85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.

IT teams are masking a severe governance crisis behind confident rhetoric. Eighty-five percent claim ownership exists for every AI agent they deploy. Only 42 percent can actually identify who owns them. That 43-point gap represents uncontrolled autonomous systems operating inside enterprise infrastructure.

The problem extends beyond technical oversight. Organizational leaders hide AI use at nearly double the rate of other employees. Forty-two percent of leaders conceal deployment, compared to 23 percent across the broader workforce. Among those hiding usage, 52 percent admit they do it for competitive advantage. This shadow AI adoption means security teams cannot audit what they don't know exists.

Ivanti's survey of 3,900 employees across six countries exposes a dangerous assumption. IT organizations believe they control their AI systems. Reality shows they cannot identify who manages these systems, let alone what those systems access or decide. Sam Evans, CISO at Clearwater Analytics, which manages 8.8 trillion dollars in assets, flagged the risk directly. Unowned or misowned AI agents create liability that board governance structures never anticipated.

The gap between claimed and actual ownership reveals why existing governance frameworks fail. Those frameworks assumed humans make decisions and take responsibility. AI agents operate autonomously, and enterprise culture has not caught up. Leaders deploy systems for strategic advantage while keeping deployment hidden from security teams. IT assumes names match systems. Forty-three percentage points separate assumption from reality.

This creates a specific vulnerability. Autonomous systems manage data, execute transactions, and make decisions without clear accountability chains. When something fails or acts unexpectedly, no single owner exists to explain it, remediate it, or prevent recurrence. The organization lacks the basic information required to govern anything.

Fixing this requires immediate action beyond existing tools. Enterprises must mandate AI agent registries with mandatory ownership assignment before deployment. Security teams need discovery mechanisms to find hidden systems