As AI tools and agents spread across the enterprise, CIOs and CTOs are facing a control problem. They need visibility into what is being used, what is creating value and where AI systems are spreading faster than IT can track or control them.
A new IBM Institute for Business Value study suggests that this issue is already widespread. Two-thirds of surveyed CIOs and CTOs said they are accountable for AI systems they do not fully control, while 70% of surveyed technology executives said teams across the business are deploying technology faster than IT can monitor.
Narrowing this gap between responsibility and control is becoming more important as companies expand their use of AI agents. IBM said surveyed technology leaders expect the number of AI agents deployed in their organizations to increase 38% by 2027. But only 11% of respondents said they feel fully prepared for the level of AI agent deployment expected over the next year.
That lack of readiness matters because AI agents are being connected with enterprise systems where they can access data, use applications and execute tasks, significantly raising the stakes for governance and security. IBM found that 77% of surveyed organizations said AI adoption is already moving faster than their current governance capabilities, and the risks are already showing up in reported incidents. Surveyed organizations experienced an average of 54 AI agent incidents last year, defined as unintended or harmful events that required human correction.
Of those reported incidents, 17% were considered high severity and required more than four hours to contain. According to IBM, 37% of the high-severity incidents involved data exposure or security breaches, 33% caused cascading system failures and 17% triggered compliance issues. Security and compliance were also the most common barriers to scaling AI agents, cited by 59% of surveyed leaders.
Cost management is another part of the same problem. IBM said AI spending is expected to grow from just under 15% of IT budgets in 2025 to nearly 25% by 2027. But most surveyed technology executives said their organizations do not yet have mature processes for managing that spending. Eighty-four percent said they have not fully operationalized AI financial management, and 85% said they lack full visibility into real-time AI costs.
IBM’s analysis of its survey data suggests that stronger AI management practices are linked with better scaling and financial results. The company said organizations that build control into AI systems deploy more agents, report higher operating margins and spend less of their AI budgets than organizations relying on manual governance.
The takeaway is that AI governance is becoming a crucial part of the infrastructure needed to run agents safely and effectively. CIOs and CTOs are being asked to manage systems they may not have selected or directly deployed. That makes early visibility and guardrails more important because governance becomes harder once agents are already integrated in workflows.
“For CIOs and CTOs, the challenge now is scaling AI systems that operate continuously and autonomously,” IBM CIO Matt Lyteson said in a release, noting that companies need to rethink how they control, govern and fund AI as those systems become more embedded in enterprise operations.
