AI Agents Are Entering Critical Workflows.
Who’s Governing Them?
New research reveals how organizations are deploying AI faster than they can govern it—and why identity, visibility, and control are becoming the new requirements for scale.
The more AI agents organizations deploy, the less confident they are in their ability to control them.
Six months ago, 40% of IT leaders described their organizations as mature in AI deployment. Today, that number has fallen to 23%, even as AI agents gain broader access, take on more autonomous actions, and move deeper into production environments.
More than six in ten organizations now have AI agents running in production workflows. As those agents move beyond pilots, organizations face a growing challenge: governing what agents can access, what they can do, and how their actions can be monitored and controlled.
The result is a widening gap between AI deployment and AI readiness. Security is now the top obstacle to expanding AI agent use, and three in four IT leaders say AI is advancing faster than their organization’s ability to manage the risks it introduces.
To understand how organizations are navigating this shift, JumpCloud surveyed 800 IT leaders across the United States and the United Kingdom. This report examines how AI agents are being deployed, where governance and identity gaps are emerging, and what organizations must do to scale AI securely.
The AI Maturity Mirage
IT leaders are moving out of the hype-and-experimentation phase of AI and into the harder work of scaling it, and the first sign of recalibration is how IT leaders describe their own progress.
Organizations remain optimistic about their AI progress. 57% describe themselves as Scaling or Mature, yet only 23% demonstrate the combination of AI maturity, business-critical AI agent deployment, and IT unification associated with successful AI execution at scale.
That gap is becoming harder to ignore. Six months ago, 40% of IT leaders described their organizations as mature in AI deployment. Today, that share has dropped to 23%. Over the same period, the share saying they are just getting started rose from 5% to 13%.
IT leaders are not backing away from AI. In fact, 84% plan to expand AI use in IT operations over the next 6-24 months. What is changing is how they define readiness. As AI agents move into production, maturity depends less on adoption alone and more on whether organizations can govern access, manage risk, measure outcomes, and apply controls consistently.

-
BENCHMARK
84% of IT leaders plan to expand AI use in IT operations over the next 6-24 months. The question is no longer adoption — it’s control.
-
Google Workspace Organizations Are Pulling Ahead on AI
Organizations with more unified IT environments appear more willing to expand AI into new areas of the business. Reducing tool sprawl and operational complexity may make it easier to extend AI across workflows, users, and systems.
Among organizations running Google Workspace exclusively, 37% plan significant expansion of AI use over the next 6-24 months, compared with 27% of organizations operating hybrid Google Workspace/Microsoft 365 environments.
AI Adoption Is Not AI Readiness
Self-assessment alone cannot show whether an organization has the operating foundation to scale AI safely. To measure that more clearly, JumpCloud developed the AI Execution Maturity Model.
The model scores organizations from 0 to 9 across three operational dimensions: AI maturity, AI agent deployment stage, and IT tool unification. Together, those inputs show whether an organization is experimenting with AI, operationalizing it, or scaling it with stronger foundations in place.
The model places organizations into three stages:

Organizations in the Scaling tier combine stronger AI maturity, business-critical AI deployment, and more unified IT environments. That foundation appears to matter: half (50%) plan significant expansion of AI into new areas of the business over the next 6-24 months, compared with 30% of Operationalizing organizations and 25% of Emerging organizations.
They are also five times more likely than the average organization to report no barriers to expanding AI agent use.

