Excerpt: The State of Customer Data in the World of AI Report

The following is an excerpt from the ‘2026 State of Customer Data in the World of AI’ report, which reveals why 81% of enterprises stalled at least one AI initiative in the past year - and what the companies pulling ahead are doing differently. Download the full report here.

Executive Summary

Every modern growth motion, including personalization, AI-driven targeting, first-party audience strategies, partner ecosystems, and more, runs on customer data. For most enterprises, the data is there, but the ability to activate it with confidence is not.

Somewhere in your enterprise right now, someone is asking: Can we use this data? Can marketing activate it globally? Can AI train on it? Is the consent still valid for this use case? They're likely not getting a fast answer. For the past decade, that question has been routed through policy documents, legal reviews, and manual reconciliation: a system built for a world where data moved slowly and AI wasn't in the picture. That world is gone. The legacy system is not.

The cost of that gap is now measurable. 81% of enterprises had at least one AI initiative delayed, scaled back, or abandoned in the past 12 months. And the initiatives stalling most often were the ones with the highest revenue ceiling: AI-driven marketing and segmentation (41%), data monetization (38%), and personalization (30%).

The problem isn’t models, talent, or strategy. 93% of organizations face permission and governance issues during their AI lifecycles. Two-thirds catch them in pre-production, when the cost of a fix is highest: after the team has been assembled, the data has been pulled, and the timeline has already slipped.

When faced with these challenges, the instinct is to write a tighter policy, but policy alone is not enough. Governance will never work until permissions and business rules are encoded into the systems that process the data. The companies pulling ahead right now are not the ones with better privacy policies. They’re the ones who shifted the "Can I use this data?" question from a blocker that stalls every team to an answer their infrastructure delivers automatically.

This report shows how.

The real problem: Infrastructure, not policy

For the past decade, enterprises built privacy and governance the same way: capture consent at the point of collection, store it in the CRM, and trust that the rest of the stack would respect it. That model made sense when data moved slowly and AI wasn't in the picture. It doesn't make sense now.

Security made this leap years ago. The industry didn't write memos about who should access systems: it built access controls, encryption, and authentication directly into the code, enforced by default. Privacy, consent, and permissioning are only beginning to make the same transition.

The distinction matters because security and privacy answer different questions. Security asks: Can we access this data? Privacy asks: Can we use it? A user can download a file, share a record, or feed a dataset into a model without violating a single access control—and still violate the promise the business made to the customer to whom the data belongs.

That gap, between access and usage, is where modern data risk lives. And with the proliferation of agentic AI, where systems pull and process customer data at machine speed without pausing for review, static capture and after-the-fact auditing don't just underperform. They fail outright.

The data confirms this is a structural problem, not a budgetary one. When enterprise leaders are asked why AI initiatives stall, the top reasons trace directly to architecture:

• Insufficient data quality or availability (40%)
• Inconsistent governance across tools, regions, and brands (36%)
• Limited visibility into how data can be used (31%), and
• Unclear consent data (29%)

Three of the top four point to the same root cause: the absence of a unified, real-time, enforceable view of what each piece of customer data is permitted to do. Budget and talent rank lower. The bottleneck is architecture.

Legacy consent and preference platforms cannot close this gap. They were built for a static data ecosystem, capturing consent at the point of collection and assuming the rest of the stack will respect it. They are not present inside the data warehouse, feature store, model pipeline, or agent runtime where data is actually consumed. The result is unavoidable fragmentation.