(Yossakorn Kaewwannarat/Shutterstock)
The push to scale AI across the enterprise is running into an old but familiar problem: governance. As organizations experiment with increasingly complex model pipelines, the risks tied to oversight gaps are starting to surface more clearly. AI projects are moving fast, but the infrastructure for managing them is lagging behind. That imbalance is creating a growing tension between the need to innovate and the need to stay compliant, ethical, and secure.
One of the most striking findings is how deeply governance is now intertwined with data. According to new research, 57% of professionals report that regulatory and privacy concerns are slowing their AI work. Another 45% say they are struggling to find high-quality data for training. These two challenges, while different in nature, are causing companies to build smarter systems. However, they are running short on both trust and data readiness.
These insights come from the newly published Bridging the AI Model Governance Gap report by Anaconda. Based on a survey of over 300 professionals working in AI, IT, and data governance, the report captures how the lack of integrated and policy-driven frameworks is slowing progress. It also reveals that governance, when treated as an afterthought, is becoming one of the most common failure points in AI implementation.
“Organizations are grappling with foundational AI governance challenges against a backdrop of accelerated investment and rising expectations,” said Greg Jennings, VP of Engineering at Anaconda. “By centralizing package management and defining clear policies for how code is sourced, reviewed, and approved, organizations can strengthen governance without slowing AI adoption. These steps help create a more predictable, well-managed development environment, where innovation and oversight work in tandem.”
Tooling might not be the headline story in most AI conversations, but according to the report, it plays a far more critical role than many realize. Only 26% of surveyed organizations reported having a unified toolchain for AI development. The rest are piecing together fragmented systems that often don’t talk to each other. That fragmentation creates space for duplicate work, inconsistent security checks, and poor alignment across teams.
The report makes a broader point here. Governance is not just about drafting policies. It is about enforcing them end-to-end. When toolchains are stitched together without cohesion, even well-intentioned oversight can fall apart. Anaconda’s researchers highlight this tooling gap as a key structural weakness that continues to undermine enterprise AI efforts.
The risks of fragmented systems go beyond team inefficiencies. They undermine core security practices. Anaconda’s report underscores this through what it refers to as the “open source security paradox”. While 82% of organizations say they validate Python packages for security issues, nearly 40% still face frequent vulnerabilities.
That disconnect is important, as it shows that validation alone is not enough. Without cohesive systems and clear oversight, even well-designed security checks can miss critical threats. When tools operate in silos, governance loses its grip. Strong policy means little if it cannot be applied consistently at every level of the stack.
(Panchenko Vladimir/Shutterstock)
Monitoring often fades into the background after deployment. That is a problem. Anaconda’s report finds that 30% of organizations have no formal method for detecting model drift. Even among those that do, many are working without full visibility. Only 62% report using comprehensive documentation for model tracking, leaving large gaps in how performance is monitored over time.
These blind spots increase the risk of silent failures, where a model starts producing inaccurate, biased, or inappropriate outputs. They can also introduce compliance uncertainty and make it harder to prove that AI systems are behaving as intended. As models become more complex and more deeply embedded in decision-making, weak post-deployment governance becomes a growing liability.
Governance issues are not limited to deployment and monitoring. They are also surfacing earlier, in the coding stage, where AI-assisted development tools are now widely used. Anaconda calls this the governance lag in vibe coding. The adoption of AI-assisted coding is rising, but oversight is lagging. Only 34% of organizations have a formal policy for governing code generated by AI.
Many are either recycling frameworks that were not built for this purpose or trying to write new ones on the fly. That lack of structure can leave teams exposed, especially when it comes to traceability, code provenance, and compliance. With few clear rules, even routine development work can lead to downstream problems that are hard to catch later.
The report points to a growing gap between organizations that have already laid a strong governance foundation and those still trying to figure it out as they go. This “maturity curve” is becoming more visible as teams scale their AI efforts.
Companies that took governance seriously from the start are now able to move faster and with more confidence. Others are stuck playing catch-up, often patching together policies under pressure. As more of the work shifts to developers and new tools enter the mix, the divide between mature and emerging governance practices is likely to widen.
This article first appeared on our sister publication, BigDATAwire.
Related
