Stanford 2026 AI Index: What Business Leaders Need to Know About AI Adoption, Governance, and Risk

The Stanford Institute for Human-Centered Artificial Intelligence (HAI) has released its 2026 AI Index report, providing a data-driven snapshot of global AI development across industry, research, and policy.

The report finds that 88% of organizations now use AI in at least one business function, signaling that AI has moved into mainstream enterprise use. But AI deployment remains uneven, with limited governance, validation, and readiness.

The findings reflect broader discussions within the SAP community. AI adoption is broad, but autonomous use remains shallow; model benchmarks are improving faster than real-world validation; governance, infrastructure, sovereignty, talent development, and trust will determine whether AI can scale safely and profitably.

AI Adoption Is Broad, but Still Shallow

AI is now mainstream in enterprise settings. However, the report also finds that agentic deployment remains limited across most business functions.

Stanford finds that 88% of organizations now use AI in at least one business function, with generative AI used by 70% of organizations in at least one function and 53% of respondents overall. At the same time, AI agent deployment remains limited across most business functions, with adoption in the single digits in many areas, indicating that execution use is limited.

AI use is broad enough that SAP teams can no longer treat it as experimental, while agentic deployment remains limited enough that autonomous ERP should still be treated as a longer-term objective. This shows up as a gap between presence and execution.

The current phase in enterprise adoption is defined by augmentation within existing operating models. AI supports discrete tasks — documentation, incident summarization, testing — but remains layered onto existing processes.

Benchmark Gains Do Not Equal Procurement Proof

Edge cases are difficult to capture in generic AI benchmarks. The report shows rapid model improvement, while also warning that benchmark performance is not the same as readiness for customized, regulated, and exception-heavy enterprise processes.

Stanford highlights gains across coding, reasoning, multimodal, and agentic systems, including progress on OSWorld, where performance improved from roughly 12% to about 66%. That still implies failure on roughly one-third of tasks.

That shows why benchmark AI performance should not be treated as procurement proof. A model may perform well on software engineering or reasoning benchmarks and still fail when applied to enterprise process execution — custom pricing logic, compliance requirements, payroll exceptions, localization rules, or segregation-of-duties constraints.

Heavily modified SAP ECC and SAP S/4HANA environments add another layer of complexity. The right question is whether a model has been validated against the organization’s own SAP processes and operating context.

Responsible AI Requires Governance and Accountability

Responsible AI is becoming a governance, risk, and compliance issue, moving beyond ethics policies into enforceable controls, often with audit, compliance, and operational consequences.

Stanford reports that documented AI incidents — cases where systems cause harm, fail in production, or create unintended outcomes — rose to 362 in 2025, up from 233 in 2024, showing how failures are increasing alongside deployment. The report also shows uneven responsible AI maturity, with inconsistent risk reporting, limited transparency into model behavior, and a lack of standardized evaluation practices at leading AI organizations.

Stanford HAI co-director Yolanda Gil states the risk plainly: “We don’t know a lot of things about predicting model behaviors.”

That uncertainty translates into control exposure. AI outputs need to be traceable, reviewable, and accountable within existing process frameworks. Without clear validation and monitoring, AI-driven decisions can introduce audit gaps, weaken controls, and create compliance risk in finance, procurement, HR, and other regulated processes.

AI Infrastructure Is Becoming a Board-Level Discussion

AI’s infrastructure demands — large upfront investments, geographic concentration, and supply-chain dependency — have become an operational risk and a board-level concern.

The report highlights the uneven distribution of AI infrastructure, noting that the US has 5,427 data centers—more than ten times any other country. It also points out that TSMC fabricates most leading AI chips, showing how dependent the ecosystem is on a single supplier. This moves AI infrastructure into the same risk category as operational resilience, data residency, and vendor dependency.

AI performance and availability now depend on a small set of providers, regions, and energy-intensive facilities. Capacity limits, cost volatility, and regional concentration can affect uptime, latency, and resilience, extending existing cloud and infrastructure risks.

When taken together, these factors raise the cost of scaling AI. Moving from experimentation to enterprise production depends on a capital-intensive, capacity-constrained supply chain, which shapes cost, availability, and performance across AI-enabled workloads, such as RISE with SAP, SAP BTP, and SAP Joule.

AI Sovereignty Is Moving Into Policy and Enforcement

AI systems depend on data, infrastructure, models, applications, and talent. This places them within digital sovereignty agendas, which increasingly shape enterprise architecture.

Stanford identifies AI sovereignty as a growing policy focus, with governments shifting from regulation to building domestic capacity across infrastructure, data, and talent. The report points to rising state-backed investment in AI supercomputing and national infrastructure, alongside policies that limit where data can be stored and processed.

Governments are moving beyond data residency legislation, and into areas where AI and its infrastructure are treated as part of national strategic capacity. Control is no longer limited to where data is stored. It extends to where AI inference takes place, which models are allowed to process enterprise records, and how outputs are governed across jurisdictions.

Organizations operating across regions need to account for where AI processing occurs, how model behavior is governed, and what rules apply to access. Deployment choices now affect the ability to operate AI-enabled processes consistently across markets.

Talent Development Is a Hidden Transformation Risk

AI is changing the entry-level work that most enterprise technology teams use to develop talent. If junior tasks are compressed or automated, organizations may need new ways to train people who will later run and manage enterprise systems.

The report found productivity gains in AI-exposed work such as customer support and software development, with secondary coverage noting gains of roughly 14% in customer-service tasks and 26% in software-development tasks. At the same time, it notes that employment among young software developers in the US has declined by nearly 20%.

Expertise develops through hands-on exposure to real system behavior — support tickets, testing cycles, integration issues, and the complexity of core business processes. As AI tools take on early-stage work such as documentation, debugging, and test preparation, the volume of work that builds judgment begins to shrink.

AI-forward organizations will need new training models and clearer early-stage responsibilities to develop the next generation of SAP talent.

The Divide Between AI Adoption and Trust Is Growing

AI adoption and trust in AI are moving on different tracks. Deployment is accelerating, while confidence in governance, transparency, and outcomes is not keeping pace.

Nearly 60% of Stanford’s respondents believe AI’s benefits outweigh its drawbacks, up from 55%, suggesting a modest increase in optimism. But the report also finds that 52% of respondents express concern about AI-powered products and services.

Further, the perception gap between AI experts and the public remains wide, with 73% of experts expecting AI to improve work compared with just 23% of the public.

That gap points to a deeper mismatch between AI capability, leadership strategy, and workforce expectations. Introducing AI into ERP workflows without clear accountability exposes a legitimacy problem, where strategy bypasses those it affects most.

Organizations deploying AI need credible answers on accountability, job impact, and human control, as well as how new systems are perceived by customers and markets.

What This Means for SAPinsiders

• AI adds new points of failure into complex environments. These risks are not isolated to model performance, but emerge through integration with data, controls, and workflows, where small inconsistencies can create broader operational and compliance exposure.
• AI is creating new dependencies across enterprise systems. Models rely on shared data, infrastructure, and control frameworks, which link previously independent processes. This increases systemic risk, where failure or inconsistency in one area can propagate across finance, operations, and compliance workflows.
• Organizations are redefining how AI is measured. Performance is no longer based only on efficiency gains, but on reliability, auditability, and control. Evaluation expands from productivity metrics to include risk-adjusted outcomes, especially in regulated and process-driven environments like SAP.