Three numbers from Stanford HAI’s 2026 AI Index Report, released on 14 April 2026, belong on every board agenda this quarter.
Organisational AI adoption has reached 88%. Documented AI incidents rose to 362 in 2025, up 55% from 233 in 2024. And the Foundation Model Transparency Index, which measures how much frontier model developers disclose about their systems, dropped from an average score of 58 to 40, reversing a two-year improvement.
Adoption up, incidents up, transparency down. That is the operating environment every AI governance programme now has to work inside.
What the AI Index is, and why it matters
The AI Index is Stanford HAI’s annual attempt to measure the state of AI across technical performance, economics, responsible AI, policy, education, and public opinion. The 2026 edition is the ninth annual report, runs to 423 pages, and draws on data from government sources, academic papers, industry reports, and proprietary datasets including the AI Incident Database and the Foundation Model Transparency Index. It is not vendor-sponsored. It is not funded by a model developer. It is the closest thing the field has to an independent annual benchmark.
The report does not take positions. It presents data and lets the data carry the argument. For governance teams, the responsible AI chapter is the section that matters most.
Incidents are clustering, not just rising
The responsible AI chapter tracks documented AI incidents using the AI Incident Database, which defines incidents as “harms or near harms realised in the real world by the deployment of artificial intelligence systems.” The database recorded 362 incidents in 2025, up from 233 in 2024.
The raw count tells one story. The distribution tells a sharper one. Stanford’s underlying survey data, analysed in detail by Kiteworks, shows that the share of organisations reporting at least one AI incident held steady at 8% in both 2024 and 2025. What changed was the concentration. Among organisations that experienced incidents, those reporting three to five incidents rose from 30% to 50%. Those reporting only one or two incidents fell from 42% to 29%. (These figures derive from Stanford’s survey dataset; Kiteworks’ analysis is vendor-authored but the underlying data is Stanford’s.)
AI incidents are not spreading across more organisations. They are concentrating inside organisations that have already experienced them. The most likely explanation is uncomfortable: organisations with the most aggressive AI adoption are generating the highest incident counts, and they are not learning fast enough from the first one to prevent the second.
Self-assessed incident response capability is declining alongside the increase in incidents. Organisations rating their AI incident response as “excellent” dropped from 28% to 18% between 2024 and 2025. Those reporting “good” responses fell from 39% to 24%. Organisations are experiencing more incidents while feeling less capable of managing them.
Transparency is falling as capability rises
The Foundation Model Transparency Index, which Stanford runs separately from the AI Index but integrates into its findings, measures how much developers disclose about their models’ training data, compute resources, deployment practices, and downstream impacts. The average score rose from 37 in 2023 to 58 in 2024. In 2025, it dropped to 40.
The decline is not uniform. Individual model scores from the Foundation Model Transparency Index, published by Stanford’s Center for Research on Foundation Models, show that Meta fell from 60 to 31 and Mistral fell from 55 to 18. IBM scored 95 out of 100. The variation matters because organisations selecting AI providers are now choosing from a transparency spectrum that ranges from near-full disclosure to near-opacity, and the most popular commercial models are clustered toward the opaque end.
For governance teams, the transparency decline has a direct operational consequence. Risk assessments depend on understanding what the AI system does, what data it was trained on, and what safeguards the developer has applied. When the developer does not disclose that information, the deploying organisation either accepts unknown risk or builds its own testing and evaluation capability. Most mid-market firms do not have the resources for the second option, which means they are defaulting to the first.
The adoption number is the multiplier
Stanford puts organisational AI adoption at 88% in 2025, and the AI Index’s education chapter reports that four out of five university students now use generative AI for coursework. Generative AI reached 53% population-level adoption within three years of its mass-market introduction, faster than either the personal computer or the internet.
That adoption figure is the multiplier that makes the incident and transparency numbers consequential. At 10% adoption, AI incidents are edge cases. At 88%, they are operational risk. When nearly nine in ten organisations have AI in production, the question is no longer whether AI governance is necessary. It is whether the governance that exists can keep pace with the deployment it is supposed to oversee. The Grant Thornton AI proof gap data (covered in a separate SAW article) suggests it cannot: 78% of senior leaders lack confidence they could pass an AI governance audit within 90 days.
The responsible AI trade-off problem
The Stanford report surfaces a finding that complicates the standard governance approach. Recent empirical studies cited in the Index found that training techniques aimed at improving one responsible AI dimension consistently degraded others: improving safety can reduce accuracy, and improving privacy can reduce fairness. The report does not offer a resolution because none currently exists at scale.
