What happened
FireTail published an enterprise AI security risk analysis on April 8, 2026 revealing that 90% of all AI usage in organisations falls outside approved channels (shadow AI), and only 34% of enterprises have AI-specific security controls. The report positioned AI Security Posture Management (AISPM) as the emerging practice for centralising discovery, detection, and governance across AI assets and highlighted Agent Goal Hijacking (OWASP Agentic Top 10 ASI01) as the top agentic AI risk.
Why it matters
The shadow AI finding means most enterprises have near-zero visibility into the AI models their employees are interacting with, the data being shared, or the outputs being relied upon — creating uncontrolled data exfiltration and compliance exposure that traditional DLP and CASB tools cannot address.
Applicability
Security architects evaluating enterprise AI governance should build AISPM into their 2026 security stack planning; organisations should baseline their AI asset inventory before procuring point solutions. CISO teams should run a shadow AI discovery exercise as a precursor to any AI security programme.