Artificial intelligence has moved beyond experimentation. Organizations are now trying to embed the tech into everyday operations without creating new security, governance, or accountability problems.
To better understand how organizations are balancing innovation with governance, TNCR | Executive Research surveyed technology leaders about ownership, accountability, workforce readiness, and the risks associated with scaling AI. Their responses point to a clear shift: the challenge is no longer whether to adopt AI, but how to scale it without losing control.
Most contributors described their organizations as guardrails-driven, relying on approved tools, policies, and lightweight controls to balance innovation with risk. Others said their approach remains ad hoc or reactive, while a smaller group reported embedded and adaptive governance.
That spread matters.
While many organizations appear to be past informal experimentation, relatively few have reached a mature model where governance is built into platforms, workflows, and culture.
A Balancing Act
For years, governance was treated as something that slowed innovation down. AI is changing that view.
With 53% of TNCR | Executive Research contributors identifying their approach as guardrails-driven, technology leaders appear to be searching for a middle path. They want employees to move quickly, but not blindly. They want experimentation, but not shadow AI. They want adoption, but not unmanaged exposure.
Beth O’Rorke, SVP and Chief Technology Officer for VSP Vision, captured the balance clearly: “Balance speed with guardrails.” Monica Pemberton, Vice President and Chief Information Officer at the American Council on Education, made a similar point, noting that “scaling AI responsibly is not about slowing innovation. It is about creating the conditions for sustainable innovation.”
That distinction is important. Governance is not simply a control function. Done well, it gives employees confidence to use AI because they understand the boundaries. Done poorly, it either slows adoption or pushes usage outside official channels.
“If you lock everything down, people will simply use AI outside your visibility. If you allow anything and everything, you eventually end up with security, legal, quality, and trust problems.”
Scott Kelly, Vice President of Technology at Office Pride
Several contributors emphasized that governance works best when it is built into how employees use AI rather than layered on afterward. Brian Thomas, VP & CIO at Contech Control Services, Inc., argued that organizations should embed guardrails directly into AI tools, scale usage based on risk, maintain visibility into AI use, and ensure employees remain accountable for outcomes. Charles Burton, Information Technology Director for the Calcasieu Parish Police Jury, offered a similarly practical perspective, encouraging leaders to provide the tools employees need while creating guardrails for AI risk.
The strongest governance models are practical, visible, and easy to follow. The goal is not to eliminate experimentation. The goal is to make responsible experimentation easier than irresponsible experimentation. That theme surfaced repeatedly throughout the research.
Leaders seeing progress are not choosing between innovation and governance. They are building governance into the way innovation happens.
The Ownership Question
AI governance ownership remains heavily concentrated within technology leadership.
In the research, 47% of contributors identified CIO, CTO, or other technology title as the primary owner of AI governance and accountability. Another 35% pointed to cross-functional AI governance groups. Smaller percentages identified security leadership, legal or compliance teams, or no clearly defined owner.
The findings suggest that most organizations still view AI governance primarily as a technology responsibility. While cross-functional governance models are emerging, they remain less common than technology-led approaches.
Several contributors emphasized the importance of clearly defined accountability as organizations expand AI adoption. Lonnie Garris, Cybersecurity Consultant at Riomar Group, advised organizations to establish a formal AI governance charter with clearly defined roles and responsibilities. Lyman Mubukani, Technology Lead at Right to Care, similarly encouraged organizations to establish governance structures that can serve as guardrails for AI adoption.
Monica Pemberton noted that business units, HR, legal, communications, executive leadership, and employees all need a shared understanding of AI’s opportunities and risks. Her observation reflects a broader reality facing many organizations: while governance ownership may sit within technology today, AI’s impact extends across the enterprise.
Taken together, the responses indicate that organizations are still defining how governance responsibilities should evolve as AI becomes more deeply embedded in business operations.
The Biggest Challenge May Not Be Technology
Workforce readiness emerged as the most frequently cited barrier to scaling AI responsibly. Integration into existing workflows followed closely, while workforce trust, data privacy and security, and managing autonomous or agentic AI behavior were also cited repeatedly by TNCR | Executive Research contributors.
That should get leadership’s attention.
