Transcript
experimenting with AI and are deploying AI more broadly or even at business-critical scale. Only 2% have reported no AI use at all. We also found that organizations are moving faster on deployment than governance. And that gap? It's becoming a real liability. Welcome everybody to Avanti's IT Insider. Today's episode is Solving AI's Accountability Crisis. Today we're going to explore three critical challenges. The first is the AI governance gap. The second is how fragmented data undermines IT and security operations. And lastly, we're going to look at what organizations have done differently to successfully scale AI inside their organizations. Let's start with governance. Avanti's research has found that IT organizations rank quote-unquote governance as the number one barrier to faster AI deployment. And nearly a third of the most mature IT organizations are still operating without clear governance. To help us talk about that, we've got Brooke Johnson and Sterling Parker here. The first question I want to ask the two of you is, why do you think there's such a large gap between AI policies on paper and the policies in practice? You know, AI is such a transformative tool, and even more than a tool, it's an experience for employees and people right now. There's a lot of excitement around it. There's a lot of excitement around what it can do and how it's going to be changing our lives and the workforce. And so there are some employees who want to run really fast, and I think part of the struggle with compliance that those of us who work in compliance function always have is making sure that we're doing it safely and we're doing it correctly. And so there's just, I think, a natural tension there, right, with how exciting AI is and how it is so revolutionary, but also, you know, needing to make sure that we're getting our arms around how it can be used responsibly, appropriately, and securely. Rolling out policies to employees is always more than just publishing a policy, right? It's training, it's education, it's also a change management project because really it is changing the way that we're doing business and we're operating and we're working together. So I think, you know, there's a gap. Only one out of four employees report consistent policy adherence, which really, I think, highlights the disconnect there between, you know, when you're rolling out policies and what the actual adoption is. So, you know, one thing is that governance can't be something that comes after an AI tool. It's already being used. It's already been integrated in someone's workday and workflow. Trying to shift behavior after the fact is just a really difficult thing to do. So it's important for organizations to be aware of that. A key piece of AI governance is really for the organization to be thoughtful, prepare correctly, and make sure that they've got the right checkpoints in place before they're rolling out AI. So that often starts with sort of reviewing vendors, having an AIGC, an AI governance council, which Monty does have, and then also having the right stakeholders involved in those policies and providing the right input and making sure that you're actually building policies that make sense for the organization. And then also I think that adoption piece of education, of awareness, of kind of really cascading those requirements out through the organization with leaders supporting that are all really important things to sort of set the stage for the right policy adoption. Yeah, and I would say that the excitement, like you called out, is key. It's a good thing. It's the human response. You see something cool, you want to get out and drive it fast. It's like you're buying a new car, right? There's governors on your car, especially the big muscle cars nowadays. You can't push the gas to the pedal immediately. You've got to have a break-in period. You've got to make sure that what's being molded into the environment is something that's actually bringing value. It's being risk averse, right? You're not introducing or expanding or potentially bringing in additional vulnerabilities that are going to be now vulnerabilities on steroids if you implement it too fast and it's not properly governed. And I think that education piece of AI is a powerful tool for good and for harm, right? You might have an employee who's using a personal agent to do something and, wow, it's created all these amazing efficiencies in their life at home. They want to bring it into the office. But before you know it, you've risked your IP, you've risked financial exposure, all kinds of things. And so part of that policy rollout is making sure that employees understand what you said, right? Like this is a powerful tool that you can't just go. You don't want to go one step forward for two miles back if you get compromised because of something like that. Yeah, you wouldn't give a new employee keys to the castle. You don't want to give a new agent the same thing. At Avanti, we, as part of our governance, we do talk about managing AI the way we manage employees. And I think that's a really responsible way to think about it because it's like, don't, you wouldn't trust a human to do all this. Don't trust this tool that also needs to have some kind of human oversight and control. One potential cause of the gap and the impact would be shadow AI use. So shadow AI is when you have employees out there in the company using IT, AI tools without supervision from the right departments. And so again, there's an employee who has an agent that has been very effective in helping them respond to emails quickly in their personal life. So they want to bring that into the company and they give an agent authority to send emails on their behalf. First of all, it hasn't been checked against policies. There's no one supervising it. Maybe that agent decides to send an email, a nasty email to the CEO. I mean, that's a very benign example. But I think the impact of shadow AI is something that we can all imagine. But from a policy perspective, it is a very strict breach of any kind of governance and policy and process that the organization