AI Governance
Written by: Neelakshi Chakraborty, Reporter, CDO Magazine
Updated 6:46 PM EDT, July 2, 2026

Photo credit: Unsplash.com
KnowBe4 has released research warning that autonomous AI tools are entering workplace systems across the UAE and Saudi Arabia faster than organizations can establish effective security controls. 84% of regional cybersecurity leaders said AI agents already perform tasks within organizational workflows, while 24% reported unapproved or ungoverned AI use.
The findings also point to growing concern over AI-generated impersonation. 88% of employees said deepfake voice and video content has become so realistic that it is impossible to know what to trust, while 52% acknowledged that a deepfake scam could deceive them at work.
Shadow AI Expands Security Exposure
Employees are increasingly turning to their own agentic AI tools when approved options are unavailable or restrictive, according to the report.
The research also found that everyday workplace behavior remains another major source of exposure.
The research also identified a gap between confidence and operational readiness.
Why It Matters
“Cybersecurity has entered a volatile phase where organizations are trying to secure a hybrid human and AI workforce that’s changing more quickly than security leaders can keep up,” said Dr. Martin Kraemer, CISO Advisor at KnowBe4. “Attackers are moving at machine speed, using attacks such as deepfakes to target employees and prompt injections to hijack AI agents. Leaving almost a quarter of your corporate AI usage ungoverned is a massive open invitation to threat actors.”
KnowBe4 said organizations seeing the greatest progress are embedding secure behaviour into daily work and creating environments where employees feel comfortable reporting mistakes, a view shared by 82% of employees surveyed.
The report recommends systems that guide behavior, reinforce positive actions, and extend a security-first approach across both employees and AI agents. Conducted by Vanson Bourne, the global survey included 4,000 professionals, 800 security decision-makers and 3,200 employees from organizations with at least 250 employees across the Americas, EMEA and APJ.