-
“Our greatest concern is that business departments may have overly high expectations for AI, leading to a gap between actual results and what was anticipated.”
— Director of IT, Retail/eCommerce
Fragmented IT Doesn’t Just Slow Down AI. It Makes It Dangerous.
Many organizations are attempting to scale AI on top of fragmented IT environments that were never designed to support growing numbers of autonomous systems. On average, organizations use 6.9 separate tools to manage core IT functions. Complexity is even higher among tech companies, which use an average of 1.8 more tools than non-tech organizations.
Hybrid Google Workspace/Microsoft 365 environments use more tools on average than Google Workspace-only environments. Every additional tool can create another place where identity, access, administration, and governance need to be managed.
Nearly all respondents (96%) say the level of IT unification in their environment affects their ability to implement and scale AI securely. When identity, access, and administration are spread across disconnected systems, scaling AI securely becomes harder. Organizations operating in fully unified environments are far more likely to deploy AI agents into business-critical workflows than organizations running fragmented environments (55% versus 11%). As AI adoption expands, unified IT gives teams a stronger foundation for managing users, devices, applications, and AI agents consistently.
-
“Managing the complexity of multiple AI tools and vendors without creating more fragmentation will be difficult.”
— Chief Technology Officer, U.K., Retail/eCommerce
Why Google Workspace Organizations Are Expanding AI Faster
Organizations running Google Workspace exclusively operate with leaner IT environments than those managing hybrid productivity platforms.
-
7.6: The average number of tools used to manage core IT functions, for teams using hybrid productivity platforms
-
6.5: The average number of tools used to manage core IT functions, for teams using exclusively Google Workspace
-
26%: The proportion of teams using hybrid productivity platforms who describe their IT environments as mostly unified
-
33%: The proportion of teams using exclusively Google Workspace who describe their IT environments as mostly unified

The AI Governance Gap Is Growing in Real Time
More access and less oversight are creating a harder control challenge for IT teams. Organizations aren’t ignoring AI security. The problem is that AI deployment is moving faster than the controls designed to govern it. As agents take on more workflows, IT teams face a harder control problem – giving them enough access to be useful without losing accountability.
-
“A lot of AI adoption is happening organically across departments, which makes it difficult for IT to track and manage. Gaining visibility into that usage is a key concern.”
— Vice President of IT/Technology, U.S., Healthcare
Agent Autonomy Is Increasing Faster Than Human Oversight
Organizations are becoming more comfortable allowing agents to act with limited human involvement. Six months ago, 40% required human review before high-risk AI actions. Today, that figure has dropped to 25%.
Over the same period, full autonomy without human review more than doubled, rising from 11% to 26%. Automated review after the fact is now the most common oversight model, used by 44%.
The pattern is strongest among Scaling organizations. More than one-third, 35%, allow high-risk actions without human review, compared with 22% of Operationalizing organizations and 21% of Emerging organizations. Advanced teams appear more willing to grant autonomy when stronger identity, governance, and oversight foundations are in place.

Connecting Agents Is Easier Than Governing Them
Organizations are increasingly connecting AI agents to the same identity and access management systems used by employees. More than 90% have integrated AI agents into their identity infrastructure in some form. Full integration rose from 37% to 45% over the past six months.
Identity integration provides the foundation for visibility, access management, and accountability. Scaling organizations are almost twice as likely as Emerging organizations to report full identity integration.

Access Is Expanding Faster Than Accountability
Non-human identities now outnumber human users in 83% of organizations, and one-third report six or more for every human user.
Among organizations using AI agents, the share reporting ratios of 6-to-1 or higher rose from 23% to 31% over the past 6 months. Scaling organizations are about three times more likely to report ratios of 20-to-1 or higher.
Yet only 21% have adopted governance controls for non-human identities. That leaves many IT teams managing a fast-growing population of autonomous systems without consistent ownership, access review, or lifecycle controls.

-
“Managing non-human identities and API keys for multiple AI agents is challenging.”
— Chief Information Security Officer, U.S., IT/Software/Hardware
Confidence Is Not a Control
Many organizations believe they are governing AI effectively. Roughly half report confidence in their ability to manage AI securely.
However, organizations have implemented an average of just 3.1 out of 10 recommended AI governance and security practices. Role-based access control is the most commonly adopted control, in place at 37%. Governance for non-human identities is the least common, implemented by just 21%.