For governance teams, this means setting responsible AI requirements as a list of independent checkboxes (safe AND fair AND transparent AND accurate) may not reflect how the underlying models actually behave. The trade-offs are real, they are measurable, and they need to be managed explicitly rather than assumed away.
The hallucination data reinforces the point. In a new accuracy benchmark tracked in the AI Index’s responsible AI chapter, hallucination rates across 26 leading models ranged from 22% to 94%. GPT-4o’s accuracy dropped from 98.2% to 64.4% on specific test categories. When a false statement is presented as something another person believes, models handle it competently. When the same false statement is presented as something the user believes, performance collapses. Models are sycophantic under pressure, and that pattern has direct implications for any deployment where AI output informs a consequential decision.
What this means for Australian organisations
The Stanford data is global. The 88% adoption figure covers organisational AI use worldwide. Australian organisations operating at or near that adoption rate are exposed to the same incident and transparency patterns the Index documents.
The transparency decline has a specific Australian implication. ASIC’s REP 798 examination of 23 Australian lenders found that most could not demonstrate how their AI-assisted decisions were made or what safeguards were in place. When the frontier models those decisions rely on have dropped their own transparency scores by 18 points, the burden of proof shifts entirely to the deploying organisation. The model developer is disclosing less. The regulator is requiring more. The gap between those two positions is the deployer’s problem, and the December 2026 automated decision-making transparency requirement will formalise that burden in statute.
SAW’s March 2026 analysis of AI security statistics found that organisations with structured AI governance reported 45% fewer AI-related security incidents and resolved breaches 70 days faster. The Stanford data now provides the denominator: with 362 documented incidents in 2025 and climbing, the baseline organisations are measuring against is rising. Governance is reducing a level of risk that is itself growing, which means the baseline organisations are measuring against keeps rising.
What governance teams should take from this
Map critical workloads to provider transparency. The Foundation Model Transparency Index scores are public. Organisations should know how transparent their primary AI providers are and factor that into risk assessments. A provider scoring 31 out of 100 on transparency requires more internal testing and assurance than one scoring 95.
Revisit incident response plans to assume repeat incidents. The Stanford clustering data shows that first incidents predict second and third incidents within the same organisation. Response plans designed for one-off events will not work for organisations generating recurrent AI failures. The plan should include post-incident governance review, not just technical remediation.
Set board-level KPIs for AI risk. Boards that receive quarterly AI reports showing adoption rates and cost savings but no incident data, transparency scores, or governance maturity metrics are seeing half the picture. The Stanford data provides a framework for the missing half: incidents per quarter, provider transparency rating, governance confidence score (the Grant Thornton test), and time-to-remediation for AI failures.
Build internal evaluation capability to compensate for provider opacity. When providers disclose less, deployers need to test more. Red-teaming, bias testing, hallucination benchmarking, and output monitoring are not optional extras for organisations using models in the bottom half of the transparency index. They are the minimum governance infrastructure for unknown-risk deployments.
The direction of these curves
Stanford’s data shows adoption accelerating, incidents unlikely to fall unless governance improves faster than deployment, and transparency unlikely to recover unless regulators or market pressure force disclosure. The curves are moving in the wrong direction for any organisation that is relying on the AI ecosystem to self-govern.
The organisations that will navigate these trends are the ones building governance as an operational discipline inside their own perimeter, rather than outsourcing it to model providers whose transparency is declining, or to regulators whose enforcement is still catching up. The Stanford data does not say governance is hopeless. It says governance that is not keeping pace with deployment is already producing measurable harm, and the pace is not slowing.
Sources
- Stanford HAI, “The 2026 AI Index Report,” released 14 April 2026 (ninth annual edition; adoption, incidents, transparency, responsible AI findings). hai.stanford.edu
- Stanford HAI, “Responsible AI” chapter of the 2026 AI Index (incidents 233 to 362; transparency index 58 to 40; hallucination benchmarks; responsible AI trade-offs). hai.stanford.edu
- Kiteworks, “Stanford AI Index 2026: Why 62% Say Security Blocks Agentic AI Scaling,” April 2026 (vendor-authored analysis of Stanford’s incident clustering data; underlying numbers are Stanford’s). kiteworks.com
- The Register, “Everyone agrees AI will hurt elections, relationships,” April 2026 (independent coverage of adoption and incident figures). theregister.com
- Analytics Drift, “Stanford AI Index 2026: Capabilities Are Historic, Transparency Has Collapsed,” April 2026. analyticsdrift.com
- AI to ROI, “The 2026 Stanford HAI AI Index Report,” 15 April 2026 (governance stress test framing). ai2roi.substack.com