Skip to content
MarketScale
‹ Back to IndustriesSoftware & Technology

Enterprise AI's adoption gap: investment is up, but security, data, and accountability are lagging

Despite increased investment in enterprise AI, with 86% of C-suites raising budgets, only 32% report a sustained impact from their AI initiatives. Challenges such as prompt injection, shadow AI, and data gaps are contributing factors to this discrepancy. Effective strategies to address these issues are essential for realizing the full potential of AI in enterprises.

This story was produced through MarketScale. See how Software & Technology teams put it to work with Executive Thought Leadership.

By MarketScale Newsroom · Enterprise AiAi SecurityShadow AiPrompt Injection
Share
Learn this in 60 seconds

Key facts, context, and what it means, in one minute.

:60
0:001:00
Enterprise AI's adoption gap: investment is up, but security, data, and accountability are lagging

Key takeaways

01

86% of C-suites are increasing AI budgets.

02

Only 32% report sustained impact from AI.

03

Prompt injection and shadow AI are key challenges.

Only 32% of organizations report sustained business impact from AI, even as 86% of C-suite executives say they are actively increasing their AI budgets. That gap, drawn from an Accenture survey and reported by Forbes contributor Melody Brue, is the clearest signal yet that enterprise AI has moved past the pilot phase and into a harder problem: making it work operationally, at scale, without introducing new liabilities.

Three distinct failure modes are now visible across the enterprise. Security defenses have not kept pace with AI-specific attacks. A layer of unsanctioned AI activity is running below the radar of finance and IT. And models are breaking not because of faulty algorithms, but because the underlying data cannot handle real-world complexity. Each problem lands differently on different teams, but together they define the operational challenge of 2026.

Enterprise AI investment vs. sustained impact86C-suites increasing AI investment32Organizations reporting sustained impact
Accenture survey, reported by Forbes (Melody Brue, June 2026) · © MarketScaleDownload chart

Prompt injection: the attack vector security teams aren't ready for

CrowdStrike has characterized prompts as the functional equivalent of malware in AI-integrated environments, a framing reported by Forbes contributor Janakiram MSV. The mechanism is prompt injection: attackers embed instructions inside content that an AI agent processes, causing the model to act in ways the operator never authorized. A customer-service bot reads a malicious document; an internal copilot processes a poisoned email.

The exposure is not hypothetical. Janakiram MSV reported that 65% of organizations currently have no dedicated defenses against this attack class. As AI agents take on more consequential tasks, writing code, approving workflows, querying internal databases, the blast radius of a successful injection grows proportionally. Security teams built for perimeter defense and endpoint protection are largely unprepared for an attack surface defined by text inputs.

The operational implication is concrete. Any organization deploying agentic AI without input validation, output monitoring, and prompt-specific threat detection is operating with an unacknowledged gap in its security posture. CrowdStrike and other security vendors are beginning to address this, but the market for AI-native defenses is still forming.

Shadow AI: the labor your ledger doesn't see

Finance and procurement leaders face a different kind of exposure. Forbes contributor Güney Yıldız reported that 53% of automated work in enterprise environments now runs on AI applications not tracked in official systems. The term is shadow AI, and its implications go well beyond the familiar shadow IT problem.

When an employee or contractor uses an unsanctioned AI tool to complete a task, the output enters company workflows but the activity doesn't appear in cost accounting, vendor contracts, or compliance records. That creates a structural accounting gap: AI labor is being consumed and delivered, but it is invisible to the systems that govern spend, data handling, and regulatory reporting. For organizations in regulated industries, or those subject to data residency and privacy obligations, the exposure is direct.

Procurement teams that have spent the past two years building approved vendor lists and AI usage policies now face the reality that a majority of actual AI activity may be happening outside those guardrails. Closing that gap requires both technical controls, such as network monitoring and application allowlisting, and updated procurement policies that account for how individual contributors actually source and use AI tools.

Share of automated enterprise work on unsanctioned AI tools53Automated work on unsanctioned AI47Automated work on sanctioned AI
Forbes (Güney Yıldız, June 2026) · © MarketScaleDownload chart

Data quality: why more training data isn't the answer

The third failure mode is less visible but equally consequential. Forbes contributor Anjana Susarla argued that many enterprise AI deployments are not failing because of model architecture, but because the data feeding those models lacks the contextual nuance required to handle edge cases. Real-world business decisions routinely involve ambiguity, exception handling, and judgment calls that clean, structured training datasets don't capture.

The instinct to address underperforming models by adding more data is understandable but often counterproductive. Volume doesn't substitute for representativeness. A procurement model trained on historical purchase orders may perform well on routine transactions and fail on contract disputes, single-source justifications, or emergency buys, precisely the scenarios where automated judgment matters most.

Forbes contributor Bernard Marr raised a related structural point: as AI amplifies individual output, influence inside organizations is beginning to shift toward the employees who use AI most effectively, regardless of seniority. The people best positioned to identify data quality gaps and edge-case failures are often frontline workers, not the data scientists managing the models. That has direct implications for how IT and operations leaders staff AI programs.

