The information processing settlement (DPA) — the bedrock contract firms use to judge how distributors deal with private knowledge — can not be trusted at face worth. That’s the central, and arguably most alarming, conclusion of DataGrail’s Privateness and AI Developments Report 2026, launched at this time.
The San Francisco-based privateness platform analyzed 2,400 well-liked enterprise software program suppliers and located that 63.6% of distributors that prominently promote AI capabilities don’t disclose a third-party AI subprocessor of their authorized documentation. The implication: nearly all of firms buying AI-enabled software program could also be unknowingly exposing their clients’ knowledge to AI fashions and pipelines they by no means reviewed, by no means authorised, and will not even know exist.
“All software program distributors try to maneuver to grow to be AI distributors, which is sensible, however the applied sciences are transferring sooner than AI governance can really sustain,” DataGrail co-founder and CEO Daniel Barber instructed VentureBeat in an unique interview forward of the report’s launch. “The DPA needs to be the dependable doc that groups use to judge AI danger, however based mostly on that quantity, that is not sufficient in 2026.”
The discovering drops into an enterprise panorama the place organizations with excessive ranges of shadow AI already expertise common breach prices of $4.63 million — $670,000 greater than these with low or no shadow AI, based on IBM’s 2025 Value of Information Breach Report. And it arrives in a yr when U.S. states gave out $3.425 billion in privacy-related fines — greater than the final 5 years mixed — a development Gartner expects to speed up via 2028.
How researchers uncovered the rising hole between AI vendor contracts and actuality
DataGrail’s methodology for arriving on the 63.6% determine goes effectively past studying contracts. The corporate’s analysis crew cross-referenced DPA disclosures in opposition to product documentation, GitHub environments, API connections, and advertising and marketing supplies for every of the two,400 distributors in its monitoring universe.
Barber walked VentureBeat via the method: “We seemed on the DPA because the baseline, however then what we additionally checked out is the GitHub atmosphere, the API connections {that a} specific vendor has, the product documentation, the advertising and marketing documentation, and triangulate that info to discern — okay, so the DPA doc says use OpenAI, however really you have received these three AI subprocessors over right here in your product documentation outlining options and performance, however that’s not mirrored in your DPA.”
When requested immediately about how assured he was that these gaps characterize precise shadow AI danger fairly than distributors utilizing proprietary know-how, Barber was unequivocal. “Very assured, as a result of we seemed on the pattern of the two,400 techniques, and we spent a considerable period of time really taking a look at product documentation, GitHub environments, taking a look at precise API connections, as a result of we combine with these techniques as effectively, so we all know how they course of private info. It’s from main analysis.”
The disclosure hole issues as a result of it undermines the complete chain of belief that privateness applications depend on. Contemplate a situation Barber described: An organization invests in an AI recruiting software. The software’s DPA lists Claude as its foundational mannequin. The corporate dutifully performs a safety evaluate of Anthropic’s AI. However the recruiting software additionally quietly makes use of OpenAI and Gemini behind the scenes — fashions the corporate by no means evaluated.
These undisclosed fashions then course of hundreds of resumes and execute automated hiring choices. The corporate, with out figuring out it, has uncovered delicate private info — residence addresses, monetary knowledge, probably Social Safety numbers — to AI techniques it by no means vetted, doubtlessly violating FTC laws on automated decision-making in employment. “How these distributors are evaluating and performing that automated determination making could possibly be actually disastrous for a enterprise,” Barber mentioned.
One-third of AI techniques additionally course of delicate knowledge, and the true quantity is probably going larger
The disclosure hole alone could be regarding sufficient. However DataGrail’s report layers on one other discovering that makes the issue materially worse: 32.8% of AI techniques that disclose AI capabilities additionally disclose at the least one different high-risk exercise, reminiscent of processing delicate private info or powering automated decision-making. Amongst AI techniques with self-reported danger elements, 47.1% course of private knowledge, 20.7% have the potential to energy automated decision-making, 16.5% course of delicate knowledge classes like well being or monetary info, and seven.5% course of biometric knowledge.
