Market Evidence

The control-layer opportunity around AI reliance.

AI adoption is no longer the question. Enterprises are already embedding AI into documents, software, workflows, vendors, and internal tools. The open market is the inspection, evidence, audit, and sign-off layer required before AI-assisted work becomes accountable.

This page separates adoption context, verified public warning lights, hidden operational exposure, budget adjacency, and market inference. Public failures are not TAM. They are evidence of a control gap.

Methodology note This page combines enterprise survey data, public legal and regulatory signals, security research, source-linked case examples, and illustrative operating models. Context numbers show adoption and budget adjacency; they are not presented as IQAI market size.

01 · Top-line findings

AI use is broad. Control maturity is not.

The relevant signal is not that AI is large. It is that AI is entering enterprise workflows faster than organizations can operationalize governance, review, and reliance controls.

88%

Organizations using AI

McKinsey reports that 88% of surveyed organizations regularly use AI in at least one business function. Source

62%

Experimenting with or scaling agents

McKinsey reports 23% scaling agentic AI somewhere in the enterprise and another 39% experimenting. Source

63%

AI governance gap

IBM reports that 63% of breached organizations either lacked an AI governance policy or were still developing one. Source

97%

AI access-control gap

IBM reports that 97% of organizations with AI-related breaches lacked proper AI access controls. Source

These figures are not IQAI market size. They show the scale of enterprise reliance forming around AI, and the control gap that follows.

02 · Market structure

Adoption is ahead of control.

The opportunity is not AI adoption itself. It is the widening gap between AI-generated output and the enterprise systems required to verify, govern, and rely on that output.

Regular AI use

88%

Agent experimentation / scaling

62%

Governance policy gap

63%

AI breach access-control gap

97%

Reading: organizations are scaling AI usage faster than they are scaling governance, verification, and AI-specific controls.

Commercial implication: the control layer becomes more valuable as AI volume rises and manual review becomes harder to sustain.

03 · Why this market exists

The risk appears when output becomes reliance.

AI output by itself is not the whole enterprise problem. The risk appears when that output moves into a business artifact, software change, customer response, report, claim, or decision.

Step 1

AI generates output

Summaries, claims, code, reports, recommendations, answers, or agent actions.

Step 2

Output enters workflow

The output moves into legal, product, engineering, compliance, or client work.

Step 3

People rely on it

Teams use the output to make a decision, file a document, ship code, or advise a client.

Step 4

Organization becomes accountable

The issue becomes legal, operational, financial, reputational, or audit exposure.

IQAI

Inspection before reliance

Diagnostics, Risk, and Code create the review layer before AI-assisted work is trusted.

The market is the control point between output and reliance: evidence, verification, sign-off, scope control, and receipts before the organization becomes responsible.

04 · Public warning lights

The failures are already visible.

Public cases do not measure the full market. They show where unverified AI output has already crossed into legal, regulatory, financial, or professional accountability.

2023

Mata v. Avianca

ChatGPT-generated fake legal citations were submitted in a federal brief. The court imposed a $5,000 Rule 11 sanction. Source

2024

SEC Delphia / Global Predictions

The SEC charged two investment advisers with false and misleading statements about their use of AI. The firms agreed to $225,000 and $175,000 civil penalties. Source

2025

Deloitte Australia / government report

Deloitte Australia agreed to partially refund the Australian government after a report contained apparent AI-generated errors, including fabricated references and a fabricated court quote. Source

2025

SEC v. Presto Automation

The SEC alleged that Presto made misleading statements about its AI automation capabilities, including claims about human labor being replaced. Source

2025

DOJ / SEC v. Albert Saniger, Nate

The DOJ charged Nate’s founder with allegedly misrepresenting the company’s AI capabilities while human workers manually processed transactions presented as automated. Source

2026

German AI Overview liability ruling

A German court reportedly treated Google's AI Overview as Google's own content when it made unsupported claims. The reported ruling is a market signal, not a settled global rule. Source

2026

Withers v. City of Aberdeen

Reuters reported that a federal judge disqualified lawyers on both sides after unverified AI-generated research led to fabricated legal citations. Primary attorneys received two-year district bans and fines. Source

Public warning lights are not TAM. The market is the control layer organizations need before these failures become public events.

05 · Failure pattern

The same control gap appears across markets.

The cases are not isolated anecdotes. They point to a repeatable enterprise problem: AI-assisted work can look complete before it is verified.

Legal

Failure: fake citations, fabricated quotes, weak cite-checking.

Consequence: sanctions, fee exposure, professional scrutiny.

IQAI Risk

Reports

Failure: unsupported references, wrong evidence, fabricated sources.

Consequence: corrections, refunds, client-trust damage.

IQAI Risk

Regulatory

Failure: AI-capability claims that outrun the evidence.

Consequence: enforcement, disclosures, investor concern.

Diagnostics + Risk

Software

Failure: insecure code, task drift, unreviewed agent changes.

