McKinsey: Responsible AI (RAI) Scores Rise, Governance Trails in Agentic Shift

McKinsey’s 2026 AI Trust Maturity Survey finds a modest but measurable rise in responsible‑AI maturity across enterprises, with the average score climbing to 2.3 in 2026 from 2.0 in 2025.

The survey was fielded between December 2025 and January 2026 and gathered responses from roughly 500 organizations across industries and regions, with respondents who hold responsibility or expertise in AI governance, risk, or investment decisions.

That overall improvement masks a clear imbalance: strategy, governance, and controls for agentic AI trail other capabilities. Only about one‑third of organizations reach a maturity level of three or higher in those dimensions, suggesting oversight structures are not keeping pace with technical advances.

Maturity also varies by sector and region. Technology, media, and telecommunications and financial services rank among the leaders, while Asia–Pacific leads regionally on overall RAI maturity—patterns McKinsey links to stronger risk management and data foundations in those groups.

Security and risk concerns top the list of barriers holding organizations back from fully scaling agentic AI: nearly two‑thirds of respondents name security and risk as the primary obstacle, ahead of regulatory uncertainty or technical limits.

When asked about specific risks, respondents flagged accuracy and cybersecurity as the most relevant issues. Seventy‑four percent identified inaccuracy as highly relevant and 72 percent raised cybersecurity as highly relevant as agentic and other AI uses expand.

McKinsey documents a widening gap between awareness of risks and active mitigation. Across nearly every risk category, organizations report higher perceived relevance than they do mitigation activity. AI incident frequency has stayed roughly stable at about 8 percent, yet confidence in organizational incident response has declined, with many reporting unsatisfactory handling of episodes.

Investment matters. Organizations that devote $25 million or more to responsible‑AI programs report materially higher maturity scores and are far more likely to realize significant business impact, including reported EBIT effects above 5 percent. McKinsey frames RAI investment as an enabler of sustained value rather than a drag on innovation.

Clear ownership maps to stronger capabilities. Firms that assign explicit accountability for RAI—through AI governance roles, audit lines, or ethics teams—average a maturity score of about 2.6 versus roughly 1.8 for organizations without a clearly accountable function. That gap underscores the role of decision rights and governance design.

Yet operational hurdles persist. Nearly 60 percent of respondents cite knowledge and training gaps as the leading barrier to implementing responsible‑AI practices, up from about 50 percent a year earlier, pointing to a shortfall in skills, operational playbooks, and awareness needed to embed RAI across teams.

McKinsey’s judgment is pragmatic: as AI systems grow more autonomous and are embedded in critical workflows, treating AI trust as a core business capability—built on clear accountability, robust controls, and continuous monitoring—is essential to scale agentic AI safely and capture the reported value. Organizations that fail to close governance and mitigation gaps risk slower adoption, larger incident impacts, and degraded stakeholder trust.

Original report here: https://www.mckinsey.com/capabilities/tech-and-ai/our-insights/tech-forward/state-of-ai-trust-in-2026-shifting-to-the-agentic-era