Lenovo Research: Is AI Adoption Outpacing Governance?

As organisations line up to adopt the latest AI tools on offer, research from Lenovo suggests that they are struggling to keep pace with their own adoption.

While AI tools are becoming essential for productivity, many businesses are failing to manage how they are used, creating a widening gap between innovation and oversight.

Lenovo’s Work Reborn report reveals that more than 70% of enterprise AI usage is happening without proper governance. 

This rise in shadow AI – where employees use AI without knowledge of their IT teams – is exposing businesses to new risks while limiting their ability to scale effectively.

Rakshit Ghura, Vice President and General Manager of Digital Workplace Solutions at Lenovo, explains the shift clearly: “AI adoption is no longer the challenge. Execution is.

“Usage is growing faster than organisations can control or secure it. Without that control, AI introduces as much risk and cost as it does opportunity.”

Uncontrolled and fragmented AI adoption 

AI usage is not only widespread but also fragmented, the report reveals.

The numbers are disturbing from a security perspective, as one in three of the 70% of employees that use AI tools on a weekly basis do so without IT oversight. Creating a two speed workforce, this lack of coordination is already affecting business outcomes.

One of the most immediate impacts is delayed ROI. With different teams adopting separate tools for similar tasks, organisations are seeing duplicated spending and slower progress towards measurable results. 

Instead of delivering streamlined innovation, AI is often adding layers of complexity.

At the same time, a divided workforce is beginning to emerge. 

Some employees benefit from secure, optimised AI systems supported by IT teams while others rely on unmanaged alternatives to maintain productivity. 

For UK and European organisations, the challenge is even more pressing. 

With regulatory frameworks such as the EU AI Act coming into force, businesses will need to demonstrate clear governance, accountability and risk management. 

Yet current patterns of adoption suggest many are not yet prepared to meet these requirements.

Rising cyber threats and AI governance

AI adoption has added an extra attack surface to fend off cyber criminals from. But with shadow usage, the potential for security risks rise high. 

The report finds that 61% of IT leaders have already seen an increase in AI-related cyber threats, yet only 31% feel confident in their ability to manage them. 

Employees themselves are becoming more aware of the risks. Nearly half (43%) express concerns about data exposure or AI-driven attacks, signalling a broader recognition that unmanaged tools can introduce serious vulnerabilities.

Without clear oversight, AI is quietly expanding the attack surface across devices, endpoints and data flows, which increases the likelihood of breaches, compliance failures and operational disruption. 

In many cases, the issue stems from fragmented management, where devices, infrastructure and security are handled separately, leaving gaps that can be exploited.

Unified approach to close the AI execution gap

To address these challenges, Lenovo advocates for a more integrated model that brings control back into the enterprise environment. 

Rather than treating devices, infrastructure and security as separate layers, the company argues for a unified approach that manages AI from the point of entry.

This strategy centres on establishing control at the device level and extending it across the entire ecosystem through a managed service model. 

By combining deployment, lifecycle management and security into a single framework, organisations can reduce complexity while improving visibility.

Lenovo’s TruScale Device as a Service for Security is designed to deliver this end to end model, offering built-in protection, continuous monitoring and streamlined management. The aim is to help businesses reduce risk, eliminate duplicated effort and scale AI adoption more effectively.

Ultimately, the findings suggest that the future of enterprise AI will depend not just on how quickly organisations adopt new tools but on how well they manage them.

Closing the AI execution gap could unlock faster returns, stronger security and a clearer path to long-term innovation.