

A report by Drata recently analyzed survey responses from security and IT professionals on AI adoption trends. The report exposes a widening gap between what organizations expected from AI in governance, risk, and compliance (GRC) and what it has actually delivered — and traces that gap to three compounding failures: vendors oversold, buyers bought breadth, and governance never caught up.
According to the report, 13% of IT and security professionals confidently claim full visibility into the AI tools active within their organization, while the remaining 87% admit they are governing (or attempting to govern) something they cannot fully see. That blindness creates risks that security teams exist to prevent, yet 71% of organizations report that an AI tool used for GRC has led to a failed audit or lapsed regulatory standard at least once.
Additional report findings include:
- 86% of teams agree that many GRC-focused AI tools aren’t enterprise ready.
- 83% state they are not fully prepared to handle the coming wave of AI integration.
- Three-quarters of organizations now discontinue underperforming AI tools faster than they used to, and when they expose shortcomings, more than half revert to manual processes.
- 64% of respondents prefer targeted agentic AI systems over broad, all-in-one platforms. Among risk-focused buyers, that number rises to 70%.
- Nearly half of organizations with an external trust center report greater transparency into vendor security, and 44% report faster vendor reviews.
https://www.securitymagazine.com/articles/102434-majority-of-organizations-agree-that-many-grc-ai-tools-arent-ready


