IBM just surveyed 2,000 C-level technology executives across 33 countries. The finding that matters most: two-thirds of CIOs and CTOs report being held accountable for AI systems they do not fully control. Teams across their organizations are deploying AI faster than IT can track. Governance is not keeping up. And the executives responsible for all of it can see less than half the picture.
The study, published June 8 by IBM’s Institute for Business Value, puts numbers on what most technology leaders already feel. Seventy percent say business teams are deploying technology faster than IT can follow. Seventy-seven percent say AI adoption has already outpaced their governance. Only 11 percent say they are fully prepared for the scale of AI agent deployment expected in the next 12 months.
That last number deserves a second read. Eighty percent of these executives have CEO-driven mandates to scale AI. They expect a 38 percent increase in AI agents deployed by 2027. And nearly nine in ten admit they are not ready for it.
This is not a budget problem. AI spend is projected to grow from 15 percent of IT budgets to 25 percent by 2027. The money is there. What is missing is the operational structure to absorb it.
The control gap is an operations gap
IBM segmented organizations by how they handle governance. One group relies on manual oversight: review boards, approval chains, human checkpoints. The other group builds control directly into their AI systems from the start. Automated monitoring, embedded guardrails, real-time visibility into what agents are doing and why.
The difference is not marginal.
Organizations that designed control into their AI systems deploy 16 times more agents than those relying on manual governance. They deliver 18 percent higher operating margins. And they spend four times less of their AI budget to get there.
Sixteen times more agents. A quarter of the cost. Higher margins.
The organizations getting the most from AI are not the ones with the biggest budgets or the most advanced models. They are the ones that redesigned how they operate around AI from the beginning. Control was architecture, not afterthought.
The incident problem
The study also tracked what happens when control falls behind deployment. On average, surveyed organizations experienced 54 AI agent incidents last year. Not hypothetical risks. Actual events that required human correction.
Of those incidents rated high severity, requiring more than four hours to contain: 37 percent resulted in data exposure or security breaches. Thirty-three percent caused cascading system failures. Seventeen percent triggered compliance issues.
Organizations using embedded control instead of manual governance saw 25 percent fewer incidents. Not because their AI was different. Because their operations were.
What this means for your organization
The instinct for most leaders is to treat AI governance as a compliance exercise. Stand up a review board. Write a policy. Create an approval flow. Check the box. I get why — it is the fastest move that looks like progress.
The IBM data says that approach does not scale. Manual governance was designed for a slower, more predictable environment. AI agents operate continuously and autonomously. They make decisions in seconds. A review board that meets monthly cannot govern a system that acts every minute.
The organizations pulling ahead are doing something different. They are building visibility and control into the system itself. They are making governance a property of the architecture, not a layer on top of it. And they are doing it before they scale, not after something breaks.
Matt Lyteson, IBM’s CIO, put it directly: “It is no longer just about deploying AI faster. It’s redesigning how organizations control, govern and invest in it and embedding control and visibility from the start, so they can scale with confidence.” That is a mouthful, but the core of it is right.
The question you should be asking
If you are a business leader reading this, your organization is already using AI. You know that. The harder question: does anyone in your organization have full visibility into what that AI is doing?
Seventy percent of these CIOs said their teams are deploying faster than they can track. Eighty-five percent lack visibility into real-time AI spend. Eighty-four percent have not operationalized AI financial management.
The gap between organizations that figure this out and those that don’t is already wide. The IBM data shows it in operating margins, in deployment scale, in incident rates. And the organizations with strong financial discipline are deploying 2.4 times more AI agents without spending more.
This is the part that gets missed in the conversation about AI strategy. The winning move is not picking the right model or the right vendor. It is redesigning how your organization operates so that AI runs inside a structure built for it, not bolted onto one built for something else.
The 11 percent who say they are ready have already done this work. Everyone else is adding speed to a system that was never built for it.