Shadow AI is outpacing enterprise governance, Smarsh study finds
A Smarsh study reveals that only 26% of enterprises believe their AI governance matches the pace of AI deployment, while just 30% are capable of detecting shadow AI. This highlights the challenges companies face in managing AI in enterprise environments.
This story was produced through MarketScale. See how Software & Technology teams put it to work with Executive Thought Leadership.
Key facts, context, and what it means, in one minute.
Key takeaways
Only 26% of enterprises report adequate AI governance.
Just 30% of companies can detect shadow AI.
There's a growing gap between AI deployment and governance.
Fifty-five percent of enterprises are actively deploying AI, but only 26% say their governance frameworks are fully aligned with that pace. That finding, from the 2026 Enterprise AI Trends Study released July 7 by Smarsh and conducted by FTI Consulting, puts a hard number on a problem compliance and operations leaders have been warning about for two years: AI deployment is moving faster than the structures built to manage it.
The shadow AI blind spot
The governance gap is sharpest around shadow AI. Only 30% of organizations report comprehensive capabilities to detect and manage AI tools that employees are running outside approved workflows. For regulated industries, that number is particularly consequential. Unauthorized AI use can touch recordkeeping obligations, supervision requirements, privacy rules, and sector-specific regulatory mandates, all at once, and often invisibly.
The study was fielded by FTI Consulting and builds on Smarsh's earlier 2026 Compliance Horizon Insights report, extending the analysis from regulatory exposure to the specific governance capabilities organizations need to deploy AI responsibly at scale. Goutam Nadella, Chief Strategy Officer at Smarsh, noted in the report that communications data, long treated primarily as a preservation and regulatory obligation, is now becoming an operational asset as AI embeds itself across business functions.
Data governance is the real readiness test
Enterprises are clearly spending to close the gap. The study found 62% are investing in AI and machine learning capabilities, 53% in data quality and enrichment, and 51% in modernizing their archives. But investment levels alone do not tell the whole story. James Condon, Managing Director and Americas Head of Insights at FTI Consulting Strategic Communications, pointed in the report to persistent barriers around visibility, integration, data quality, and oversight that continue to prevent organizations from scaling AI with confidence.
The research identifies a structural issue: AI governance cannot be scoped to individual tools or endpoints. As AI agents, collaboration platforms, APIs, third-party applications, and legacy systems become increasingly interconnected, any governance model that does not span the full data ecosystem leaves gaps. Communications data sits at the center of that ecosystem in most regulated enterprises, touching every workflow from employee supervision to deal documentation to customer interaction.
Five trends reshaping enterprise AI readiness
The study organizes the findings around five trends. First, AI adoption is outpacing governance, with shadow AI creating blind spots in recordkeeping and supervision. Second, communications data is shifting from a compliance cost to a competitive asset, used for AI training, investigations, and business intelligence. Third, enterprise risk now spans interconnected systems rather than isolated tools. Fourth, security and compliance are becoming proactive and always-on rather than reactive. Fifth, compliance leaders are increasingly influencing AI strategy and third-party risk decisions, not just implementing what IT decides.
What this means for your team
- Audit shadow AI exposure now: with only 30% of enterprises able to detect unauthorized AI use, teams without a current inventory of AI tools in active employee use are likely operating with blind spots in their compliance posture.
- Reassess archive and data quality investments as AI infrastructure: the 51% of enterprises modernizing archives are not just doing housekeeping, they are building the data foundation AI governance and AI-powered investigations will depend on.
- Involve compliance in AI procurement decisions: the study's finding that compliance leaders are increasingly shaping AI strategy and third-party risk decisions reflects a structural shift, and procurement processes that exclude compliance early will create rework.
- Evaluate governance across the full connected ecosystem: AI agents, APIs, and collaboration platforms require visibility at the data-flow level, not just endpoint controls. Any governance framework limited to approved tools misses the shadow AI problem entirely.
Sources
Featured companies
About the author
The MarketScale Newsroom reports on the companies, technologies, and trends shaping 16 B2B industries. It turns primary sources and expert commentary into clear, useful coverage for the people doing the work.