New research makes the case for agentic GRC as ungoverned employee behavior outpaces human oversight.

LOS ANGELES, May 12, 2026 /PRNewswire/ — Optro (formerly AuditBoard), the leading AI-powered GRC platform empowering enterprises to transform risk into opportunity, today released “Human Behavior: The AI Risk Surface GRC Can’t Ignore.” The report, which surveyed 800+ IT, security, audit, and GRC professionals, reveals a critical shift in the threat landscape: the most urgent AI risks don’t come from model failures like hallucinations—they come from unvetted employee behavior and Shadow AI. The findings also informed Optro’s recent acquisition of Midship, representing a significant milestone in delivering the first and only enterprise-grade agentic system of action for GRC.

The AI Visibility Gap: Governing the Invisible
AI adoption is outpacing governance. Despite rapid integration into daily workflows:

• Only 34 percent of organizations maintain a formal AI model inventory.
• Only 18 percent of organizations automatically block unauthorized AI domains.
• 56 percent of organizations use embedded AI within third-party vendor tools, which employees often don’t even recognize as “using AI,” heightening the potential for unmanaged third-party threats.

The consequences are real: 82 percent of respondents reported an increase in AI-enabled attacks over the last 12 months. Chief Information Security Officers (CISOs) are feeling the pressure most acutely, with 72 percent reporting a “significant” increase in attacks, led primarily by AI-powered social engineering.

The Accountability Gap: Authority vs. Responsibility
GRC and security leaders are being held responsible for risks they lack the tools or authority to address:

• Over two-thirds said they were only “somewhat confident” or “not very confident” their organization could respond decisively to a fast-moving AI security incident.
• 23 percent of CISOs cite a lack of AI security expertise as their top barrier.
• 42 percent of CISOs say insufficient focus on AI governance is their primary concern about the future policy environment.

The Future of GRC AI Governance
Organizations that integrate AI governance cross-functionally—with clear accountability across GRC and related teams—report better outcomes in nearly every area. In a separate Optro survey, when asked which AI-powered capabilities would be most valuable for compliance and risk teams, 71 percent selected agentic and automation technology. This suggests practitioners are eager to implement emerging AI-powered technologies such as autonomous agents. Optro’s acquisition of Midship directly addresses this demand, deploying AI agents capable of automating up to 87 percent of manual controls tasks.

“AI sits on both sides of the risk coin—it will significantly increase the surface area of risk for all organizations, and at the same time, AI will be a critical component of the governance stack,” said Guru Sethupathy, GM of AI Governance at Optro. “That is why we believe smart AI Governance will be a differentiator, enabling speed and trust.”

To download the full report, visit Optro.ai.

About Optro
Optro (formerly AuditBoard) helps enterprises transform risk into opportunity, redefining GRC through an agentic system of action. More than 50% of the Fortune 500 trust Optro to elevate audit, risk, and compliance in addressing a new era of risk. Optro is top-rated by customers on G2 and was named a Leader in the 2025 Gartner® Magic Quadrant™ for Governance, Risk and Compliance (GRC) Tools, Assurance Leaders. To learn more, visit: optro.ai.

Contact:
Laura Groshans
press@optro.ai

###

View original content to download multimedia:https://www.prnewswire.com/news-releases/optro-data-shadow-ai-is-winning82-percent-of-organizations-report-surge-in-ai-enabled-attacks-302768997.html

SOURCE Optro, Inc