The report argues these figures nearly actually undercount precise publicity, since they mirror solely what distributors have formally disclosed. Distributors may underreport entry to non-public knowledge, and the inherent flexibility of AI means even good-faith distributors may not predict riskier consumer functions of their instruments.
This has instant regulatory implications. The CCPA’s new danger evaluation requirement, efficient January 1, 2026, requires companies to conduct and doc danger assessments for processing actions that current important privateness dangers — and would require submission to CalPrivacy by April 2028, with government attestation below penalty of perjury.
Processing delicate private info with AI, or utilizing AI for automated decision-making, are exactly the actions that set off this obligation. The report finds that 42% of firms deserted AI initiatives in 2025 with knowledge privateness considerations cited as a main impediment — a statistic sourced to S&P International analysis. Privateness groups that have interaction early with AI tasks, Barber argues, can forestall that waste by guaranteeing safeguards are in place earlier than launch, with AI danger assessments serving as the fitting start line.
Why consent administration turned 2025’s most punished privateness failure
Whereas shadow AI remains to be a more moderen class of menace, the report makes clear that conventional privateness challenges haven’t eased — they’ve intensified. Consent administration was the busiest enforcement matter of 2025. California alone publicly reported $4.3 million in CCPA consent settlements, and 2025 noticed over 1,400 class motion wiretapping fits pushed by non-public companies investigating monitoring pixels and session replay software program.
Regardless of this enforcement wave, 63% of the 5,000 web sites DataGrail audited nonetheless fail to adjust to common opt-out mechanisms such because the International Privateness Management sign. Whereas that determine represents an enchancment from 75% non-compliance in 2023, the tempo of enchancment is gradual relative to the acceleration in enforcement.
Barber pointed to the case of Todd Snyder, the menswear retailer that the California Privateness Safety Company fined $345,178 in Might 2025, as proof that enforcement is not reserved for giant tech. “This can be a enterprise that has two or three shops throughout the U.S. They’ve 300 workers,” he mentioned. “They run tight margins as a result of they seem to be a shopper menswear clothes retailer.”
The California Legal professional Basic additionally reached a $2.75 million settlement with Disney over failures to honor opt-out alerts, whereas the California Privateness Safety Company has introduced enforcement actions in opposition to PlayOn Sports activities and Ford — a sample that demonstrates each the breadth and depth of regulatory exercise. Among the many trackers that fireplace even after a consumer sends a GPC sign, the report discovered that 27.1% come from Google Analytics and 43.8% are for focused promoting through platforms like Meta and Microsoft.
For customers who do have interaction with consent banners, 48.3% click on “Settle for all,” whereas solely 12.4% choose “Important solely” and a pair of.3% customise their preferences. A full 37% merely exit the banner with out making a range. The sensible takeaway: lower than 15% of customers make a aware option to decide out of monitoring, which suggests consent banners current comparatively low enterprise danger when correctly configured — however monumental regulatory danger when they aren’t.
Information deletion requests surge 567% as the price of guide processing hits $1.5 million a yr
Information topic request quantity hit an all-time excessive for the fifth consecutive yr. Deletion requests have surged 567% since 2021 and now characterize 87% of all knowledge topic requests. Entry requests, in contrast, have progressively declined as shoppers skip visibility and attain straight for the delete button.
The price is staggering. For a mid-sized group receiving 5 million annual internet guests, the report estimates guide DSR administration now runs roughly $1.5 million per yr, based mostly on Gartner’s estimated value of $1,524 per guide DSR. The common value has climbed from $238,000 in 2021 to $1.51 million in 2025 — a trajectory that makes guide processing not simply inefficient however, because the report argues, “irresponsible.”
