A Lookout and ZK Research survey examines how mobile AI usage is creating visibility and governance challenges for enterprise security teams.
A new survey from Lookout, conducted with ZK Research, suggests many organizations are overestimating the effectiveness of their AI governance while lacking visibility into how generative AI is being used on mobile devices.
The report, titled Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality, found that 93% of security executives expressed confidence in their AI governance. However, the study argues that traditional network security architectures fail to detect a significant amount of mobile AI activity.
According to the survey, enterprise adoption of generative AI has shifted beyond desktop environments to mobile applications. When organizations restrict or limit AI tools on corporate laptops, employees often continue using AI through personal mobile devices. The report states that 52% of all generative AI usage now occurs on mobile endpoints, where users may upload source code, corporate records and intellectual property.
Despite organizations allocating an average of 19% of their 2026 security budgets to AI compliance, the survey identified several areas where traditional security frameworks lack visibility.
Among the findings, 59% of mobile AI traffic bypasses traditional network discovery tools because it travels directly between mobile applications and external cloud services rather than corporate gateways. The report also found that 68% of enterprises have no technical visibility into autonomous AI agent workflows that inherit user identities and single sign-on credentials. In addition, 72% of organizations reported they cannot audit embedded AI software development kits hidden within everyday mobile applications.
The report links these visibility gaps to operational and compliance challenges. According to the survey, 63% of organizations investigated severe data leaks during the past 12 months where generative AI tools were identified as a contributing factor. It also found that 78% of security leaders cannot produce audit-ready evidence required by emerging regulations such as the EU AI Act.
"Enterprises are burning nearly a fifth of their security budgets trying to solve a 2026 problem with desktop-era tactics," said Zeus Kerravala at ZK Research. "Relying on binary web-filtering completely destroys employee productivity and has forced 84% of IT leaders to actively stall business-led AI initiatives. Meanwhile, forcing all mobile data traffic to backhaul through heavy cloud sandboxes introduces crippling user latency and triggers massive cloud compute bills. You cannot secure data fluidly by turning the user's phone into a non-functional silo. True mobile compliance must happen natively at the edge."
The survey's findings align with Lookout's recently launched AI Visibility & Governance platform, which is designed to provide mobile-native AI governance by treating the endpoint as the primary control point for AI risk.
According to Lookout, the platform provides AI application discovery to identify AI-enabled systems, background processes and embedded software development kits, agentic behavior mapping to monitor autonomous AI actions and single sign-on permission extensions, and inline mobile edge data guardrails that apply real-time data loss prevention directly on the device before sensitive information reaches unauthorized AI models.
"Acceptable-use policies and passive corporate mandates are useless without active, technical enforcement at the edge," said Firas Azmeh, President of Mobile Endpoint Security at Lookout. "AI governance has escalated to a board-level priority, with 97% of leaders agreeing it is mission-critical. Lookout systematically converts these invisible mobile liabilities into fully managed enterprise assets, giving organizations the confidence to embrace the AI revolution securely."