UK CIOs struggle to govern surge in business AI agents

Fewer than a quarter of CIOs at large UK businesses say they can monitor all of their organisation's AI agents in real time, despite the technology being widely used in critical workflows.

The figure, 23%, comes from a survey of senior IT leaders that suggests a widening gap between the rollout of AI agents and the controls needed to govern them. The same research found that 92% of UK CIOs said AI agents are already embedded in business-critical workflows.

Oversight concerns are rising as boards push for clearer financial outcomes from AI investment. In the UK, 85% of CIOs said board pressure to show measurable AI return on investment has increased since 2024, compared with 74% globally.

Board scrutiny

The findings point to a growing governance challenge alongside the rapid spread of agent-based systems across the enterprise. AI agents, which can take actions or make decisions within software environments, have moved quickly from pilots into day-to-day operations. That shift has increased demands for monitoring, audit trails and accountability across IT and risk functions.

UK CIOs also reported growing concern about the spread of internally built tools. Some 84% agreed that employees are creating AI agents and apps faster than IT teams can govern them, and 83% said citizen-built AI could expose sensitive company data.

The results suggest "shadow AI" risks are becoming a mainstream issue for large organisations. As AI development tools get easier to use, more staff outside IT can build automated workflows, chatbots and agent-like applications. This trend has intensified questions about data access, model behaviour, and whether organisations can trace decisions back to specific inputs and approvals.

Dataiku co-founder and CEO Florian Douetteau described a shift in expectations around who is responsible for AI outcomes.

"CIOs are moving from experimentation into accountability faster than most organizations expected," said Florian Douetteau, co-founder and CEO of Dataiku. "The pressure is real, and the timeline is tight, but there is a path to success. It favors CIOs who act decisively now, building AI systems they can explain, govern, and stand behind before accountability is imposed rather than chosen."

Audit demands

The survey also found that UK CIOs expect tighter external requirements for AI oversight in the near term. Some 79% said they expect new audit and explainability requirements within the next 12 months, compared with 70% globally.

Explainability and traceability refer to the ability to understand how an AI system arrived at a result and to reconstruct which data, prompts, models and approvals were involved. These capabilities can be critical for internal assurance, handling customer complaints and disputes, and meeting regulatory requirements in sectors where decisions carry financial or legal consequences.

The findings also suggest governance gaps are already affecting operations. Some 84% of UK CIOs said traceability or explainability shortcomings have delayed or prevented AI projects from reaching production, highlighting friction between the push to deploy AI and the work needed to demonstrate effective controls.

For CIOs, the issue also intersects with enterprise risk management and information security. Unmonitored agents and rapidly developed internal apps can create new pathways into sensitive datasets and complicate incident response if an organisation cannot determine which automated process accessed or changed data.

Survey scope

The research was conducted online by The Harris Poll for Dataiku between December 2025 and January 2026. It surveyed 600 CIOs from large organisations with annual revenues above USD $500 million (or regional equivalents). The UK sample included 75 CIOs.

Respondents were drawn from multiple regions, including the United States, the United Kingdom, France, Germany, the United Arab Emirates, Australia, Japan, South Korea and Singapore.

The findings come as large enterprises reassess how they measure AI value and manage systems that can act with some autonomy inside business processes. Over the next year, UK CIOs expect tighter auditability and explainability requirements to shape which projects reach production and which are held back until governance improves.