AI governance gap grows

An IAPP op‑ed published March 18, 2026 argues that procurement choices, security exceptions and diplomatic pressure are now steering who can use which AI tools — often faster than legislatures or regulators can act. (iapp.org)) The U.S. Pentagon formally designated Anthropic a “supply‑chain risk” effective March 5, 2026 and ordered federal agencies to cease use of its technology, an unprecedented procurement move that industry lawyers say could set new de facto rules. (politico.com)) Protiviti’s 2026 Top Risks survey polled 1,540 board members and C‑suite leaders and lists generative and agentic AI among the top near‑term operational risks for companies. (protiviti.com)) Allianz’s 2026 Risk Barometer shows AI jumped to the #2 global business risk in 2026, up from #10 in 2025, signalling rapid executive reprioritization of governance and resilience spending. (commercial.allianz.com)) RepRisk’s March 2026 report, co‑authored with Oxford Economics, surveyed more than 500 financial C‑suite executives in January and recorded a marked rise in AI‑related business‑conduct and ethical‑risk concerns over the next three years. (reprisk.com)) ISS Governance’s analysis of 3,048 U.S. firms found only 8% disclosed board‑level AI oversight and only 9% published formal AI policies, while a separate Protiviti/BoardProspects survey found just 26% of directors discuss AI at every board meeting — concrete evidence of the governance gap. (insights.issgovernance.com)) Security practitioners and recent guides now advise starting AI governance with identity and access controls — treating copilot accounts and autonomous agents as governed identities, deploying attribute‑based access, OAuth controls and continuous monitoring across SaaS integrations. (securityboulevard.com))