What the Anthropic Fable suspension signals about AI vendor risk

A separate development offered a live demonstration of a procurement risk most enterprise buyers hadn't priced in. The two-and-a-half-week suspension of Anthropic's Fable AI model, shut down over security concerns before the company reached a deal to restore access, was reported by Amrith Ramkumar and Robert McMillan at The Wall Street Journal. Enterprise teams that had integrated Fable into workflows faced sudden disruption with little warning.

The episode makes clear that AI model availability is now a vendor-continuity question, not just a capability question. It should be evaluated accordingly in contract and resilience planning, alongside standard considerations such as SLA uptime and data portability.

What this means for your team

  • Audit your AI attack surface: map every workflow where an AI agent processes external input and validate whether prompt-level controls and output monitoring are in place. The 65% of organizations without dedicated prompt-injection defenses represent a specific, correctable gap.
  • Run a shadow AI census: require employees and contractors to disclose AI tools in use outside approved vendor lists. Cross-reference with network logs and expense data to get a realistic picture of unsanctioned AI activity before it becomes a compliance finding.
  • Reframe data quality as a procurement criterion: when evaluating or renewing AI vendor contracts, require documentation of how models handle edge cases and low-frequency scenarios relevant to your operations, not just aggregate accuracy benchmarks.
  • Build vendor continuity clauses into AI contracts: the Anthropic Fable suspension is a template for what enterprise buyers should now treat as a standard risk. Contracts should address model availability, substitution rights, and notification timelines in the event of regulatory or security-driven disruptions.

Featured companies

About the author

MarketScale Newsroom
MarketScale NewsroomEditorial Team, MarketScale

The MarketScale Newsroom reports on the companies, technologies, and trends shaping 16 B2B industries. It turns primary sources and expert commentary into clear, useful coverage for the people doing the work.

Software & Technology: are you visible to AI?

Before they reach out, Software & Technology buyers ask AI engines which vendors to trust. See how AI describes your company today, and where competitors show up instead.

Free workspace

You just read one expert. Imagine publishing your whole team.

This article was produced through MarketScale. Create a free workspace and turn your own team's expertise into articles, video, and social posts. No credit card, no demo required.

NPS +73 · 1,000+ creators · 38+ countries

What you get, free

Your own MarketScale Studio workspace
One video edit a month, on us
AI writing, editing, and publishing tools
In-platform coaching to learn the system

More Software & Technology Insights

CISA flags active SharePoint RCE exploit as Cisco UCM attacks continue

CISA flags active SharePoint RCE exploit as Cisco UCM attacks continue

Two critical enterprise vulnerabilities involving SharePoint and Cisco UCM are actively being exploited. These vulnerabilities pose significant risks to collaboration and voice infrastructure, prompting concerns from cybersecurity agencies. Organizations using these systems are urged to take immediate action to mitigate risks.

  • 01Active exploitation of SharePoint and Cisco UCM vulnerabilities detected.
  • 02Critical risk posed to collaboration and voice infrastructure.
  • 03Immediate action required from organizations to mitigate risks.

Jul 8, 2026

Uber, Starbucks AI investments expose enterprise ROI gap

Uber, Starbucks AI investments expose enterprise ROI gap

Uber and Starbucks have faced challenges with their AI investments, highlighting a gap in enterprise ROI. Uber exhausted its AI budget for 2026 in just four months, while Starbucks terminated its AI inventory system after nine months. This raises questions about the strategy and expectations enterprises must have in AI development.

  • 01Uber used up its 2026 AI budget in four months.
  • 02Starbucks stopped an AI inventory system after nine months.
  • 03The incidents highlight the need for strategic AI investments.

Jul 8, 2026

Accenture and Google Cloud launch agentic AI suite for midmarket companies under $3B in revenue

Accenture and Google Cloud launch agentic AI suite for midmarket companies under $3B in revenue

Accenture and Google Cloud are collaborating to offer pre-built agentic AI tools aimed at midmarket companies with revenues under $3 billion. This initiative seeks to address the enterprise-scale pressures these smaller firms face by providing tailored AI solutions. The collaboration emphasizes enhancing digital capabilities for businesses that are often caught between large-scale and economy-sized challenges.

  • 01Accenture and Google Cloud offer AI tools to midmarket companies.
  • 02The initiative targets firms with less than $3 billion in revenue.
  • 03It aims to enhance digital capabilities amid enterprise challenges.

Jul 7, 2026

Explore More Software & Technology Insights

Read more expert perspectives from across Software & Technology.

Browse Software & Technology Hub

About the Expert

MarketScale Newsroom
MarketScale Newsroom

Editorial Team

MarketScale

The MarketScale Newsroom reports on the companies, technologies, and trends shaping 16 B2B industries. It turns primary sources and expert commentary into clear, useful coverage for the people doing the work.