Consequence: remediation, rollback, production risk.

IQAI Code

Vendor risk

Failure: unverified AI claims and AI-assisted deliverables.

Consequence: procurement delay, reliance risk, audit gaps.

Diagnostics + Risk

06 · Verification burden

AI saves drafting time. It creates verification work.

The economic issue is not only whether AI produces output. It is whether organizations can verify, evidence, and approve that output without consuming the productivity gain.

4.6h

Executive time saved per week

Foxit reports executives estimate AI saves them 4.6 hours per week, but they spend 4 hours and 20 minutes validating AI-generated outputs. Source

3.6h

End-user time saved per week

Foxit reports end users save 3.6 hours per week but spend 3 hours and 50 minutes reviewing those outputs. Source

Executives: time saved

4.6h

Executives: validation time

4.33h

End users: time saved

3.6h

End users: review time

3.83h

Reading: AI productivity gains are being partially consumed by trust work: validation, source review, escalation, and correction.

The point is not that AI has no value. The point is that productivity gains require a review layer. IQAI turns verification from ad hoc labor into structured inspection, evidence capture, and sign-off.

07 · Software and agents

AI-generated code expands the control surface.

AI coding tools increase software output. That creates a second market: controlling agent behavior, scope drift, file changes, protected paths, review status, and production-readiness risk.

84%

Use or plan AI dev tools

Stack Overflow reports that 84% of respondents use or plan to use AI tools in development. Source

51%

Professional developers use daily

Stack Overflow reports that 51% of professional developers use AI tools daily. Source

45%

AI code samples failed security tests

Veracode reports 45% of AI-generated code samples failed security tests and introduced OWASP Top 10 vulnerabilities. Source

IQAI Code is not just another code scanner. It is positioned as a control layer around AI-assisted development sessions: what changed, whether the agent stayed in lane, what was touched, and what needs review.

08 · Hidden exposure

The market is larger than the fine.

Public penalties, sanctions, corrections, and refunds are the visible layer. The larger cost sits in prevention, review, remediation, legal defense, audit burden, procurement scrutiny, and loss of trust.

Visible layer

Sanctions

Penalties

Corrected reports

Partial refunds

Public scrutiny

Hidden layer

Manual verification time

Senior review and escalation

Legal defense and remediation

Audit preparation and evidence reconstruction

Procurement delays and vendor scrutiny

Insurance and professional-liability concern

Client trust and reputational damage

Visible event	Hidden enterprise cost
Court sanction	Legal defense, partner review, malpractice concern, insurer scrutiny, client confidence loss.
Corrected report	Rework, refund pressure, procurement scrutiny, senior review, reputational damage.
Regulatory AI-claim action	Claim substantiation, disclosure review, compliance redesign, investor-relations risk.
AI coding failure	Security review, rollback, remediation, production delay, incident response.
Shadow AI incident	Access-control rebuild, audit findings, board reporting, data exposure investigation.

The commercial opportunity is not the penalty. It is the prevention, inspection, evidence, and sign-off layer before AI-assisted work becomes accountable.

09 · Review-cost model

Manual review does not scale linearly.

The model below is illustrative, not TAM. It shows how verification costs can grow once AI-assisted artifacts enter normal enterprise workflows.

Small team

500 AI-assisted items per month · 10 minutes review · $100 loaded hourly cost

$100k

Illustrative annual review cost

Useful for one department or practice group
Low-complexity documents or code changes
Mostly manual verification

Mid enterprise

5,000 AI-assisted items per month · 15 minutes review · $150 loaded hourly cost

$2.25M

Illustrative annual review cost

Multiple business functions using AI
Legal, compliance, software, and vendor review pressure
Escalations begin to overload senior reviewers

Regulated enterprise

20,000 AI-assisted items per month · 20 minutes review · $200 loaded hourly cost

$16M

Illustrative annual review cost

High-stakes documents and software changes
Audit, regulator, client, and board exposure
Manual review becomes a bottleneck

The purpose of IQAI is not to remove human judgment. It is to make review structured, triaged, reproducible, evidence-linked, and auditable.

10 · Budget adjacency

The buying logic sits inside existing budgets.

IQAI does not need enterprises to invent a new category. It connects to control budgets already used for governance, risk, security, audit, software assurance, and vendor oversight.

Existing budgets

AI governanceDiagnostics

GRC / complianceRisk

Legal operationsRisk

Internal auditRisk + Diagnostics

CybersecurityDiagnostics + Code

AppSec / DevSecOpsCode

Vendor riskRisk + Diagnostics

→

Buying reasons

Evidence before relianceAudit

Claim-level support reviewLegal

AI behavior inspectionCIO / CTO

Agent and code controlEngineering

Vendor AI verificationProcurement

Defensible sign-offCompliance

Reduced rework and remediationFinance

11 · Existing budgets

IQAI maps to budgets enterprises already have.