Barber emphasised that these numbers mirror verified human requests with bot and spam visitors excluded, and that knowledge dealer situations — which can see their very own large inflow of requests below California’s Delete Act — are reported individually. “That could be a pure enhance,” Barber instructed VentureBeat. “Should you’ve now received 20-plus U.S. states with privateness regulation, it is unlikely that we see a federal invoice handed, regardless that we have seen one proposed. And whereas we do not see federal consciousness and regulation, we do see on the state degree over 20 states, and that will really enhance consciousness for the buyer much more.”
He added a telling element about how companies are responding in observe: “99% of DataGrail clients do course of that deletion” even for residents of states with out privateness legal guidelines, “just because it is too laborious at this level. Discerning and even speaking to the individual, ‘Hey, you reside in Montana, sorry, you are simply in an unlucky state with out regulation’ — you simply cannot try this.” Information brokers felt the influence most acutely, with a 398% enhance in deletion requests in comparison with 2024 and a mean of over 2,000 deletion requests dealt with per 30 days.
State regulators issued $3.4 billion in privateness fines final yr, and each events need extra
The regulatory panorama underpinning all of those traits has essentially shifted from schooling to punishment. Almost half of U.S. states now have a complete privateness legislation in impact, plus over 160 AI-specific legal guidelines. State legislatures enacted 145 AI-related legal guidelines in 2025 alone, with one other thousand launched or reworked. Based on Gartner, over 50% of the U.S. inhabitants is now coated by a complete state privateness legislation, with 24 extra states anticipated to go legal guidelines inside 5 years. States have additionally begun pooling their assets, with ten forming the Consortium of Privateness Regulators final yr and pledging to coordinate investigations throughout state strains.
Barber argued that privateness enforcement is essentially bipartisan, which insulates it from the shifting political winds of the present administration. “Privateness total is a reasonably bipartisan difficulty,” he mentioned. “It is easy to go privateness regulation as a result of constituents considerably count on privateness of their day-to-day residing. Should you had been flying on an airline and so they mentioned, ‘Okay, this seat, if you’d like your privateness, you are going to should pay $6 extra,’ you are like, ‘I’ll go to a different airline.’ It is an anticipated a part of a transaction at this stage.”
He predicted that different states will replicate California’s enforcement mannequin. “California has their enforcement division, CalPrivacy. That group has one activity: to make sure enforcement of privateness all through companies. Is it possible that we see different states get funding and assist to fund a lot of these teams? Extremely possible. The enforcement fines — the precise funds — return to us as constituents. That kind of mannequin, you can think about, being very fashionable throughout the nation.”
Privateness groups are dropping a 3rd of their employees simply as AI governance calls for explode
Maybe probably the most paradoxical discovering within the report is that privateness groups misplaced as a lot as 33% of their headcount final yr, whilst their workloads expanded throughout each metric the report tracks. Cisco knowledge cited within the report exhibits that 90% of privateness applications expanded in 2025 because of AI, whereas solely 12% of AI governance applications are thought of mature. In the meantime, 74% of privateness groups deliberate to use AI to privacy-related duties in 2026, based on ISACA’s State of Privateness 2026 survey.
Barber sees this as a part of a broader macroeconomic sample fairly than an indication that organizations don’t worth privateness. “It is really a captivating macro development, and doubtless one you have seen throughout all features,” he mentioned. “Companies are driving extra effectivity in all components of the enterprise. Privateness groups, 5 years in the past, we might have mentioned, ‘Properly, there’s extra regulation, the quantity of deletions have elevated 500%, we want extra people.’ It is grow to be clear that AI supplies capabilities that may do the work for privateness people.” He drew an analogy: “They may have had a design crew of 20 folks 5 years in the past, now they’ve a design crew of 5, courtesy of Claude Design or Gamma or regardless of the software could also be. I believe that is what we’re seeing right here as effectively.”
DataGrail has positioned its personal AI agent, Vera — launched in March 2026 — as a part of the reply. Vera is embedded inside DataGrail’s present platform and goals to automate privateness workflows throughout a number of jurisdictions. The corporate was additionally named the primary production-ready Mannequin Context Protocol server for privateness, utilizing the usual created by Anthropic to allow clients to launch DataGrail instruments from no matter software they’re already working in, whether or not Slack, electronic mail, or Claude.
