We surveyed 294 Director-and-above leaders at AI labs, R&D-heavy companies, biotech, and defense tech. A majority are confident their physical security would stop an intruder. Far fewer have the controls that would actually do it. That gap is the story.
Most leaders doing some of the most sensitive work in the world believe their front door is covered. Their own controls, and what they’ve personally witnessed, tell a different story. The risk isn’t that they don’t care. It’s that confidence has outrun coverage.
Ask leaders whether their program would stop an intruder and most say yes. Ask what’s actually instrumented behind that confidence and the number drops. A net 58% agree their program would prevent unauthorized physical access, yet only 52% have badge control on sensitive doors and only 47% escort visitors at all times. The belief is running ahead of the build.
58% believe their program would stop an intruder, but the controls that would make that true are present for only about half. The same pattern holds across every statement we tested: confidence sits above coverage on prevention, on accounting for who was in the building, and on contractor offboarding. Programs are being graded on intent, not on what’s instrumented.
The cleanest test of a physical security program is a simple one: can you say who was inside yesterday? For 44% of leaders, the answer is no. And the lived experience backs it up. 35% personally saw someone they didn’t recognize and weren’t sure should be there within the past month, and 19% still run visitor sign-in on a paper logbook.
If you can’t reconstruct yesterday, you can’t investigate an incident, prove who touched what, or close a gap you can’t see. Nearly half of these leaders are in that position, and many are relying on a paper log that walks out the door with whoever signed it.
Sophisticated cyber posture, 1990s-era physical posture. The confidence is real. The coverage isn’t.
The reason the gap persists isn’t cost. When we asked why missing controls weren’t in place, the runaway answer was that leaders had considered them and never prioritized them: 58% said so, nearly three times the share who cited expense. Another 9% didn’t know the capability was an option at all.
The case for action is already made inside these organizations. The blocker is prioritization, not conviction or money. Across seven advanced controls, 13 to 16% of leaders didn’t even know the capability existed. You can’t prioritize what you don’t know to ask for.
This gap would matter anywhere. It matters most here. When we asked what these leaders most fear losing, AI models and training data top the list, narrowly ahead of client data and proprietary research. No single asset dominates, which means the physical program has to defend a wide front. And the worry runs inward: two-thirds are concerned about contractors in spaces unsupervised and about insiders exposing information.
67% are concerned about insiders intentionally exposing information and 66% about contractors accessing spaces unsupervised, yet under half revoke terminated-employee access within 24 hours. The threats leaders rank highest are the ones their controls handle weakest. The gap isn’t academic. It sits directly in front of model weights, customer records, and research methods.
The conviction is already there. 58% of leaders believe their program would stop an intruder, but only about half have the controls to back it up, and 44% can’t say who was in the building yesterday. The fix is connecting the front door, not spending more: one visitor record, modern sign-in, watchlist screening, and access that ends the moment someone leaves. Envoy protects the places the world relies on most. Let’s start with yours.
Talk to EnvoyWe surveyed 294 Director-and-above leaders across AI labs, R&D-heavy companies, biotech, and defense tech in a guided interview format covering 18 structured questions. Percentages reflect unique respondents who selected each option and are rounded to whole numbers. Multi-select questions can sum above 100% and are labeled accordingly; single-select breakdowns sum to 100% within rounding. The “net agree” and “net concerned” figures combine the top two response options for a statement. All numbers in this report trace to the structured survey data.
We surveyed 294 Director-and-above leaders at AI labs, R&D-heavy companies, biotech, and defense tech. 44% can’t confidently say who was in their own building yesterday. In a year when a stranger near a whiteboard can mean a leaked model, that’s the number that should keep them up at night.
Strangers are already inside these buildings. Leaders are seeing them, and most can’t reconstruct who was on-site the day before. Against the value of what these organizations build, an unaccounted-for visitor is a real exposure, not a nuisance.
This isn’t a hypothetical risk surfaced by a survey prompt. 44% of leaders can’t confidently say who was in their building yesterday, and 35% personally saw someone they didn’t recognize and weren’t sure should be there within the past month. The people responsible for the building are watching unidentified people walk through it.
Seeing an unrecognized person is one problem. Not being able to reconstruct who was on-site is the deeper one. 44% can’t account for yesterday, which means if something walked out, they’d have no clean way to know who, when, or from where.
The unrecognized people aren’t staying in the lobby. 39% of leaders have personally seen a visitor or contractor reach a restricted physical area, and 28% have seen someone view or photograph work-in-progress on whiteboards, screens, or prototypes. Unauthorized people ending up where they shouldn’t be is a regular occurrence, not a rare one.
Four in five leaders report at least one unauthorized-access incident in the past year, and only 21% say it never happened. A stranger who reaches a whiteboard or an unattended workstation has, in effect, reached the work itself.
Think about what an unidentified person could have reached in the past six months, and what these organizations build in that time.
The reason 44% should alarm anyone is what these buildings contain. When we asked what leaders most fear losing, AI models and training data top the list, just ahead of client data and proprietary research. No single asset dominates, so an unidentified person near any workspace is a potential exposure across the whole portfolio. And the concern runs inward, toward the people already inside.
67% are concerned about insiders intentionally exposing information and 66% about contractors in spaces unsupervised. Those are exactly the unidentified and unescorted people showing up in the building. The fear and the witnessed reality point at the same person walking past the same whiteboard.
Here’s the part that doesn’t add up. The same leaders watching strangers walk through their buildings are confident those buildings are secure. 58% believe their program would stop an unauthorized person, and 83% say their physical-cyber budget balance is about right. The witnessed reality and the stated confidence are pointing in opposite directions.
Only 12% admit they underinvest in physical security, even though 44% can’t account for yesterday and a third saw a stranger this month. Cyber posture is funded for the threats leaders fear. Physical posture is funded for the threats they used to fear. The unrecognized person in the hallway is the proof that the two have drifted apart.
44% of these leaders can’t say who was on-site yesterday, and a third saw an unrecognized person this month, all while a leaked model or photographed prototype is the cost of getting it wrong. The answer is making every person in the building known and accounted for: modern sign-in, watchlist screening, a single visitor record, and escorts that hold. Envoy protects the places the world relies on most. Let’s start with yours.
Talk to EnvoyWe surveyed 294 Director-and-above leaders across AI labs, R&D-heavy companies, biotech, and defense tech in a guided interview format covering 18 structured questions. Percentages reflect unique respondents who selected each option and are rounded to whole numbers. Multi-select questions can sum above 100% and are labeled accordingly; single-select breakdowns sum to 100% within rounding. The “net concerned” figures combine the very and somewhat concerned responses for a threat. All numbers in this report trace to the structured survey data.