Your board has stopped asking whether you have an AI strategy. They're asking a harder question now: where, exactly, are we exposed on AI?
It sounds like it should have a clean answer. It rarely does. Most leaders can describe their AI strategy in confident detail — and go quiet when asked to prove, system by system, where AI actually sits in their product, what it touches, and what it would cost them if a regulator, an acquirer, or an attacker looked closely.
That gap between the confident strategy and the unprovable footprint is the real exposure. And it's widening, because AI got into your codebase faster than anyone wrote it down.
The honest answer is "we don't fully know" — and here's why
In 2026, 42% of the code developers commit is AI-assisted (Sonar, State of Code 2025) — a share expected to reach ~65% by 2027. A growing share of your code now has a co-author no one interviewed, and most companies cannot attribute which parts.
This is why the searches are climbing. "Shadow AI" — the AI tools, model calls, and generated code nobody formally approved — is up 89% year over year. "AI exposure" as a query is up 450%. Executives feel the gap before they can name it: output exploded, but predictability eroded, and nobody can point to the map.
Your AI inventory is a self-report
Every AI governance program starts with the same instruction: inventory your AI systems. It's good advice. It's also where the program quietly fails, because the inventory is assembled by asking people — and the things that expose you most are exactly the things nobody thinks to report:
- Embedded model calls a developer wired in last sprint to ship a feature faster.
- Third-party AI SDKs pulled in as a dependency, now making consequential decisions inside your product.
- AI-generated code that no human fully understands, doing things no one decided on purpose.
- Copy-pasted components — open-source forked or pasted in outside any package manager, invisible to the scanners you're relying on.
A questionnaire can't find any of that. The people answering it don't know it's there. So the inventory is confident and incomplete — the worst combination, because it lets you believe you've answered the board's question when you've only answered the easy half.
What "exposure" actually means — in three layers
"Where are we exposed on AI" isn't one question. It's three, and a board-ready answer has to address all of them with evidence, not assurance:
- Regulatory exposure. The EU AI Act's high-risk obligations carry enforcement from August 2, 2026, with fines up to €35M or 7% of global turnover. The standard is no longer "do you have a policy" — it's "can you produce the impact assessment for this specific consequential-decision system." If you can't name which of your systems are in scope, you can't answer that.
- Security exposure. 45% of AI-generated code samples contain a security vulnerability (Veracode's 2025 GenAI Code Security Report, 100+ models tested against the OWASP Top 10). When 42% of your code is AI-assisted and nearly half of what AI writes is exploitable, "we run a scanner" is not a control — it's a hope.
- IP & licensing exposure. License conflicts now appear in 68% of codebases — up from 56% the prior year (Black Duck, OSSRA 2026), the sharpest single-year jump on record, driven in part by AI assistants generating code from copyleft sources without keeping the license. Each conflict is a clause that can attack your deal value or force a re-engineering you didn't budget for.
None of these can be answered from a deck. Each one has a true answer that lives in the code, the commits, and the dependency tree.
Why a governance framework doesn't close the gap
Most companies respond to this pressure by adopting a framework — NIST AI RMF, an internal AI policy, a governance platform. These are necessary. They are not sufficient, and it's important to be precise about why.
Every framework assumes you already know your footprint. NIST's first function is literally "Map" — identify the AI systems and their context. The policy tells you what to do once you can see what you have. But the seeing is the gap. A governance program built on an incomplete inventory doesn't reduce your exposure; it documents the exposure you already knew about and quietly ratifies the parts you can't see.
The fix: read the footprint from the system itself
There is a different way to answer the board's question, and it's the one that survives "prove it." Instead of asking people what AI you run, read it from the artifacts that can't forget and have no incentive to round up: the code, the commits, the dependencies, the deployment history. The model calls are in the code. The third-party AI SDKs are in the dependency graph. The AI-generated code leaves a signature in the commit history. The consequential-decision systems can be traced to where they actually run — not to where someone remembered they run.
An inventory is what your team tells you. A read is what your system testifies to — with every finding traced back to the commit that proves it.
From a real engagement
A three-week read of a regulated lending platform (anonymized) returned GLBA compliance at 25% — three of twelve controls passing — 366 critical vulnerabilities, and a do-nothing exposure of $3.9–9.8M.
Not a vibe. Numbers, each finding named and traced to the commit that proves it. That is an answer a CEO can take to a board and defend under questioning.
From "we have a rough sense" to "here's exactly where"
The board doesn't need you to be a technologist. It needs you to be certain — to move from "we have a rough sense of our AI exposure, but nothing we'd put in front of the board" to "here is precisely where AI lives in our product, which systems are in regulatory scope, where the security and licensing exposure sits, and what each one would cost us — every line traceable to the evidence."
That certainty is now a continuous requirement, not a one-time project. The footprint changes every sprint, because the AI keeps writing more of it. The read that's true today is stale next quarter. So the answer has to be kept current — re-queried and re-validated as the system changes — so the next time the board asks, you start from what's true now, not from last year's slide.
The takeaway
"Where are we exposed on AI?" is the fastest-rising question in the boardroom, and the one most companies answer with a confident guess. The guess is the exposure. The fix isn't a better policy or a longer inventory — it's an independent, evidence-based read of your real AI footprint, drawn from the code itself and kept current, so the answer is ready before the question is asked.
You can't govern, defend, or value what you can't see. The first move is to see it — provably.