88.4% breached. One budget, gone in four months. This isn't an AI story - it's a governance story
- Yen Roxas

- 2 days ago
- 1 min read
Two data points from this year should sit uncomfortably next to each other.
AvePoint's 2026 State of AI report found that 88.4% of organisations suffered at least one AI agent-related security incident in the past year - data leakage and manipulation by untrusted inputs the leading culprits.
Around the same time, Uber reportedly burned through its entire 2026 AI budget by April - four months in, after rolling out AI coding tools to roughly 5,000 engineers and gamifying usage with an internal leaderboard.
Different problems. Same root cause: adoption outrunning governance.
Nearly every enterprise I speak with is racing to deploy agents. Few have paused to ask who's watching them, what they're touching, and what "success" even means beyond token consumption.
Uber's own COO is now asking whether the productivity gains can be tied to real features shipped. That's the right question - asked four months too late.
This is precisely why I'm advocating that AI without purpose is just risk wearing a productivity costume.
Visibility, enforceable controls, and a clear definition of value aren't friction to innovation - they're what make innovation durable enough to trust.
The organizations that will win the next phase of AI adoption won't be the fastest movers. They'll be the ones who scaled agents with the same discipline they'd apply to any other capital commitment.
Where is your organization on that curve - accelerating, or still asking the right questions?