has put in place. And it is something that's very serious and a big risk because besides maybe a potentially unfriendly email that it might send, it might also take company's code and put it into the internet. It might go out and go to a malicious website and be misdirected to take sort of negative actions against the company. So definitely a lot of concerns with that one. I think another big concern too is the way that it can implement hallucinations within AI. I mean, we all know that when AI isn't clear or where it's properly governed, it's going to create what it thinks is the best outcome. And oftentimes that's where the hallucination comes into play. And that can hurt an organization. I remember a use case when AI was first kicking off with chatbots. There was an airline that was famous for introducing the first agentic AI experience for users and flyers to self-serve. And somebody was going through a bereavement. They had some specific questions. The AI chatbot didn't find explicit policies around that bereavement that that airline was representing. It created one on the fly. And it ended up giving that end user some free flights. It ended up giving some cost models that weren't actually correct. It ended up costing some financial problems. And that person ended up actually going after that organization, that airline, for some potential damages because of what that hallucination created. So that's just a small example, but that's also where it can introduce some risk to your organization. Unintentional risk if it's not properly governed and you don't know what true ownership of that AI model looks like. Yeah, and it seems like shadow IT certainly isn't anything new, particularly for security organizations, but it really is shadow IT at machine speed. All of a sudden, a problem that maybe you could have nipped in the bud with one rogue employee has someone who's working at the speed of whatever processor is running the agent. And that has real problems of getting out of hand and out of hand fast. And hallucinations are very common. 68% of IT professionals have personally seen AI-produced hallucinations. It's a very common thing. So touching on the second subject that I raised at the start of the episode, even if you've got perfect governance today, there's a common structural issue that can make AI inherently harder to integrate and harder to trust, and that is fragmented data across your organization. The data that IT and security teams routinely rely on can be inconsistent and spread across multiple tools or siloed within your organization. MIT's research shows that the vast majority, over 89% of IT professionals, have an issue with siloed data directly undermining their security and operations. And this isn't just an efficiency issue. It's a trust problem, because AI governance is nearly impossible if you can't actually trust the output of the models that you're implementing. From your perspectives, what does fragmented data look like in a modern IT organization? And why is it a serious problem for these orgs if they want to roll out AI, or really any new tool? AI is only as good as the data that it sits on, right? And so when you have that fragmented data, the data that it's trained on, and it's not crystal clear what it needs to take from that data, it's painting a picture for your organization. And if the picture isn't completely there for it to see, then it's going to fill in where it sees the gaps based on its own intelligence, right? And this is where it creates some problems. You've got some unstructured data points, so dark data, which is image data, right? Chat logs. Sometimes if you're not giving it full access to emails, then it's not going to have that source of truth that it needs to operate from to be beneficial for your organization. It also can't scale safely. So you're not only going to expose the cracks in the foundation from your organization to an AI model. It's then going to take those cracks and foundations, and it's going to put them on steroids. So Sterling, to flip that last question on its head, how can an organization like Avanti or similar organizations use AI to help make that data consistent across the organization and usable so you can really trust your implementation? So it has to happen at that integration point. And when you're using the integration components that are pulling data from your premise solutions it's pulling it from your SaaS solutions. It's pulling from your multiple DBs that you're using to service your enterprise. You're going to have to make sure that that AI is cleaning and contextualizing and putting this data into a single source of truth for your business, right? So that's the number one thing, is making sure that it can also find the edges and what it needs to do to operate against those edges. An example of this is dark data. So dark data is pictures. It's maybe emails that you don't want AI to be reading intentionally. Maybe it's chat logs that maybe you want to have access to chat logs because it's going to help facilitate what you need that AI agent to be responding to and help create deflection mechanisms for your organization. So there's ways that you can do that. Now one of the key findings was that we found that 60% of IT organizations report using more common tools and platforms across IT. And this is also for security and the business teams since they implement AI. So that's a benefit, right? You want to make sure the AI is leading your teams to be more normalized in those solutions that they're using across the board. That introduces silo breaking. It introduces more rapid speed to development. If you're looking at ways that you can make the business far more capable at the end of the day, this is going to help you break down that silo and make sure that people are operating and pulling in the same direction. I think we're going from this meeting could have been an email to this email could have been a prompt. But not getting rid of people. Augmenting people. Well, and also there's always human oversight, right? I mean, I think about your organization, Sterling, which has so much knowledge, so