AI adoption will not succeed because an organization buys the right platform. It will succeed when employees know how to use AI well, managers know how to govern it, and leaders create trust around its role in the business. Employees need more than technical training. They need clarity around acceptable use, confidence in approved tools, and the ability to evaluate AI-generated outputs. They also need to know when not to use AI.
Alpesh Patel, VP, Services at NTT LTD, advised technology leaders to focus on building a culture of trust and experimentation. William Novak, CIO at Meaden & Moore, emphasized the need for continuous training, collaboration, communication, and trust-building as organizations mature their AI capabilities.
Harsha Bellur, Chief Information Officer at James Avery Jewelry, highlighted the importance of creating shared responsibility and visibility while continuing to move forward. Lonnie Snyder, Chief Technology and Information Officer for the 2026 Special Olympics USA Games, stressed that AI initiatives should begin with business requirements and a clear understanding of the desired outcome.
The lesson is straightforward: AI readiness is not a training program. It is a leadership discipline.
Agentic AI Is Raising the Stakes
While 59% of TNCR | Executive Research contributors expressed at least some confidence in their organization’s ability to manage risks associated with agentic AI or autonomous AI systems, only 12% described themselves as very confident. Another 29% remained neutral.
The gap? Leaders may believe they are moving in the right direction, but few appear fully comfortable with the risks created by autonomous systems.
The concerns are specific. Sensitive data leakage or privacy exposure and AI adoption moving faster than organizational controls were each cited by 53% of contributors. Overreliance on AI-generated recommendations was cited by 47%, while identity and access risks from AI agents were cited by 41%. These are not abstract risks. They point directly to the systems CIOs already manage: identity, permissions, monitoring, data governance, workflow controls, and accountability.
Traditional AI tools provide recommendations. Agentic AI can take action.
That distinction changes the governance question. Who is responsible when an AI agent makes a poor decision? How should permissions be granted, monitored, and revoked? What safeguards are needed when autonomous systems can access sensitive data or interact with business applications?
Paul Mohabir, Head of IT at Transervice Logistics, summarized the challenge:
“Move fast, but don’t move unthinkingly.”
Rocky Vienna, Managing Director of Vienna Technology Group, LLC, offered a useful comparison:
“Treat AI governance the same way you should treat security.”
Shaun Robles, CTO/CISO at Waterfront Logistics, emphasized the need to strengthen governance capacity as AI adoption grows, advising leaders to scale governance teams and accelerate guardrail and compliance maturity alongside innovation.
The security analogy works because security eventually became embedded into technology, operations, and culture. AI governance will need to follow the same path. Periodic reviews and standalone committees will not be enough when AI becomes part of daily decision-making and execution.
What CIOs Should Prioritize Next
The findings point to three directives.
First, CIOs need governance models that enable innovation rather than restrict it. The guardrails-driven model is gaining traction because it recognizes the real-world behavior of employees: people will use AI if it helps them work faster. The question is whether they do so inside or outside the organization’s visibility.
Second, workforce readiness must become a core AI metric. Training, communication, trust, and accountability will determine whether AI adoption scales safely or unevenly.
Third, agentic AI requires a sharper control model. Identity, access, monitoring, human oversight, and escalation paths need to be addressed before autonomous systems become deeply embedded in business processes.
The leadership challenge is balance. CIOs must encourage experimentation without losing visibility. They must move quickly without weakening accountability. And they must support innovation while building trust.
The Wrap
The findings point to three directives.
The latest TNCR | Executive Research findings reveal a clear theme: organizations are no longer asking whether they should adopt AI. They are asking how to scale it without losing visibility, accountability, or trust.
The answers vary, but the direction is becoming clearer. Successful AI adoption requires practical guardrails, workforce readiness, distributed accountability, and governance models that evolve alongside the technology.
The organizations that thrive will not simply be the ones that move fastest. They will be the ones that create the confidence and control needed to sustain AI over time.
For CIOs, the mandate is straightforward: scale aggressively, but never lose control.
About TNCR | Executive Research
TNCR | Executive Research brings forward the perspectives of CIOs and senior technology leaders on the issues shaping enterprise leadership. Drawn from the 50K member TNCR CIO Community, these insights are intended to help leaders benchmark priorities, understand peer sentiment, and better interpret the shifts influencing technology and business strategy.
To participate in current and future projects register here.
