Risk management software provider Riskonnect recently released the 2025 New Generation of Risk Report, providing insight into the most pressing risks facing organizations today. The report shows general improvements in risk management, but a significant lag in AI oversight. The paradox of progress—advancing capabilities and technologies without developing and implementing appropriate governance in parallel—presents a major threat to modern organizations.
Agentic AI—Promise and Peril
One of the most advanced developments in the recent AI explosion has been the increasing adoption of agentic AI. AI agents are capable of making autonomous decisions and actions within a system, potentially offering benefits in efficiency and productivity, such as intelligent action growing from previous automation capabilities, reducing costs of operations, and allowing for human users to focus more resources on crucial operations.
However, agentic AI also introduces significant risks in enterprise environments, as it can become compromised or “go rogue,” resist security and operational necessities like logging and documentation, and enable attacks from external actors. Riskonnect’s data shows that 60% of organizations intend to adopt agentic AI technologies, but more than half fail to carry out risk assessments. This risk is worsened by severe blind spots, as leaders demonstrate a lack of awareness regarding internal AI initiatives.
Governance Gaps and Third-Party Risks
The report shows that many organizations are missing crucial measures for AI security: 42% lack internal GenAI policies, and 72% lack external partner controls. The expanding AI supply chain serves as a rapidly growing potential attack surface, increasing avenues of risk without proper oversight and security protocols.
This is in line with the longstanding threat of third-party software as an attack vector, which has led to many catastrophic and high-profile breaches. These include the 2022 attack on Uber through the compromised vendor Teqtivity, the 2022 attack targeting massive swaths of U.S. school districts via the Illuminate Education software, and the 2023 MOVEit file transfer supply chain attack.
Validation from AvePoint’s Data
Another recent report from AvePoint corroborates the data and conclusions of Riskonnect’s report. According to AvePoint, AI deployment delays are driven by inaccurate output and data security fears. More than 75% of organizations experience AI-related security breaches, highlighting the severe risks associated with the rapid adoption of new technologies without adequate security policies.
The AvePoint report also shows a major disconnect between perceived readiness and actual resilience. The vast majority (90%) of organizations believe they have an information management framework in place, but alarmingly, only 30% of organizations say that their framework effectively classifies and protects data.
Where Companies Are Investing
Organizations are increasingly investing in AI governance and data security tools. There is a growing emphasis on AI literacy and role-based training, with 99.5% of organizations in the report adopting these measures. There is a demonstrable shift toward measurable effectiveness using both quantitative and qualitative assessments.
Trends in adoption and investment should be taken into consideration alongside individual organizational needs. “As organizations increasingly embed AI tools and agentic systems into their workflows, they must develop governance structures that can keep pace with the complexity and continued innovation of these technologies,” says Nicole Carignan, Senior Vice President, Security & AI Strategy, and Field CISO at Darktrace. “However, there is no one-size-fits-all approach. Each organization must tailor its AI policies based on its unique risk profile, use cases, and regulatory requirements.”
From Compliance to Confidence
In the age of rapid and widespread agentic AI implementation, it is crucial for organizations to adopt unified frameworks bridging governance, data quality, and ethical design. AI risk is the new frontier of enterprise trust, requiring serious consideration and robust policies to protect against rising risks. In the race to scale AI for organizational use, it’s not the fastest adopters who win—it’s the ones who are most prepared to effectively secure their usage of AI tools and agents.
