Your Company Has 200 People Using AI and Zero People Owning It

I was looking at the numbers from a new Optro Risk Intelligence study published this week in MIT Sloan Management Review, and one stat stopped me cold: 85% of enterprises now have AI deployed into core operations or across multiple functions. That sounds like progress. Then the next number: only 25% have comprehensive visibility into what their employees are actually doing with it.

That is a 60-percentage-point gap between “we’re using it” and “we know how we’re using it.” At a Series C company with 200 to 500 people, that gap is not abstract. It is the difference between a clean due diligence process and a very uncomfortable board conversation.

What They Tried

The pattern I keep seeing at growth-stage companies looks roughly the same. The engineering team starts using AI coding assistants. The support team spins up a chatbot. Marketing brings in a content tool. Finance experiments with an AI forecasting model. Each team picks its own vendor, writes its own prompts, and figures out its own workflow.

This is not a failure of initiative. It is, honestly, the healthy version of AI adoption. Smart people solving real problems with available tools.

But then something happens around employee 150 or 200. The CEO or the board asks a reasonable question: “What’s our AI strategy?” And the answer turns out to be a patchwork of six different tools, three different data policies, and nobody who can explain the whole picture.

The Optro study found that AI governance responsibility is spread across IT (25%), risk management (18%), cross-functional committees (17%), and dedicated AI governance teams (just 10%). That is four groups, none of which has clear authority. In a startup that just closed its Series C, this typically means nobody has authority at all. Not because people are irresponsible, but because the org chart has not caught up with how fast AI embedded itself into daily work.

Meanwhile, as Auvik’s 2026 IT Trends Report published this week in SecureWorld found, 30% of organizations have no formal AI use policy whatsoever, despite AI tools being everywhere.

That quote describes a specific version of a problem I see at nearly every growth-stage company. The leadership team believes governance is handled. The people doing the actual work have no idea the policy exists. This is not malice. It is the natural result of growing fast while AI adoption grows faster.

Where It Broke

The consequences of this ownership vacuum are measurable. The Optro study found that in the past 12 months, 40% of enterprises experienced inaccurate AI outputs that affected operations, 33% faced policy violations, and 28% received customer complaints linked to AI systems.

For a Series C company preparing for enterprise sales, an IPO timeline, or acquisition conversations, these are not hypothetical risks. A customer complaint linked to an unmonitored AI system is the kind of incident that shows up in due diligence. A policy violation that nobody detected because nobody was looking is the kind of finding that reprices a deal.

And here is the part that CIO.com highlighted this week: most AI projects do not fail because the model was poorly designed. They fail because the organization was not ready for day two. The launch is the easy part. Monitoring for drift, knowing when to retrain, keeping governance embedded in live workflows rather than sitting in a PDF nobody reads: that is where the actual operational maturity shows up.

In regulated sectors like insurance, banking, and healthcare, data drift and concept drift are not slow-burn theoretical concerns. They can change the behavior of a production model between quarterly reviews. If nobody owns the monitoring, nobody notices until a customer does.

The Pattern

The pattern that separates the companies scaling value from the ones scaling incidents is not about technology maturity. It is about ownership clarity.

The companies getting this right do three things. First, every AI system in production has a named owner. Not a team, not a committee, not a Slack channel. A person who can answer “what did this system do yesterday and why?”

Second, governance is treated as an operational layer, not a document. As the CIO.com piece put it, mature LLMOps means automation for retraining and deployment, real-time monitoring for model health, and governance baked into every workflow. Not a quarterly review. Not an annual audit. A living system.

Third, they accept that shadow AI is a given and build visibility around it rather than pretending a policy will stop it. The Optro study found that roughly 80% of organizations describe shadow AI usage as moderate to pervasive. Fighting that with a policy memo is like fighting weather with a strongly worded letter. The companies that thrive build inventory and monitoring so they can see what is actually happening.

The good news: 73% of organizations plan to increase their governance, risk, and compliance technology spending, with 43% specifically prioritizing AI governance solutions. The money is starting to follow the problem.

The operational maturity question is not "how many AI tools do we have?" It is "can one person in this company explain what all of them are doing right now?"

What I’d Tell You Over Coffee

If I were sitting across from a Series C founder right now, I would say this: the board question coming in Q3 is not going to be “are we using AI?” It is going to be “who owns our AI, and what happens when something goes wrong?”

Having a good answer to that question is worth more than having ten more AI tools in production. It is also, genuinely, not that hard. Name the owners. Build the inventory. Monitor the outputs. Treat governance as plumbing, not paperwork.

The companies that figure this out in the next 90 days will walk into their next board meeting, their next enterprise sales conversation, and their next due diligence process with a very different level of confidence. And the ones that do not will keep discovering problems the same way their customers do.