyers should now treat as a standard risk. Contracts should address model availability, substitution rights, and notification timelines in the event of regulatory or security-driven disruptions.
Sources
- Accenture Survey Finds AI Investment Surging, But Operating Models Lag ↗ · Forbes
- Prompts Are The New Malware As Enterprise AI Defenses Fall Behind ↗ · Forbes
- Your Company Is Already Run Partly By AI. Your Accounts Don't Show It. ↗ · Forbes
- More Data Won't Save Your AI: Why Nuance And Judgement Are Needed For An AI Resilient Enterprise ↗ · Forbes
- How AI Could Blow Up Corporate Hierarchies ↗ · Forbes
About the author
The MarketScale Newsroom reports on the companies, technologies, and trends shaping 16 B2B industries. It turns primary sources and expert commentary into clear, useful coverage for the people doing the work.