The gap between confidence and implementation suggests many organizations may be overestimating their readiness for autonomous AI. While most have established basic controls such as role-based access management, adoption drops significantly for practices that provide accountability, oversight, and governance at scale.
As AI agents gain access to business systems and critical workflows, organizations will need a broader set of governance controls to ensure those systems remain secure, auditable, and aligned with business policies.

The challenge is not simply implementing more controls. Many organizations are still determining how governance should evolve as AI agents become more autonomous and interconnected with existing systems.
As a result, governance efforts often lag behind deployment. Organizations may recognize the risks, but practical challenges around visibility, identity management, security, and policy enforcement continue to slow progress.

U.S. Organizations Are Further Along In AI Deployment, But Governance Challenges Are Shared
U.S. respondents show somewhat higher AI execution and IT consolidation, while governance pressure remains similar across both markets.

AI Is Saving Time. It’s Also Creating Work.
More than 90% of IT leaders still report productivity gains from AI, but fewer describe those gains as significant. Six months ago, 50% reported major productivity improvements. Today, that share has fallen to 41%.
The day-to-day experience is becoming more mixed. Fewer IT leaders now describe AI as a major time-saver and stress reducer, 45% today compared with 56% six months ago. Meanwhile, 39% say AI is helpful but adds complexity to their workload, and 11% say it has increased pressure on their team.
As AI becomes embedded in day-to-day operations, IT teams are spending more time managing tools, reviewing outputs, securing integrations, measuring impact, and correcting mistakes. That added complexity is especially visible in technology companies, where IT leaders are twice as likely as their non-tech peers to report negative effects from AI, including increased workload and time spent fixing AI-generated mistakes.
As AI moves deeper into production, measuring impact becomes more important. Organizations need a clearer view of where AI creates value, where it adds complexity, and whether the tradeoff is worth it.
-
BENCHMARK
2X IT leaders at technology companies are twice as likely as non-tech peers to report negative effects from AI, including increased workload and time spent fixing AI-generated mistakes.
-
Measurement Becomes Part of Maturity
More advanced organizations measure AI’s impact more deliberately. Scaling organizations track an average of 3.2 AI return metrics, compared with 2.6 among Emerging organizations.
As AI investment comes under greater scrutiny, the ability to measure outcomes increasingly separates experimentation from scale.
-
“We are having trouble figuring out which AI solutions truly address business issues rather than just adding needless complexity.”
—IT Administrator, IT/Software/Hardware

FOMO to ROI: AI Spending Is Getting A Reality Check
AI realism is also reshaping spending decisions. Six months ago, 91% of IT leaders expected budget increases, but only 42% say those increases materialized.
That gap is forcing harder tradeoffs, with 44% of organizations shifting toward cost reduction as a priority and 35% delaying or canceling IT projects.
AI budgets are also being scrutinized more closely. The share of organizations allocating more than 25% of IT budget to AI fell from 20% to 12%, even as average AI spending held steady at 15% of total IT budget.
The next phase of AI investment is becoming more selective. Teams need clearer proof of value, stronger measurement, and a more reliable operational foundation before expanding further.

-
“One of the biggest challenges is managing the rapidly escalating costs of cloud computing, model training, and third-party AI APIs, as usage grows and prices remain unpredictable.”
— Director of IT/Technology, U.S., Manufacturing
AI Is Changing The Jobs IT Has To Do
The workforce picture is more complicated than the common AI job-loss narrative suggests. For most IT leaders, AI does not simply mean fewer roles. It means new work, new skills, new support models, and new operating demands.
58% of IT leaders expect AI to increase total IT headcount over the next one to two years. Half expect to rely more on outside vendors, nearly half expect to shift current staff toward higher-value work, and 48% expect to need new roles and skills.
One-third of IT leaders expect AI to eliminate roles. That rises sharply among technology companies, where 48% expect role elimination compared with 29% of non-tech organizations.