Can a vendor-produced report be trusted to diagnose the issues that vendor sells options for?
DataGrail is, in fact, an organization that immediately advantages from the issues its report identifies. The corporate has raised a complete of $84.2 million over 5 rounds, with its largest being a $45 million Collection C in October 2022 led by Third Level Ventures. Its platform addresses exactly the information mapping, DSR automation, consent administration, and danger evaluation challenges the report spotlights.
Barber acknowledged the strain immediately. “It is a honest assertion,” he mentioned when requested about potential skepticism. “DataGrail would not present a service to maintain DPAs updated — that is on a enterprise to judge how they work with a vendor. What DataGrail does assist to do is assessments, and automate these assessments utilizing our AI agent, Vera, to evaluate that elevated danger.”
He argued that the extra impartial studying of the information is structural: “That is proof to point out that the DPA sadly isn’t maintaining with know-how and the pace at which know-how is innovating. That is each thrilling but additionally we have to settle for that is the place we’re.” The methodology does lend some credibility to this declare.
The report attracts on anonymized privateness operations knowledge from tons of of enterprise clients, the two,400-system AI monitoring database, and the 5,000-website consent audit — sources which are at the least partially unbiased of DataGrail’s industrial pursuits. And the broader findings on enforcement spending, DSR quantity traits, and regulatory growth align intently with independently revealed knowledge from Gartner, Cisco, and state enforcement businesses.
The subsequent frontier: agentic AI may unfold unvetted knowledge throughout complete organizations autonomously
When requested about crucial development that didn’t make it into the report, Barber pointed to a next-generation danger that extends the shadow AI drawback into way more harmful territory: agentic AI workflows. Gartner predicts 40% of enterprise functions will function task-specific AI brokers by finish of 2026, up from below 5% in 2025 — a tempo of adoption that would quickly outstrip the governance mechanisms firms are solely now starting to construct.
“The place we go subsequent with this analysis is agent processing,” Barber mentioned. “How are brokers then leveraging that info? As a result of the downstream ramifications could be way more regarding for a enterprise. One specific system is utilizing shadow AI, the enterprise has no concept that that is occurring, after which an agent is propagating that info throughout an entire bunch of different locations. The guardrails of you and I checking the system might be decrease than possibly what we have seen prior to now with agentic workflows.”
He framed the excellence in human phrases: “The identification of an agent is totally different than a human. There’s thought that goes into what am I about to make use of right here, the place did this info come from, how was it collected — that is probably not thought of in the identical manner for an agentic workflow. We have to resolve the basis of the issue, which is how are these companies leveraging AI subprocessors. However this rapidly turns into an agentic drawback that could possibly be way more regarding.”
For the enterprise privateness and safety leaders absorbing this report at this time, the uncomfortable reality is that the foundational paperwork and processes they’ve relied on to handle vendor danger for years are decomposing in actual time. The DPA is breaking down as a dependable instrument. State enforcement is accelerating on a bipartisan foundation. Privateness groups are shrinking whilst their mandates broaden. And the following wave of agentic AI techniques threatens to distribute unvetted knowledge processing throughout networks of autonomous brokers that function with even much less human oversight than at this time’s instruments.
5 years in the past, when DataGrail revealed its first traits report, deletion requests had been a fraction of what they’re at this time, solely a handful of states had privateness legal guidelines on the books, and the phrase “shadow AI” didn’t exist. Yearly since, the report has warned that the issue was getting worse. Yearly, the information has proved it proper. The businesses that survive the following chapter is not going to be those with the most important compliance groups or the thickest coverage binders. They would be the ones that settle for a disorienting new actuality: in 2026, the contracts you signed might not describe the AI that’s already processing your clients’ knowledge — and by 2027, autonomous brokers could also be deciding what to do with it.