A new study by Optro (formerly AuditBoard) reveals that 56% of organizations are now using embedded AI tools within enterprise software, significantly increasing governance challenges and creating new risk blind spots for businesses worldwide.
While much attention has been focused on generative AI tools, the report highlights that embedded AI integrated directly into everyday enterprise applications is emerging as an equally critical risk factor. Unlike standalone AI tools, employees often do not recognize these capabilities as “AI usage,” resulting in reduced oversight and growing exposure to security, compliance, and operational risks. In fact, 44% of respondents expressed concerns about employees’ lack of awareness of embedded AI systems.
“At this early stage, AI risk is being driven as much by human behaviour as it is from the technology itself… lack of sufficient review of AI output, shadow AI, and insufficient guardrails are expanding the surface area of AI risks,” said Guru Sethupathy, GM of AI Governance at Optro.
The research suggests that AI-related risks are no longer limited to system-level failures but are increasingly driven by everyday human interactions with AI tools. Behaviors such as over-reliance on AI outputs, rapid adoption without safeguards, and the use of unapproved “shadow AI” tools are expanding enterprise risk exposure beyond what traditional governance, risk, and compliance (GRC) frameworks can address.
Adoption of embedded AI is now nearing the levels of generative AI, which stands at 63%. However, governance readiness remains low. Only 34% of organizations maintain a formal inventory of AI models, while just 31% have implemented AI incident response procedures. Additionally, 64% of audit, GRC, and IT leaders report limited confidence in their visibility into third-party cyber risks, particularly those linked to vendor-provided AI capabilities.
The report also highlights growing concerns about AI-driven threats, with 35% of respondents warning that overly permissive AI governance policies could accelerate risks such as social engineering and impersonation attacks.
Optro’s findings indicate that organizations are reaching the limits of manual governance models. Shortages in AI expertise, limited monitoring capabilities, and constrained resources are preventing effective oversight. To address these gaps, the company emphasizes the need for AI-driven governance solutions, including autonomous agents capable of automating high-volume compliance tasks.
As AI adoption accelerates, the study concludes that organizations must rethink governance strategies, shifting from static frameworks to continuous, real-time oversight. Enterprises that successfully implement adaptive AI governance models will be better positioned to balance innovation with trust, security, and compliance in an increasingly AI-driven landscape.
