AI Sigil Logo
Contact Us
Back to all insights
A futuristic, transparent AI brain encased in a glass hourglass, with binary code flowing like sand through its neural pathways.

Sections

AI as the New Frontier of Compliance Risk

2026 State of Audit and Compliance Report

Thoropass has released its 2026 State of Audit and Compliance Report, which highlights the rapid emergence of AI as the most significant compliance and audit risk facing organizations today. According to the report, nearly 70% of security and compliance leaders believe that AI adoption is outpacing their existing security measures, creating a substantial governance gap.

Key Findings

The report, based on a survey of over 500 security, IT, and compliance professionals, reveals critical insights regarding the current state of compliance:

  • AI as the Leading Compliance Risk: AI-related concerns have now overtaken traditional security threats in both perceived likelihood and potential regulatory impact.
  • 69% of respondents indicated that the adoption of AI tools is outpacing their security and compliance controls.
  • 55% expressed that AI-related data exposure or misuse is their top breach concern, surpassing worries about ransomware and cloud misconfigurations.
  • 57% believe AI-related incidents are the most likely to prompt regulatory action in 2026.
  • Only 18% of respondents reported no concerns regarding AI-related compliance risks.

Compliance Maturity and Operational Inefficiencies

While organizations report a high level of compliance maturity, they face considerable operational challenges:

  • 53% of respondents cited difficulties in collecting evidence across multiple tools as a primary bottleneck in the audit process.
  • 91% stated they must resubmit audit evidence at least sometimes due to miscommunication or changing auditor expectations.
  • The top compliance challenges include managing multiple frameworks and ensuring evidence is always audit-ready.

Compliance is increasingly perceived as an ongoing risk management function rather than a once-a-year certification task. According to industry experts, “The audit model itself is changing. Organizations need audits that operate continuously and keep pace with modern systems.”

Implications for IT Audit in 2026

The definition of being “audit-ready” is evolving. Organizations that can consolidate compliance workflows, maintain updated evidence, and integrate AI governance into their existing frameworks will be better positioned for upcoming audits and regulatory scrutiny.

To understand how your organization compares, consider downloading the full 2026 State of Audit and Compliance Report.

Survey Methodology

The survey included 536 InfoSec leaders from various organizational sizes, with the following breakdown:

  • IT / Security Operations Leader: 70.3%
  • GRC / Compliance Director or Manager: 17.9%
  • CISO / VP Security / Head of Security: 9.9%
  • Founder / President / CEO: 1.1%

The company size of respondents varied as follows:

  • Under 250 employees: 12.9%
  • 250–999 employees: 45%
  • 1,000–2,499 employees: 27.2%
  • 2,500+ employees: 14.9%

About Thoropass

Thoropass is recognized as a leading end-to-end cybersecurity auditor, offering an Audit Lifecycle Platform that combines continuous, AI-powered evidence collection with a comprehensive suite of AI agents and experienced auditors. The platform ensures compliance with over 30 frameworks, including SOC 2, ISO, PCI, and HITRUST, and integrates seamlessly with various GRC platforms and systems of record.

More Insights

A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 17, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A safety helmet worn by drone operators

Revolutionizing Drone Regulations: The EU AI Act Explained

December 1, 2025 AI,AI Regulation,Drone Technology,Regulatory Framework
The EU AI Act represents a significant regulatory framework that aims to address the challenges posed by artificial intelligence technologies in various sectors, including the burgeoning field of...
Read More
A light bulb to convey innovation and the bright potential of responsible AI solutions.

Embracing Responsible AI to Mitigate Legal Risks

November 29, 2025 AI,AI Ethics,AI Governance,AI Regulation
Businesses must prioritize responsible AI as a frontline defense against legal, financial, and reputational risks, particularly in understanding data lineage. Ignoring these responsibilities could...
Read More
A traffic light to illustrate the need for clear guidelines and regulations in managing AI technologies.

AI Governance: Addressing the Shadow IT Challenge

November 29, 2025 AI,AI Governance,AI Regulation Awareness,Regulatory Compliance
AI tools are rapidly transforming workplace operations, but much of their adoption is happening without proper oversight, leading to the rise of shadow AI as a security concern. Organizations need to...
Read More
A roadmap illustrating the journey companies must take to align with AI regulations.

EU Delays AI Act Implementation to 2027 Amid Industry Pressure

November 29, 2025 AI,AI Regulation,EU Compliance,Regulatory Compliance
The EU plans to delay the enforcement of high-risk duties in the AI Act until late 2027, allowing companies more time to comply with the regulations. However, this move has drawn criticism from rights...
Read More
A semiconductor chip

White House Challenges GAIN AI Act Amid Nvidia Export Controversy

November 29, 2025 AI,AI Regulation,Artificial Intelligence Governance,Technology Policy
The White House is pushing back against the bipartisan GAIN AI Act, which aims to prioritize U.S. companies in acquiring advanced AI chips. This resistance reflects a strategic decision to maintain...
Read More
Compliance checklist

Experts Warn of EU AI Act’s Impact on Medtech Innovation

November 29, 2025 AI,EU Compliance,Medtech Innovation,Regulatory Compliance
Experts at the 2025 European Digital Technology and Software conference expressed concerns that the EU AI Act could hinder the launch of new medtech products in the European market. They emphasized...
Read More
A tree

Ethical AI: Transforming Compliance into Innovation

November 29, 2025 AI,AI Ethics,Ethical AI
Enterprises are racing to innovate with artificial intelligence, often without the proper compliance measures in place. By embedding privacy and ethics into the development lifecycle, organizations...
Read More
A warning sign

AI Hiring Compliance Risks Uncovered

November 29, 2025 AI,AI Compliance,AI Regulation,Regulatory Compliance
Artificial intelligence is reshaping recruitment, with the percentage of HR leaders using generative AI increasing from 19% to 61% between 2023 and 2025. However, this efficiency comes with legal...
Read More