Australian companies are pushing artificial intelligence into their operations faster than their boards can set the rules for it, and a run of new industry research suggests the gap between what firms deploy and what directors actually oversee is widening rather than closing.
That is the through-line of a report published on 10 July 2026 by IT Brief Australia, which gathered warnings from local vendors and consultants about the risks accumulating as adoption accelerates. The shift they describe is not just more AI, but a different kind of AI: systems that move from answering questions to taking autonomous action.
“Once you let AI agents take action rather than just answer questions, governance stops being a compliance checkbox and becomes central to the design,” Servicely founder and chief executive Dion Williams told the outlet.
Adoption is running ahead of readiness
The scale of the rush is measurable. A survey of 318 Australian business decision-makers by Insight Enterprises, reported by IT Brief Australia on 29 June 2026, found only 8 per cent of local organisations have fully embedded AI in their operations.
The rest are somewhere on the ramp. Around 21 per cent are scaling AI across functions, 42 per cent are still experimenting and 30 per cent remain in pilot programmes.
Readiness lags behind ambition. More than half of respondents said their data was only “somewhat ready” for AI, and one in five said it was not ready at all. Legacy system integration was named as the biggest obstacle to scaling.
The picture is sharpest around autonomy. Insight found half of surveyed C-suite leaders were willing to delegate more to AI than their own governance currently allows, while only 10 per cent described their organisation as highly prepared for autonomous AI.
“Autonomy is increasing, but confidence, governance and preparedness are still catching up,” Insight APAC managing director Mike Morgan said in the study.
The oversight sits with boards that lack the expertise
The governance gap is not only operational. It reaches the boardroom, where the people accountable for AI risk often lack the background to interrogate it.
A survey by the Diligent Institute with the Governance Institute of Australia and the Singapore Institute of Directors, covered by Australian Cyber Security Magazine in late November 2025, found 43 per cent of Australian boards had placed AI among their top strategic priorities.
Yet only 13 per cent had appointed a director with AI expertise, just 21 per cent required directors to undertake AI training, and only 37 per cent had audited how their own employees were already using the technology.
“With too few organisations auditing AI usage, recruiting directors with AI expertise, or mandating training, they risk a significant mismatch between AI adoption and AI oversight,” Diligent Institute executive director Dottie Schindlinger said.
Notably, Australian boards were far more likely to reach for restriction than their Asian counterparts, with 61 per cent limiting employee AI use compared with 30 per cent across Asia. That instinct can drive AI use underground rather than govern it, which is precisely the visibility problem the audit figures expose.
The regulator has already put firms on notice
For a large slice of corporate Australia, this is no longer a matter of best practice. It is a supervisory expectation.
On 30 April 2026, the Australian Prudential Regulation Authority wrote to all regulated entities, publishing findings from a targeted review of large banks, insurers and superannuation trustees conducted in late 2025. It called for a step-change in AI-related risk management and governance.
APRA singled out boards as a weakness, observing that many were still building the technical literacy needed to challenge AI decisions. It also flagged a tendency to treat AI risk as “just another technology”, leaving gaps in monitoring, change management and the retirement of AI systems.
The regulator warned it would take stronger supervisory action, and pursue enforcement where appropriate, against entities that fail to manage AI risks in proportion to their size and complexity. It also identified supply-chain exposure, where AI is embedded in vendor platforms with opaque dependencies, as often the most material risk of all.
Why it matters
The Australian stakes here are concrete. Financial services, retail and government hold vast pools of citizen and customer data, and much of the AI capability being adopted runs on foreign-hosted models, raising sovereignty and accountability questions the IT Brief vendors flagged directly.
There is a workforce dimension too. As firms weigh handing routine decisions to agents, the questions of who is accountable when an agent errs, and how staff are reskilled rather than simply displaced, land on the same desks that have not yet built the oversight to answer them.
Our analysis: The consistent signal across these sources is a timing mismatch, not a lack of intent. Boards have put AI on the agenda, the workforce is already using it, and the regulator has drawn a line. What is missing is the connective tissue between them: directors who can probe AI risk, audits that reveal what is actually running, and accountability that survives contact with an autonomous agent.
Practical scaffolding exists. The Australian Institute of Company Directors and UTS’s Human Technology Institute have updated their Director’s Guide to AI Governance, which sets out eight elements of board oversight from accountability to people and culture. The harder part is not the framework but the follow-through, and on the current numbers the follow-through is where Australian firms are most exposed.
The window is narrowing. With agents moving from pilots to production and APRA signalling enforcement, the firms that treat governance as a design constraint now, rather than a clean-up job later, are the ones likely to keep their AF ambitions and their risk posture in the same building.
Sources: IT Brief Australia — Australian firms rush AI adoption amid rising risks; IT Brief Australia — Australia AI adoption outpaces governance, says study; Australian Cyber Security Magazine — Australia’s boards embrace AI, but governance gaps are widening; APRA — Letter to industry on Artificial Intelligence; AICD — A Director’s Guide to AI Governance.









