The Bottom Line: Inadequate governance of AI use enables uncontrolled AI deployments that compromise data protection and security requirements.
German companies are deploying AI agents without establishing sufficient governance structures. Security leaders are warning of growing risks to sensitive corporate data.
German companies are increasingly turning to AI agents and AI systems without creating clear governance structures. Employees sometimes implement AI tools independently and outside official processes – a phenomenon that security leaders call “shadow AI.”
For CISOs, this development poses concrete risks: uncontrolled AI use can result in sensitive corporate data flowing into external systems, data protection policies being violated, or compliance requirements not being met. Particularly problematic is that these shadow AI deployments often do not appear in information security planning and are therefore neither monitored nor controlled.
The lack of governance affects not only data protection and data security, but also governance requirements imposed by regulators. Companies risk losing control of their AI ecosystems, which in turn can lead to findings in audits and compliance reviews. Security leaders must therefore establish clear AI policies, define approval processes for AI tools, and monitor actual usage.
Source: www.golem.de · Published 3 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.