AI adoption is high. Governance is lagging.

Most Apple enterprises are adopting AI. Far fewer can see what it is actually doing. The AI in question isn't what Apple builds into the operating system. It's the third-party tools teams adopt on their own: AI assistants, developer tools and the AI arriving inside software they already run.

We heard from 687 IT and security leaders across Apple-first organizations. Nearly three quarters (72.9%) have already deployed AI in some form, yet more than four in five (81.7%) have either dealt with an AI-related incident or expect one. The pattern underneath the numbers is the part to dig into: those furthest along with AI are reporting incidents at the highest rates.

Call it the visibility gap. AI is being adopted faster than the tools and policies meant to govern it, and the further an organization gets, the wider that gap tends to open. The good news in the data is that the teams pulling ahead have already stopped treating governance and enablement as a trade-off.

AI realities facing Apple enterprises

1. The deeper the AI deployment, the higher the incident rate.

You would expect a more mature AI program to mean fewer surprises. The data points the other way. Among organizations with deeply integrated AI, 27.1% have dealt with an AI-related incident in the past year. Among those still exploring, it was 19.4%. That is a 40% higher rate for the teams you would assume have the basics handled.

Organizations that move fast tend to expand their AI footprint faster than they extend visibility into it. Every new tool adds endpoints, cloud calls, on-device processing, agents and integrations, all added without a governance layer. This creates distance between what is running and what IT can see, and that widening gap is where incidents occur.

2. Adoption is past the tipping point, but visibility hasn't caught up.

Nearly three quarters of the organizations we surveyed (72.9%) have put AI to work in some form, from team-level pilots to deep integration across daily workflows. The debate about whether to adopt AI is largely settled. The open question is how to maintain visibility and governance as that deployment scales.

When we asked respondents to describe in their own words which AI challenge they had not yet solved, 178 wrote back. The same four themes surfaced again and again:

• Shadow AI, where employees adopt tools without IT approval, often feeding them sensitive data through accounts IT never sees
• Agentic and developer AI, including command-line tools, IDE extensions, embedded models and third-party packages, running in places traditional monitoring tools were never built to watch
• Vendor sprawl, as existing vendors add AI to products already deployed across the fleet faster than teams can vet them
• Cost surprises, where usage-based pricing makes spend impossible to forecast

One respondent summed up the tension best: "Everyone wants all the AI right now. We want to slow down and verify, test and secure things, but the pitchforks are coming." Another described their tools as "largely unable to detect CLI tools, IDE extensions, browser extensions and third-party packages." The main websites are easy to catch. Everything else is not.

3. The teams pulling ahead pursue governance and enablement together.

For years, governance and enablement have been framed as opposing forces, as if every control added is speed given up. The data shows the leading teams have abandoned that idea. When we asked IT and security leaders to rank their top AI priorities for the coming year, three landed almost on top of each other: automating IT operations (44.4%), deploying AI productivity tools (41.0%) and establishing AI governance (36.7%).

These teams pursue speed and security at once, because they have realized the two were never really at odds.

That shift, treating deployment and governance as one effort rather than a choice between them, is the difference between absorbing incidents and avoiding them. Teams that build visibility and access controls in early are not slowing themselves down. They are saving themselves the cleanup later. Governance, handled early, is what makes fast deployment sustainable.

Closing the visibility gap

The survey makes one thing clear. As AI embeds itself deeper into how Apple enterprises work, the ability to see and govern what is running on the device has never mattered more.

There is a nuance specific to Apple environments worth understanding. Apple's privacy model and the management controls built into the platform give IT teams a strong foundation to build on, and realizing that advantage depends on using tools built for Apple from the start. Network-based tools show you the traffic, which cloud AI services users reach and how often, but that signal stops at the network edge. Even when the AI itself runs in the cloud, the access happens on the device: which tools are installed, what processes they spawn and what files they touch. None of that shows up in a DNS log. Seeing it, and governing it, means watching the device itself, not just the traffic around it.

The organizations getting this right are not slowing down. They are investing in the visibility to see what their AI is doing, the policies to govern how it is used, and the freedom to let people reach for the tools they need.