The detailed buying logic does not require a new category. IQAI attaches to governance, risk, legal, audit, security, software assurance, and vendor-risk budgets already under pressure.

Existing budget	Buyer	IQAI fit
AI governance	CIO, CTO, Head of AI, Responsible AI	Inspection, evidence, reproducibility, policy implementation, decision-readiness review.
GRC / compliance	Compliance, risk, control owners	Review posture, exceptions, sign-off trails, evidence records.
Legal operations	General Counsel, legal ops	AI-assisted claims, citations, filings, contracts, reports, and public statements.
Internal audit	Chief Audit Executive	Receipts, review records, reconstructable evidence, control testing.
Cybersecurity / AI security	CISO, security architecture	Shadow AI, AI-agent behavior, insecure outputs, access-control concerns.
AppSec / DevSecOps	VP Engineering, AppSec, platform engineering	AI-assisted code review, task drift, protected paths, production-readiness control.
Vendor risk	Procurement, risk, legal	Verification of AI claims, vendor deliverables, evidence, and third-party reliance.
Professional-services quality	Managing partners, delivery leads, risk partners	Client deliverable review before external reliance.

12 · Product map

Three products. One control-layer market.

Each IQAI product maps to a different enterprise control surface. The common object is reliance: the moment before AI output becomes a business artifact, software change, claim, or decision.

IQAI Diagnostics

Inspects AI behavior before reliance: instability, overconfidence, unsupported claims, drift, reproducibility, hesitation, and decision readiness.

Buyers: CIO, CTO, Head of AI, Responsible AI, vendor risk.

Budgets: AI governance, model evaluation, vendor AI review.

AI governance Model review Vendor AI

IQAI Risk

Reviews AI-assisted documents before they become accountable artifacts: claims, evidence links, unsupported exposure, review queues, receipts, and human sign-off.

Buyers: General Counsel, compliance, audit, professional-services quality.

Budgets: Legal ops, GRC, internal audit, quality control.

Legal GRC Audit

IQAI Code

Controls AI-assisted software development and coding agents: file changes, task drift, protected paths, unauthorized scope expansion, review status, and production readiness.

Buyers: CTO, VP Engineering, CISO, AppSec, platform engineering.

Budgets: AppSec, SDLC governance, DevSecOps, software QA.

AppSec SDLC Agents

13 · Buyer map

Who pays, and why.

IQAI is bought by the people responsible after the AI demo is over: legal, risk, audit, engineering, security, procurement, and enterprise technology leaders.

Buyer	Problem owned	Why they pay	Product
General Counsel	Unsupported claims, bad citations, filings, reports, liability exposure.	Needs defensible review records and evidence of diligence.	Risk
CIO / CTO	AI spreading across tools, systems, workflows, and vendors.	Needs AI scale without uncontrolled reliance risk.	Diagnostics + Code
CISO / AppSec	Shadow AI, AI-agent access, insecure outputs, risky code.	Needs control over AI-assisted software and system behavior.	Code + Diagnostics
Compliance / GRC	AI policy, evidence, exceptions, and controls.	Needs review status, receipts, and control records.	Risk + Diagnostics
Internal audit	Whether AI controls exist and were followed.	Needs reproducible evidence and sign-off trails.	All three
Professional services leadership	Client deliverables with unsupported citations, references, or recommendations.	Needs quality control before external reliance.	Risk
Procurement / vendor risk	AI claims and AI-assisted deliverables from vendors.	Needs independent verification before relying on suppliers.	Diagnostics + Risk

14 · Source ledger

Evidence, not hype.

The page uses adoption context, regulatory sources, public legal reporting, vendor research, and illustrative models. Market-size claims are deliberately avoided.

McKinsey — The state of AI in 2025 88% AI use in at least one business function; 23% scaling agents; 39% experimenting.
Open source

IBM — AI governance / access-control gap AI adoption outpacing security and governance; 63% governance-policy gap; 97% AI breach access-control gap.
Open source

Foxit — State of Document Intelligence Time saved by AI versus time spent validating AI-generated outputs.
Open source

Stack Overflow — Developer Survey 2025 AI development-tool adoption and daily use among professional developers.
Open source

Veracode — GenAI Code Security Report AI-generated code security failure rates across languages and OWASP Top 10 vulnerabilities.
Open source

SEC — Delphia / Global Predictions AI-washing enforcement involving false and misleading AI-related claims.
Open source

AP — Deloitte Australia report Public-sector consulting report with apparent AI-generated errors and partial refund.
Open source

The Decoder — German AI Overview liability ruling Reported ruling treating AI Overview statements as operator content. Treated here as a market signal, not legal advice.
Open source

Reuters — Withers v. City of Aberdeen Lawyers disqualified after unverified AI-generated research led to fabricated citations.
Open source

Investor conclusion

The market is the moment before reliance.

AI produces output. Organizations create liability when they rely on it. IQAI sits between the two.