OneTrust Research & Product Updates Show Need for AI Governance

AI governance platform provider, OneTrust, recently released new survey results that found significant gaps when it comes to AI governance and risk in the enterprise.

Additionally, the organization announced some new product updates, including AI agents, privacy automation discovery, and continuous synchronization of AI projects between OneTrust and Databricks.

OneTrust’s 2025 AI-Ready Governance Report

OneTrust’s annual report, which surveyed 1,250 governance executives from North America and Europe, found that teams are spending increasingly more time managing oversight for systems that touch every part of the business, with demands of AI exposing critical gaps in governance strategies.

The key findings of the report include the following statistics:

• A 37 percent jump in time spent managing AI risk in 2025.
• 73 percent of respondents say AI has exposed critical gaps in visibility, collaboration, and policy enforcement.
• 82 percent of leaders say AI risks forced modernization of governance.

“AI is changing not just what you govern, but how you govern,” said Blake Brannon, Chief Innovation Officer at OneTrust. “The speed of AI innovation has exposed a fundamental mismatch. While AI projects move at unprecedented speed, traditional governance processes are operating at yesterday’s pace. Legacy GRC tools with manual reviews and lengthy approval cycles are creating innovation bottlenecks. Organizations need governance technology that matches AI’s velocity through automated visibility, real-time monitoring, and intelligent enforcement of guardrails. This isn’t just about compliance, it’s about enabling innovation speed while maintaining the strong oversight essential for long-term ROI from AI.”

Increasing AI use also pushing increase in governance concerns

Further, the report revealed that investments in governance are following in AI’s footsteps. Nearly all organizations (98 percent) are going to increase their governance budgets in the next financial year, with an average increase of 24 percent.

The increase in AI use is creating more governance problems, with 86 percent of organizations that are advanced in AI adoption having noticed gaps in visibility, collaboration, and policy enforcement compared to just 58 percent of organizations in the experimentation phase.

What’s more is that advanced organizations spend twice as much time managing AI risk as experimenting organizations. Advanced organizations also expect their governance budgets to be nearly 10 percent higher than those of experimenting organizations.

The report details that 92 percent of respondents say that AI governance policies are embedded within their organization, but only 52 percent say they’re consistently enforced. Nearly half, 46 percent, admit policies are partial, inconsistent, or not actionable – showing a significant gap between intention and execution.

Legacy GRC is also not compatible with AI, as it’s too slow for the technology. A large number of respondents ranked GRC reviews happening late in the AI development cycle (44 percent), manual compliance reviews (37 percent), and approval bottlenecks (37 percent), which adds cost, complexity, and potential delays to meeting AI governance requirements.

Additionally, most respondents indicate that their organizations are underestimating cybersecurity vulnerabilities (44 percent) and third-party AI use (38 percent), suggesting that teams are becoming increasingly concerned about the unknown risks associated with AI.

New AI agents and capabilities from OneTrust aim to address governance needs in market

Along with the report released by OneTrust, the organization announced new capabilities to help governance teams address the complexity and speed of AI.

Among the new releases are:

• OneTrust Third-Party Risk Agent: This new tool embeds AI directly into third-party risk workflows to target painful bottlenecks. This innovation automates onboarding, accelerates assessments, and enables continuous monitoring. Organizations can instruct an agent to perform a vendor risk assessment in minutes by initiating in-depth research across trusted public sources, such as vendor websites, trust pages, and privacy statements, without filling out unnecessary questionnaires.
  • Each evaluation also creates a report of all relevant risk sections with detailed logs that capture the rationale behind each determination– allowing teams to validate, correct, and proceed with confidence. The agent operates continuously in the background, monitoring vendors for changes and alerting teams.
• OneTrust Privacy Agent: Currently available in private preview, OneTrust’s new Privacy Agent automates work by analyzing project documents and converting them into structured assessment responses within minutes. The agent enables privacy teams to accelerate reviews with consistency, context, and confidence.
• Continuous AI Governance Synchronization with Databricks Unity Catalog: Continuous synchronization of AI projects between OneTrust and Databricks provides governance teams with centralized, real-time visibility into AI development and helps track what’s being built, where it lives, and what data it touches. This generally available native integration ensures that models registered in Databricks Unity Catalog are also available in OneTrust, creating a single source of truth.
• Privacy Automation Discovery: A new capability that reduces the manual, time-consuming work of discovering and classifying personal data while giving privacy teams faster, more accurate visibility into how data is used across the business. It automatically discovers and monitors structured and unstructured data stored in databases, buckets, blob storage, other cloud sources, and file shares.
  • Automated data classification then adds business context to the privacy team’s data map, closing the gap between business and technical understanding of data use in the organization.

In addition to helping governance teams, OneTrust has developed agentic AI solutions to provide assistance for privacy teams. Read more about Director of Strategy at OneTrust, Ryan Edge, on these new capabilities within its data privacy automation platform.