Lenovo: HR Must Manage the Risks and Rewards of Workplace AI

As organisations line up to adopt the latest AI tools on offer, new research from Lenovo suggests many are struggling to keep pace with their own adoption.

While AI is becoming essential to productivity and decision-making, too many enterprises lack the governance, skills and guardrails to manage its use, creating a widening gap between innovation and oversight.

Lenovo’s Work Reborn report reveals that more than 70% of enterprise AI usage is happening without proper governance.

This rise in shadow AI – where employees use AI without the knowledge of their IT teams – is exposing organisations to operational, legal and ethical risks while constraining their ability to scale responsibly across the workforce.

Rakshit Ghura, Vice President and General Manager of Digital Workplace Solutions at Lenovo, explains the shift clearly: “AI adoption is no longer the challenge. Execution is.

“Usage is growing faster than organisations can control or secure it. Without that control, AI introduces as much risk and cost as it does opportunity.”

Uncontrolled and fragmented AI adoption

AI usage is now both pervasive and fragmented.

The security implications are stark: of the 70% of employees using AI weekly, one in three do so without IT oversight. This lack of coordination is already creating a two-speed workforce and undermining business outcomes.

One of the first casualties is return on investment. Disparate teams are procuring different tools for similar workflows, driving duplicative spend and slowing progress toward measurable results.

Instead of simplifying operations, AI is adding integration debt, governance blind spots and further complexity.

A divided employee experience is also emerging. Some teams benefit from secure, optimised, IT-supported systems; others rely on unmanaged alternatives simply to keep pace, heightening risks around data leakage, bias and inconsistent performance management.

For senior HR leaders, that fragmentation translates into unequal access to capability, uneven productivity metrics and growing cultural risk.

For UK and European organisations, the stakes are higher still. With the EU AI Act and adjacent regulations coming into force, businesses will need to demonstrate governance, accountability and risk management across the AI lifecycle, not just intention.

Current adoption patterns suggest many are not prepared, leaving compliance exposure and constraining the ability to scale AI responsibly at pace.

Employees themselves are becoming more alert to the downside risks. Nearly half (43%) now voice concerns about data exposure or AI-driven attacks, reflecting a growing recognition that unmanaged tools can introduce serious vulnerabilities across the organisation.

Without clear oversight, AI quietly expands the attack surface across devices, endpoints and data flows – raising the likelihood of breaches, compliance failures and operational disruption.

For senior HR leaders, that risk extends directly to sensitive employee records, candidate data and workplace analytics, where trust, ethics and regulation converge.

In many cases, the root cause is fragmented management. Devices, infrastructure and security are handled in silos, leaving gaps that can be exploited and diluting accountability across HR, IT and legal. Policies become uneven, controls are inconsistently applied, and leaders lack the visibility needed to assure safe, equitable use of AI at scale.

Unified approach to close the AI execution gap

To address these challenges, Lenovo advocates an integrated operating model that brings control back into the enterprise environment. Rather than treating devices, infrastructure and security as discrete layers, the approach unifies them so AI is governed from the point of entry, not retrofitted after deployment.

This model establishes policy and protection at the device level, then extends consistent controls across the ecosystem through a managed service. The result is end-to-end governance with common telemetry, auditability and response – supporting both risk reduction and workforce enablement.

By combining deployment, lifecycle management and security within a single framework, organisations can reduce complexity while improving visibility. For HR leaders, that translates into a more consistent employee experience, faster onboarding of approved AI capabilities and clearer evidence of compliance and accountability.

Lenovo’s TruScale Device as a Service for Security is built to deliver this end-to-end model, with built-in protection, continuous monitoring and streamlined management. The aim is to reduce risk, eliminate duplicated effort and enable organisations to scale AI adoption more effectively, with predictable operations and clearer ownership.

Ultimately, the findings suggest that the future of enterprise AI will be defined not by the speed of adoption but by the quality of management. Closing the AI execution gap can unlock faster returns, stronger security and a more sustainable path to innovation – while safeguarding trust, culture and performance across the workforce.