Executives See AI Control - The Operators See a Growing Blind Spot

AI is moving into the enterprise like an ordinary productivity upgrade, but the security picture looks anything but ordinary. In a survey of IT professionals across the UK and US, executives were far more likely than the people running AI day to day to believe the risk was under control. That split matters because AI governance breaks in exactly this place: not at the demo stage, but where tools meet real data, real permissions, and real workflows.

Fast Facts

• Heimdal’s 2026 survey covered 1,000 IT professionals, split evenly between the UK and US.
• In the US, 29% of C-suite and VP respondents said AI risk was under control, compared with 7% of mid-level practitioners.
• In the UK, the same measure came in at 18% for senior leaders and 11% for practitioners.
• The survey found AI adoption had outpaced security controls by roughly two to one.
• Only around four in 10 teams said their security stack was ready for AI-related risk.

What the gap really means

This is less a story about model quality than about control maturity. In practical terms, enterprise AI risk usually starts with incomplete inventory: teams do not always know which tools are sanctioned, which are shadow IT, and which have been quietly woven into daily work. Once that visibility is missing, policy alone becomes decorative.

The survey’s concern pattern is telling. Where teams had full visibility into AI use, data leakage rose to the top of the worry list. That matches a basic security principle: you cannot protect what you cannot see. The moment employees paste confidential text into a public chatbot, connect a copilot to internal systems, or use an AI service with unclear retention rules, the organization has a governance problem, not just a productivity boost.

NIST’s AI risk framework treats this as a lifecycle issue, not a one-time approval. The real controls are familiar to defenders: procurement review, contractual data-handling terms, access restrictions, logging, and privilege boundaries. OWASP’s guidance for large language model applications adds the failure modes that matter operationally, including prompt injection, sensitive-information disclosure, and excessive agency. In other words, the risk is not only what the model says, but what the model can be made to do.

That helps explain why overloaded teams are also optimistic about AI easing the burden. When staff are drowning in repetitive work, new automation can look like relief even before the controls are ready. But fatigue is a poor substitute for governance. If AI tools are adopted faster than they are cataloged, tested, and fenced, the organization may simply automate its exposure.

At the time of writing, the available information supports a risk analysis, not a definitive claim that any one company or agency has the same exposure pattern. The broader lesson is steadier: AI should be treated as core IT infrastructure, with the same discipline applied to identity, data, and third-party access.

Conclusion

The lesson for defenders is blunt. AI risk is not controlled by confidence, and it is not controlled by policy language alone. It is controlled by visibility, enforcement, and the willingness to treat every AI service as a live trust boundary. In security, the gap between feeling ready and being ready is where incidents begin.

WIKICROOK

• Shadow AI: AI tools used inside an organization without formal approval or visibility.
• CASB: Cloud Access Security Broker, a control layer for monitoring and restricting cloud app use.
• Prompt Injection: A technique that manipulates an AI system through crafted input to alter its behavior.
• Excessive Agency: A risk where an AI system can take actions beyond what defenders intended or approved.
• Least Privilege: The principle of giving users and systems only the access they need to do a task.