Cyberhaven Labs releases 2026 AI adoption and risk report

Cyberhaven Labs released the 2026 Artificial Intelligence (AI) Adoption & Risk Report, which examined how growing use of AI across business workflows created gaps between experimentation and observable risk and why updated data governance was needed.

The report showed that enterprise AI adoption had become uneven and that high levels of use often occurred where governance and visibility were less mature, producing operational and oversight challenges as organizations adapted to broader AI use.

Cyberhaven Labs based the analysis on billions of real-world data movements involving Generative AI (GenAI) Software-as-a-Service (SaaS) applications, endpoint AI applications, and AI agents; it reported that across the top 100 GenAI SaaS applications 82% were classified as medium, high, or critical risk, 32.3% of ChatGPT usage occurred through personal accounts, 24.9% of Gemini usage occurred through personal accounts, 39.7% of data movements into AI tools involved sensitive data, and the average employee entered sensitive data into AI tools once every three days.

The research also tracked AI coding assistants and agents through 2025, noting steady growth: in organizations leading in adoption nearly 90% of developers used coding assistants versus about 50% in a typical organization, only 6% of developers used AI coding assistants on the opposite end of the spectrum, and in late 2025 30% of developers using such assistants reported using at least two.

“AI is no longer a side experiment for most enterprises; it's becoming a core part of the infrastructure,” said Nishant Doshi.

Cyberhaven said it released the report, announced the General Availability (GA) of its Data Security Posture Management (DSPM) solution earlier in the week, and planned a webinar with Harvard Business Review Analytic Services featuring Alex Clemente, Nishant Doshi, and Dan Walsh to discuss the findings.