Kiteworks recently unveiled its Data Security and Compliance Risk: 2026 Forecast Report, revealing a growing accountability gap that has direct implications for manufacturers adopting AI across production, quality and supply chain operations.
The research shows that while manufacturers excel at real-time monitoring, safety, and uptime, many lack the audit-ready proof needed to demonstrate where sensitive data moves, how AI systems use it, and how incidents can be reconstructed after the fact. As AI systems extend deeper into operational technology environments and supplier ecosystems, the inability to prove data control is becoming a material operational and compliance risk.
Across sectors, only 36 percent of organizations have visibility into where their data is processed, trained, or inferred by external partners. Meanwhile, 61 percent report fragmented audit trails that cannot produce evidence-quality documentation, and 57 percent lack centralized data gateways to track and prove data flows across their environments.
For manufacturers, these gaps mirror familiar challenges in traceability and root-cause analysis, but now applied to AI systems that interact with sensitive production, supplier, and customer data.
“Manufacturers are very good at detecting operational issues quickly,” said Tim Freestone, Chief Strategy Officer at Kiteworks. “Where they struggle is proving, after the fact, exactly what happened when AI systems touch sensitive data. When an incident occurs, regulators and auditors aren’t asking whether controls exist on paper. They’re asking for evidence, and in many cases that evidence simply isn’t there.”
AI adoption is accelerating the problem. Every organization surveyed has agentic AI on its roadmap, yet 63 percent cannot enforce purpose limitations on AI systems, even when sensitive data is involved. Sixty percent lack kill-switch capabilities to shut down AI systems behaving unexpectedly, and 72 percent have no software bill of materials for AI models in their environment.
In manufacturing environments, where AI increasingly supports predictive maintenance, quality inspection, and supply chain optimization, these gaps create exposure when incidents must be investigated or explained to regulators, customers, or partners.
Third-party relationships further compound the proof problem. Manufacturers routinely extend data to suppliers, cloud platforms, and AI vendors, yet 89 percent of organizations have never practiced incident response with third-party AI partners, and 78 percent cannot validate the quality or provenance of AI training data. Without centralized gateways and unified audit trails, tracing how data moves across supplier ecosystems becomes a manual and error-prone process, if it is possible at all.
The research identifies governance as the decisive factor separating organizations that can prove control from those that cannot. Organizations with engaged boards score up to 28 points higher across governance metrics, including data visibility, AI controls, and audit readiness. However, 54 percent of boards remain disengaged on these issues.
The report also identifies keystone capabilities that predict success across industries, including unified audit trails and training-data recovery. Organizations that have implemented these capabilities show performance advantages of up to 32 points across governance and risk metrics.
Download the full report here.
