Two-thirds of organisations across Asia Pacific say their employees regularly use collaboration tools that have not been approved or vetted by IT teams — and 72 per cent believe these platforms are actively introducing new security risks, according to Mimecast‘s State of Human Risk 2026 study released on 19 May.

Shadow collaboration tools are becoming an AI governance problem

The research, based on a Vanson Bourne survey of 2,500 IT and security decision-makers across nine countries — including 250 in Singapore and 250 in Australia — found that while 90 per cent of APAC organisations consider collaboration tools essential to daily operations, governance has not kept pace with adoption. Only 37 per cent say they have automated compliance tools in place across multiple communication channels.

Mimecast frames this not merely as a shadow-IT problem but as an emerging AI governance risk. As enterprises begin deploying AI agents — systems that can operate simultaneously across multiple platforms and workflows — the fragmented and unmonitored collaboration environments many organisations have today become a structural liability.

“Work today happens across an increasingly fragmented mix of collaboration platforms, cloud environments and AI-assisted workflows. The challenge for many organisations is no longer simply securing a single channel like email. It is maintaining visibility, governance and trust across how work is created, shared and acted upon across the business.” — Nicky Choo, Vice President and General Manager, APAC, Mimecast

Governance gaps must be closed before agents arrive

The findings also show that 45 per cent of APAC organisations have already seen an increase in collaboration-tool-based threats over the past year, suggesting that the risks flagged in the survey are materialising in practice rather than remaining theoretical concerns.

Choo argued that organisations cannot afford to wait: AI agents will be deployed whether governance infrastructure is in place or not. Organisations that establish visibility and control over their collaboration environments now will be better positioned to scale agentic workflows safely, while those that do not risk deploying autonomous systems into environments they cannot adequately monitor or govern.

The State of Human Risk 2026 report is available for download at mimecast.com.