Organizations earlier in their AI journey are more likely to anticipate job displacement, while those with deeper operational experience are more likely to view AI as a driver of augmentation, role evolution, and higher-value work.
The more immediate challenge for many organizations is managing a more complex IT function. As AI becomes embedded in IT operations, teams need to govern new systems, measure new outcomes, manage new risks, and develop new skills to make AI useful at scale.
Deployment Was The Easy Part. Here’s What Comes Next.
The challenge has shifted from deploying AI agents to building the operational foundations required to govern, secure, and scale them.
Teams furthest along in AI execution consistently demonstrate stronger identity management, more unified IT environments, deeper governance practices, and greater visibility into how AI agents operate.
The path from AI adoption increasingly depends on four foundational capabilities: discover, register, manage, and govern. Unified IT supports each step by making it easier to apply consistent identity, access, device, and governance controls across the environment.
-
1
Discover
Identify which agents and non-human identities exist, what they can access, and which workflows they influence.
-
2
Register
Place each agent in a formal identity system, define its purpose, map its access, and assign a human owner.
-
3
Manage
Define rules for access, actions, approval workflows, least privilege, and emergency shutdown.
-
4
Govern
Use logs, audit trails, access reviews, and post-action monitoring to evaluate whether permissions and behaviors remain appropriate.
Unification matters more as teams move deeper into AI execution. 58% of Scaling organizations say IT tool unification has a major impact on scaling AI securely, compared with 44% of Operationalizing organizations and 40% of Emerging organizations.
As agents take on more responsibility, fragmented environments make governance, visibility, and access management harder to apply consistently.
-
How Unified Environments Support AI Scale
Organizations running Google Workspace exclusively consistently reported characteristics associated with more advanced AI execution.
Compared with hybrid Google Workspace/Microsoft 365 environments, Google Workspace organizations were more likely to have standardized on enterprise AI platforms (54% versus 48%), and less likely to report purchasing disconnected AI tools across individual teams (50% versus 58%).
They also demonstrated signs of more proactive governance. Google Workspace organizations were more likely to prioritize securing AI usage and managing AI-related risk (32% versus 25%), and more likely to identify Privileged Access Management as a strategic priority (31% versus 24%).
These characteristics closely resemble those of organizations in the Scaling stage of the AI Execution Maturity Model. More unified environments make it easier to standardize AI adoption, apply governance consistently, and reduce operational friction—factors that may help explain why Google Workspace organizations are more likely to plan substantial AI expansion over the next 6-24 months (37% versus 27%).
AI Readiness Now Depends On Operational Control
Organizations that have progressed furthest in AI execution are building the governance, identity, and operational foundations needed to manage AI agents consistently at scale.
The next phase of AI adoption will be defined less by access to AI and more by the ability to control it. As agents gain autonomy and move deeper into critical workflows, organizations that can see, secure, govern, and measure AI activity across a unified IT environment will be best positioned to scale with confidence.
-
Respondents: 800 IT leaders
Geography: United States: 50% and United Kingdom: 50%
Company size: Organizations with 200-2,500 employees
Seniority: IT Admins: 25% | IT Managers and Team Leads: 25% | Directors: 30% | VPs: 7% | CIOs: 7% | CTOs: 5% | CISOs: 1%
C-level quota: A minimum 20% C-level quota was achieved
Productivity platform: Organizations using Google Workspace as their primary productivity platform — Google Workspace-only: 65% | Hybrid Google Workspace/Microsoft 365: 35%
Trend comparisons: Drawn from JumpCloud’s Q4 2025 Annual Survey and published as JumpCloud’s Q1 2026 AI Agent Research. Trends should be treated as directional because question wording, response options, sample composition, and productivity-platform screening differed across waves.
See every agent. Govern every identity.
JumpCloud transforms agentic IAM into your competitive edge. By automating policy-driven workflows and human-in-the-loop checkpoints, you can turn AI complexity into a safe value accelerator.
Learn More