The biggest AI risk inside enterprises is the person at the keyboard, not the model, Optro report
An auditor asks the firm’s compliance platform to flag risky clauses across 400 contracts. It does, in seconds. What no one on the audit team can tell you is which model made the call, what it missed, or where to look when it turns out to be wrong. This, far more than any rogue model, is where enterprise AI risk now lives.
New research from Optro, the GRC software company formerly known as AuditBoard, found that the greatest AI risks facing organisations no longer stem from catastrophic model failures but from the accumulation of everyday human decisions made inside increasingly invisible AI systems. The study, drawn from 822 audit, GRC, IT and security decision-makers across the United States, Canada, Germany and the United Kingdom, reported that 82% of organisations have seen a rise in AI-enabled attacks over the past year, with 39% calling the increase significant. The dominant threat is not a system being hacked. It is a person being manipulated.
“At this early stage, AI risk is being driven as much by human behaviour as it is from the technology itself,” said Guru Sethupathy, GM of AI Governance at Optro. “Lack of sufficient review of AI output, moving too quickly without sufficient guardrails and shadow AI are examples of human behaviours that increase the surface area of AI risks.”
Attackers have already worked out that the weak point is human
The attack data points away from technical exploitation and towards persuasion. Social engineering, the manipulation of people rather than systems, ranked as the top threat priority ahead of ransomware, and 61% of respondents said it had grown over the year. Among chief information security officers, the trend was sharper still, with 72% reporting that attacks had increased significantly. What makes this difficult to defend is that the lure now arrives faster and more convincingly than before, generated by AI and aimed squarely at an individual employee's judgment.
The behaviours that security leaders worry about most are the same ones attackers are counting on. Sixty-two per cent named employees feeding confidential business data into AI tools as a leading concern, the same proportion flagged exposure of personally identifiable or customer data, 60% pointed to staff relying on AI output without verifying it, and 59% cited shadow AI, the use of unapproved tools. These are not rare failures. They are daily patterns, repeating across every function, in the hands of people who do not consider any of it especially risky.
The tools employees use most are the ones governance can see least
Human risk concentrates precisely where visibility is thinnest. More than half of organisations (56%) already use AI embedded in vendor software, approaching the 63% that use standalone generative AI, yet employees rarely recognise that embedded functionality as AI at all. They think of it as using their contract platform or their email client, not as using AI, which means a large share of enterprise AI activity never registers with the teams responsible for governing it. Close to 44% of respondents said they were concerned about the lack of awareness, rising to 55% among C-level executives.
The blind spot is both structural and conceptual. Only 34% of organisations maintain a formal inventory of the AI models they run, and just 31% have any AI incident response procedure in place. An organisation cannot monitor or respond to behaviour inside a system it has never catalogued. Nearly two-thirds, 64%, of audit, GRC and IT decision-makers said they felt only somewhat confident or outright unconfident in their visibility into third-party cyber risk, including the risk introduced through vendor AI. The people closest to the threat were often the least assured, with CISOs trailing the wider sample by 22 percentage points on third-party cyber risk visibility.
When no one owns the risk, the behaviour goes unmanaged
Even when the human risk is visible, it is frequently no one’s job to manage it. A third of organisations said they felt responsible for risks they could not actually control, and among CISOs a third reported that their accountability and authority were misaligned with third-party AI risk. The cost surfaces under pressure: 69% said they were only somewhat confident to not very confident that their organisation could respond decisively to a fast-escalating AI incident without department silos and unclear decision-making getting in the way.
Behind the ownership gap sits a skills one. Across security, audit, and compliance functions, respondents repeatedly cited shortages of AI expertise, continuous monitoring, and operational capacity as the main barriers to oversight. Among CISOs, 23% identified a lack of personnel with expertise in AI security and emerging risks as their single biggest obstacle, a figure echoed by 31% of internal audit respondents. The effect is an organisation facing an accelerating, behaviour-driven threat without enough people who can read it, so the risk accumulates because no one is positioned to respond.
Sethupathy argued that the structures most companies rely on are part of the problem. “Traditional GRC frameworks are static and slow to update, but that is insufficient to keep up with how quickly AI technology and risks are evolving,” he said. “For instance, few standards or guardrails consider agentic AI and need to be quickly updated to stay relevant. At many companies, governance is a point-in-time exercise, AI risks are evolving in real time.”
The fix runs through the same people who create the risk
If human behaviour is where AI risk concentrates, the response has to reach people rather than route around them. The research points to cross-functional integration as the strongest predictor of better outcomes. Organisations that embedded AI processes and clear lines of authority across teams reported faster risk identification, better regulatory readiness and improved executive reporting, with the gap between high and low integration widest on executive reporting, at 58% against 40%. The recurring barriers were the silo, the individual employee using AI without being observed, and the governance team being unsure which function owns what.
Optro’s prescription pairs a management-level governance committee spanning legal, compliance, IT, data science, and the business units actually using the tools with automation to handle the scale that manual oversight cannot. The company has put commercial weight behind that second half, pointing to its acquisition of Midship and AI agents, it says can automate up to 87% of manual controls work. The argument carries an obvious commercial interest for a GRC vendor selling the platform, and it leaves open the harder questions of cost, integration, and whether automating oversight introduces fresh dependencies of its own. What the data does establish is that the bottleneck is real, with a quarter of IT security professionals citing budget as their main constraint on addressing evolving threats.
“AI sits on both sides of the risk coin; it will significantly increase the surface area of risk for all organisations, and at the same time, AI will be a critical component of the governance stack,” said Sethupathy. “We believe smart AI Governance will be a differentiator, enabling speed and trust.”
The tension running through the findings is that the cause and the proposed cure are the same: the technology and the people using it. Well-applied guardrails can turn governance from a brake into an enabler. Applied poorly, or not at all, they leave the most exposed surface in the enterprise, the everyday judgment of employees like the auditor trusting 400 flagged contracts to a model no one can name, defended by frameworks that update once a year against threats that change by the day. On the evidence here, that is the gap most organisations have yet to close.
