Artificial intelligence is being deployed faster than the governance controls needed to secure it. AvePoint’s third annual State of AI report, conducted with Osterman Research across 750 enterprise leaders, finds that 88.4% of organisations experienced at least one AI agent-related security incident in the past year and 89.5% reported a generative AI-related breach. For associations and institutes across Ireland, the findings are a direct call to action.

The research presents a clear opportunity for every professional association seeking to add meaningful value for members. Three findings define where associations can deliver most: the widening visibility gap around unsanctioned AI use, the confidence-competence mismatch leaving organisations exposed, and deployment delays signalling a ready market for governance frameworks associations can provide.

The visibility gap is the most striking structural failure. AvePoint found that 21.1% of organisations do not know whether employees are using unsanctioned tools to create AI agents, while unsanctioned generative AI use has almost tripled, from 6.3% in 2025 to 17.6% in 2026. In Ireland, where only 14% are fully prepared for EU AI Act compliance, unsanctioned use and weak oversight create regulatory exposure boards cannot ignore.

The confidence-competence gap compounds the risk. More than four in five respondents said they were very or extremely confident in preventing unauthorised AI data access, yet incidents remained widespread even among that group. As Chris Shaw, Channel Director for UK and Ireland at AvePoint, observed, AI has exposed and amplified gaps in data protection frameworks that need fixing urgently. Almost nine in ten organisations experienced an AI-related breach in the last year.

The operational cost of these gaps is measurable. Some 86% of organisations delayed AI agent deployments by an average of 5.92 months due to data security concerns, while 86.9% delayed generative AI by an average of 5.88 months. Some 35.5% of enterprise data is now generated by AI assistants, projected to reach 42.1% within twelve months, increasing the urgency of governance investment.

Three priorities stand out for association leaders. First, develop AI governance readiness frameworks members can benchmark against, covering data visibility, access controls, unsanctioned use detection, and policy enforcement. Second, embed AI security and data governance into professional development curricula, strengthening member engagement around governance as a shared priority. Third, effective association management demands direct advocacy in national AI Act consultations, positioning professional bodies as authoritative voices on practical implementation.

The AvePoint State of AI 2026 confirms that AI’s most significant barrier is not capability but trustworthiness. For Irish associations and institutes, nine in ten organisations experiencing AI-related breaches despite high levels of stated confidence is a direct mandate: professional bodies that help members build governance foundations for secure AI will define what organisational excellence and future-ready leadership look like.

(The views expressed by the writer are his/her own and do not necessarily reflect the views or positions of BusinessRiver.)