much information, and you do a lot of cross-training. And it's like that probably requires humans to sort of share what you've got in your head. And if a lot of that becomes, you know, I can ask, you know, I can just ask for certain information. It's just, it's empowering humans. It's not erasing humans. And it's avoiding that repeat work, which tends to belabor against our overall job satisfaction. When I was a backline engineer supporting the frontline teams, the most frustrating part of that role was the fact that I had to repeat myself sometimes 10 times, right? And this eliminates that. It's, hey, we said it once, we documented it once. People can now self-serve against it. And people can prompt against it and have it delivered in the way that they want it to be explained, right? One of my favorite subreddits is explain it like I'm five. And I'm sure the viewers out there, there's probably a few of you that are subscribed to that subreddit. But I love that because I can prompt there and say, and people can actually show me like, oh, explain it in simple terms so that I can actually understand and consume it. Or if I want to go more deep dive technical, there's prompts for that too, right? If I want to take a high level documentation that's highly technical, I can consume it at my pace. I can also have it translated for the level that I'm at now. So now that we've walked through those two problems identified at the front of our talk with respect to both governance gaps and fragmented data, some organizations are already seeing success in implementing AI across critical business functions. I want to talk about how it is they've done that and what they're doing differently from those that have maybe jumped the gun a bit and implemented before making sure their foundations were strong. From your perspective, Brooke, what are some of the ways IT organizations are really successfully scaling AI? So IT organizations are successfully scaling AI by aligning their work with the business value. So a really good way to sort of get your arms around that is to have conversations, start with the executive team and senior leadership and discuss what AI actually means to the company, right? So we've mentioned a few times, we're not replacing humans. Is that a value that the organization fully is behind? What else are we kind of, what is important about AI? So we did that at Avanti. We actually, we did a poll. We had a number of pretty in-depth conversations about what AI was going to, you know, what we thought AI would do to our industry and what we were really aligned behind. So we made some commitments to AI, both internally with our employees and externally. And those relate to, just to summarize them, it's maintaining intellectual curiosity about our AI's applications to further our mission and core values, ensuring that AI is used responsibly, leveraging it for speed, efficiency, productivity, accuracy, and value creation. Being aware of shortcomings such as, you know, bias, ethical concerns, you know, all the things that, you know, the kind of worst case scenarios related to AI, and then also retaining our employees to help us with our AI journey. So that came out of conversations with our executive team and it's something that we pushed out to employees so they understand what we're centering around. I think you're spot on, Jack, and Brooke too. It's the ability to find that business value realization. And when an AI team is plugged in, they're going to see the immediate business values. Yeah, I mean, if you completely ban AI tools, you end up with shadow AI and you also, you know, risk stifling innovation. And so really providing a clear path and sort of, you know, the ability to test out tools to learn and build from the processes that you put in place is a huge part of enabling AI across an organization. And there's been enough years now, I can't, has it been three years or four years since we really had Gen AI? There's enough information to show that there is. Feels like 10 at this point. You know, that the investment is worth it. So 54% of IT professionals at mature AI adoption organizations report their work is faster and better. And with, you know, 24% at early stage orgs also, you know, finding that value. So it's definitely worth the effort to make AI something that your employees can move forward that your organization adopts and deploys. Sterling, what kind of advice or best practices can you give an organization who wants to have AI be a strategic piece of their operations? You've got to focus on the business value outcomes and what AI is truly enabling in your environment. You have to focus on the accountability to make sure that it's structural and to make sure that it's also very clearly defined for your resources. Policies have to exist. They have to be not just existing, they have to be enforced. So you've got to make sure that you're enforcing those policies and that's done across the entire workforce. You can't pick favorites, right? So everybody has to be following the same policies and the same guardrails. You can't govern what you can't see, right? That's so key. And organizations that are scaling successfully today, they're consolidating on a unified platform. I don't know if there's one out there that people could use. I have a sneak suspicion we could help with that. Yeah. And these platforms need to serve as a system of record, especially for those agentic components, right? Which Ivanti absolutely does provide. And Ivanti, we act as a single source of truth by consolidating fragmented data from IT, security and user devices into a unified real-time repository that eliminates reliance on those disparate systems. So we have more to share about how organizations are building unified AI platforms that close this gap. And if you want to be part of that conversation and get ahead of this before your competition does, stay tuned for our next IT Insider episode where we'll discuss projects like Glasswing with Anthropic's Mythos model and how these frontier models really are continuing to change the landscape beyond what we've already dealt with.