Enterprise AI's adoption gap: investment is up, but security, data, and accountability are lagging
Despite increased investment in enterprise AI, with 86% of C-suites raising budgets, only 32% report a sustained impact from their AI initiatives. Challenges such as prompt injection, shadow AI, and data gaps are contributing factors to this discrepancy. Effective strategies to address these issues are essential for realizing the full potential of AI in enterprises.
This story was produced through MarketScale. See how Software & Technology teams put it to work with Executive Thought Leadership.
Key facts, context, and what it means, in one minute.
Key takeaways
86% of C-suites are increasing AI budgets.
Only 32% report sustained impact from AI.
Prompt injection and shadow AI are key challenges.
Only 32% of organizations report sustained business impact from AI, even as 86% of C-suite executives say they are actively increasing their AI budgets. That gap, drawn from an Accenture survey and reported by Forbes contributor Melody Brue, is the clearest signal yet that enterprise AI has moved past the pilot phase and into a harder problem: making it work operationally, at scale, without introducing new liabilities.
Three distinct failure modes are now visible across the enterprise. Security defenses have not kept pace with AI-specific attacks. A layer of unsanctioned AI activity is running below the radar of finance and IT. And models are breaking not because of faulty algorithms, but because the underlying data cannot handle real-world complexity. Each problem lands differently on different teams, but together they define the operational challenge of 2026.
Prompt injection: the attack vector security teams aren't ready for
CrowdStrike has characterized prompts as the functional equivalent of malware in AI-integrated environments, a framing reported by Forbes contributor Janakiram MSV. The mechanism is prompt injection: attackers embed instructions inside content that an AI agent processes, causing the model to act in ways the operator never authorized. A customer-service bot reads a malicious document; an internal copilot processes a poisoned email.
The exposure is not hypothetical. Janakiram MSV reported that 65% of organizations currently have no dedicated defenses against this attack class. As AI agents take on more consequential tasks, writing code, approving workflows, querying internal databases, the blast radius of a successful injection grows proportionally. Security teams built for perimeter defense and endpoint protection are largely unprepared for an attack surface defined by text inputs.
The operational implication is concrete. Any organization deploying agentic AI without input validation, output monitoring, and prompt-specific threat detection is operating with an unacknowledged gap in its security posture. CrowdStrike and other security vendors are beginning to address this, but the market for AI-native defenses is still forming.
Shadow AI: the labor your ledger doesn't see
Finance and procurement leaders face a different kind of exposure. Forbes contributor Güney Yıldız reported that 53% of automated work in enterprise environments now runs on AI applications not tracked in official systems. The term is shadow AI, and its implications go well beyond the familiar shadow IT problem.
When an employee or contractor uses an unsanctioned AI tool to complete a task, the output enters company workflows but the activity doesn't appear in cost accounting, vendor contracts, or compliance records. That creates a structural accounting gap: AI labor is being consumed and delivered, but it is invisible to the systems that govern spend, data handling, and regulatory reporting. For organizations in regulated industries, or those subject to data residency and privacy obligations, the exposure is direct.
Procurement teams that have spent the past two years building approved vendor lists and AI usage policies now face the reality that a majority of actual AI activity may be happening outside those guardrails. Closing that gap requires both technical controls, such as network monitoring and application allowlisting, and updated procurement policies that account for how individual contributors actually source and use AI tools.
Data quality: why more training data isn't the answer
The third failure mode is less visible but equally consequential. Forbes contributor Anjana Susarla argued that many enterprise AI deployments are not failing because of model architecture, but because the data feeding those models lacks the contextual nuance required to handle edge cases. Real-world business decisions routinely involve ambiguity, exception handling, and judgment calls that clean, structured training datasets don't capture.
The instinct to address underperforming models by adding more data is understandable but often counterproductive. Volume doesn't substitute for representativeness. A procurement model trained on historical purchase orders may perform well on routine transactions and fail on contract disputes, single-source justifications, or emergency buys, precisely the scenarios where automated judgment matters most.
Forbes contributor Bernard Marr raised a related structural point: as AI amplifies individual output, influence inside organizations is beginning to shift toward the employees who use AI most effectively, regardless of seniority. The people best positioned to identify data quality gaps and edge-case failures are often frontline workers, not the data scientists managing the models. That has direct implications for how IT and operations leaders staff AI programs.
What the Anthropic Fable suspension signals about AI vendor risk
A separate development offered a live demonstration of a procurement risk most enterprise buyers hadn't priced in. The two-and-a-half-week suspension of Anthropic's Fable AI model, shut down over security concerns before the company reached a deal to restore access, was reported by Amrith Ramkumar and Robert McMillan at The Wall Street Journal. Enterprise teams that had integrated Fable into workflows faced sudden disruption with little warning.
The episode makes clear that AI model availability is now a vendor-continuity question, not just a capability question. It should be evaluated accordingly in contract and resilience planning, alongside standard considerations such as SLA uptime and data portability.
What this means for your team
- Audit your AI attack surface: map every workflow where an AI agent processes external input and validate whether prompt-level controls and output monitoring are in place. The 65% of organizations without dedicated prompt-injection defenses represent a specific, correctable gap.
- Run a shadow AI census: require employees and contractors to disclose AI tools in use outside approved vendor lists. Cross-reference with network logs and expense data to get a realistic picture of unsanctioned AI activity before it becomes a compliance finding.
- Reframe data quality as a procurement criterion: when evaluating or renewing AI vendor contracts, require documentation of how models handle edge cases and low-frequency scenarios relevant to your operations, not just aggregate accuracy benchmarks.
- Build vendor continuity clauses into AI contracts: the Anthropic Fable suspension is a template for what enterprise buyers should now treat as a standard risk. Contracts should address model availability, substitution rights, and notification timelines in the event of regulatory or security-driven disruptions.
Sources
- Accenture Survey Finds AI Investment Surging, But Operating Models Lag ↗ · Forbes
- Prompts Are The New Malware As Enterprise AI Defenses Fall Behind ↗ · Forbes
- Your Company Is Already Run Partly By AI. Your Accounts Don't Show It. ↗ · Forbes
- More Data Won't Save Your AI: Why Nuance And Judgement Are Needed For An AI Resilient Enterprise ↗ · Forbes
- How AI Could Blow Up Corporate Hierarchies ↗ · Forbes
- Enterprise AI adoption gap: security and ROI risks in 2026 ↗
About the author
The MarketScale Newsroom reports on the companies, technologies, and trends shaping 16 B2B industries. It turns primary sources and expert commentary into clear, useful coverage for the people doing the work.