Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo
Sponsored

New security research finds governance determines trust in AI

Published Feb. 17, 2026
By Niall Heffernan, Staff GRC Analyst, Tines
mechanical gears and circuits
Permission granted by Tines

As AI adoption deepens, security teams face a tricky dilemma: how to move quickly while managing new security, privacy, and data exposure risks.

Tines’ Voice of Security 2026 report surveyed over 1,800 security leaders and practitioners to understand how security teams are evolving in the era of AI. The findings show AI governance is now a central priority for 2026. Half of organizations (50%) already have a formalized and active AI policy in place, while another 42% are establishing one. Yet security and compliance concerns remain the top barrier to effective automation, cited by 35% of respondents.

Below, we explore what the data reveals and how leaders can maintain control and visibility while still enabling innovation.

The greatest AI risks are internal

Many of the top security challenges expected in 2026 stem from how AI is used inside the organization. Key risks include data leakage through AI copilots and agents (22%), evolving regulatory requirements (20%), and shadow AI (18%).

To manage this, organizations need clear policies and guardrails so teams can rely on AI outputs and use them consistently across workflows. AI governance provides the controls and processes that keep operations predictable. It reduces risks such as noncompliance, data exposure, and unauthorized AI use while allowing teams to move quickly and confidently to capture AI’s full operational value.

Policy maturity determines confidence

Organizations are already responding to governance needs. Half (50%) have a formalized and active AI policy in place, while another 42% are establishing one. Larger organizations, particularly those with over 5,000 employees, are more likely to have mature policies, while smaller organizations are still catching up.

The research shows a clear relationship between AI policy maturity and trust. Where a formal AI policy exists, 65% of respondents are very confident that AI outputs are subject to human-in-the-loop checks and other guardrails used in security decisions. That drops to 25% for organizations still developing policies and to 17% where no policy exists.

AI adoption alone doesn’t ensure trust. Structured oversight is key.

AI can help teams write the rules

Security teams don’t have to approach designing governance alone. The research shows AI already performs strongly in compliance and policy writing, with 56% of respondents rating it highly effective. It’s one of the top three jobs respondents say AI excels at.

Human judgment is still essential for driving important decisions. But AI can accelerate drafting, summarization, and documentation work, turning governance from a periodic audit activity into an operational workflow teams use regularly.

Designing governance in practice

Security leaders can turn governance into a working system by making expectations explicit and repeatable across the organization.

  • Define approved use cases so teams know where they can and should use AI to eliminate repetitive muckwork and increase efficiency. Start with a narrow set of use cases and expand as confidence grows.
  • Document and share guidelines around approved AI usage and tools.
  • Set human-in-the-loop checkpoints where judgment matters, such as during investigations, policy reviews, and anomaly triage that requires contextual understanding before action is taken.
  • Standardize workflows and tools to reduce inconsistent usage and shadow AI.
  • Use AI and automation to help fuel key parts of governance like evidence collection, policy management, and audit prep.
  • Partner with legal, risk, and compliance to make policies usable across the organization and help foster company-wide buy-in.

Clear guardrails remove hesitation. When people know what AI is allowed to do, when review is required, and how decisions are validated, they can use it confidently in real workflows.

From experimentation to trusted operational AI

AI is foundational to security operations with 99% of SOC teams using it. Leaders must treat governance as strategic infrastructure rather than a nice-to-have overhead. Clear policies and guardrails allow organizations to scale AI safely, support business agility, and protect against emerging threats.

Governance helps turn AI from isolated pilots into trusted operational capability. Want to dive deeper into how security teams are evolving? Get even more insights and actionable tips by downloading the full report now.

Editors' picks

Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell