Key takeaways
- Successful AI implementation at the enterprise level requires balancing timely innovation and experimentation with governance, security, and trust.
- Successful implementation and scaling of enterprise AI projects is fundamentally a people and operating model challenge, not just a technology problem.
- IBM's internal "AI license to drive" certification model, which ensures that employees understand data privacy, security, and enterprise integration before building AI agents, lets the enterprise scale AI responsibly.
- In IBM’s experience, hybrid or “AI fusion” teams that combine business function experts with IT technologists are collapsing traditional handoffs and accelerating value delivery by putting domain knowledge directly into the development process.
The innovation-risk paradox in AI deployment
Every enterprise navigating the AI landscape faces the same question: How do you move fast enough to capture AI’s value without wasting time and money, annoying developers and customers, and introducing potentially catastrophic risk? It’s a paradox that keeps CIOs awake at night.
Matt Lyteson, CIO of Technology Platform Transformation at IBM, is well-aquainted with this challenge. Managing AI deployment for 280,000 employees at a company where AI is core to the business strategy has taught him that enterprise AI isn't primarily a technology problem. It's a people problem. An operating model problem. And, increasingly, a C-suite concern.
"We need to be cautious," Lyteson warns. "A lot of CIOs like myself still have a little bit of anxiety and stress over what happened in the early days of cloud computing, where everyone somehow found a way to get access to a cloud account, and now we're 10, 15, 20 years later, still cleaning some of those things up."
Speed without structure creates technical debt and inefficiencies that clog organizations for decades. But heavy-handed control over who can access which tools smothers innovation.
Beyond traditional IT: Why AI requires a new operating model
The conventional approach to developing enterprise technology—centralized IT teams building solutions for business units—is beginning to dissolve as the scope of AI’s capabilities expands. Simply put, business leaders see what AI can do, and they're not willing to wait for IT to get around to their use case when the AI sandbox is right there.
That puts a new face on a familiar problem: shadow IT, but for the AI era. Employees experiment with widely used tools like ChatGPT and Claude, often plugging in corporate data without considering or fully appreciating the implications. Well-meaning teams build agents that access sensitive systems without proper security reviews. Innovation accelerates, sure, but so does risk exposure.
The skills gap compounds the challenge. IT organizations haven't historically hired people who deeply understand business workflows. "We say, 'Jody, I need you to run this procurement system,'" Lyteson explains. "And maybe you'll synthetically absorb what procurement actually does over a period of time." In contrast, Lyteson says, “Internal IT organizations traditionally have been a little bit different. And especially with the agile transformation that we all went through a few years back, it was really focusing on the engineering and I would say more on the listening skills rather than appreciating how the function operates. That's got to change.”
Meanwhile, business function experts who understand workflows on an intimate level often lack the technical skills to build solutions themselves. The handoff between these groups—business defines requirements, IT builds solutions—becomes a bottleneck that prevents enterprises from moving at speed.
Integrating governance into the tech stack
Most enterprises treat AI governance as a control mechanism, not an enablement framework. They create review boards, define approval processes, and implement compliance checkpoints that turn projects into ordeals. Innovation grinds to a halt, and teams sour on AI tools generally.
IBM wanted to take a different approach: enabling rapid experimentation while maintaining enterprise-grade security, data privacy, and risk management. To make it a reality, they reimagined the entire workflow from idea to production.
"We literally went to a two-week process of doing all this back and forth with the business case to now, in about five or six minutes, you can have an entire environment provisioned on what we call our enterprise AI platform in order to build your thing," Lyteson says. "We've connected all the necessary data privacy, AI ethics reviews with the right information [to] really streamline this process."
It wasn’t about eliminating governance, but embedding it into the platform itself. Instead of a series of review processes that create delays, IBM’s enterprise AI platform automates compliance checks, connects to approved data sources, and provisions secure environments instantly. Governance is less visible red tape and more invisible infrastructure.
This matters at the board level. When boards and investors ask about AI risk exposure, CIOs need answers. What AI agents are running? What data do they access? How are they secured? A platform approach makes these questions answerable. An ad-hoc approach makes them alarming.
The AI license to drive: IBM’s framework for responsible AI scaling
In their effort to balance speed, innovation, and accessibility against the risks, IBM developed a new mechanism for governance: the AI license to drive. The idea is that just as you need a driver’s license to operate a vehicle, you need certification to build and deploy AI agents on enterprise infrastructure.
"We developed what we call an AI license to drive," Lyteson explained. "Understanding that, yes, of course in a technology company…we've got a lot of people that like to play around with tech. But it doesn't make sense that where you align on the organizational chart dictates whether you can do that or not."
The framework certifies that builders working with AI agents understand data privacy principles, information security protocols, and how to connect to backend enterprise systems without causing outages. It's not about limiting who can build; it's about ensuring that everyone builds responsibly.
This solves multiple problems simultaneously. It prevents the headaches that ensue when someone builds a critical agent and then tells IT, "I don't have the skills or resources to maintain this going forward. Can you take it over?" It reduces data leakage risks. It ensures consistent security practices. And, critically, it democratizes AI development beyond traditional IT boundaries.
As Lyteson said, where you sit on the org chart shouldn’t place limits on how you can contribute to organizational success. The license to drive concept recognizes that organizational structure shouldn't dictate capability. A procurement expert who understands the workflow intimately and gets certified should be empowered to build, even if they're not in the IT department. This mindset shift fundamentally changes how enterprises approach AI development.
Implementing AI fusion teams to collapse the value chain
Perhaps the most significant organizational innovation emerging from IBM’s AI adoption is what the company calls "AI fusion teams." These hybrid groups combine people who deeply understand business functions with technologists from the CIO organization. The results are transformative.
Traditional workflows looked like this: Business expert explains the need to the product manager, who translates to designer, who mocks up solution, who hands to engineer, who builds it. Each handoff introduces delay and translation loss. Critical context disappears. Solutions drift from real needs.
AI fusion teams are an effort to collapse this chain. The procurement expert who understands the workflow learns prompt engineering and starts building directly on the enterprise AI platform. The IT technologist focuses on technical plumbing—connecting to enterprise systems, building APIs, creating MCP servers—while ensuring the domain expert has the tools they need.
"You bring them together and you start to see amazing results," Lyteson notes. The procurement person knows exactly what data matters. They understand the workflow nuances. They can iterate rapidly because they don't need to explain requirements to someone else. The IT person ensures the solution is built on secure, scalable infrastructure.
This requires a significant skills shift. Business function experts need to learn prompt engineering and get comfortable with vibe coding. IT professionals need to understand business workflows on a deep level, rather than just maintaining systems. And everyone needs to build new collaboration muscles.
Building a ‘hyper-opinionated’ enterprise AI platform
Enabling this new way of working requires what Lyteson calls a "hyper-opinionated" enterprise AI platform: a curated infrastructure that connects AI capabilities with enterprise data, security, and systems in a standardized way. That enables two absolutely crucial things: speed and security.
IBM's platform is built on watsonX Orchestrate, watsonX Data, and watsonX Governance, but Lyteson emphasizes that every enterprise will configure differently based on their context: "What's your CRM? What's your productivity stack? Are you using Google Enterprise? Are you using the M365 stack? Are you using something else? All of these are considerations because these need to be plugged into that platform."
When there's one secure, approved way to integrate with email, one way to connect to the CRM, and one way to access enterprise data, teams don't spend weeks figuring out integration patterns. They focus on solving business problems.
This approach also makes governance easier to deal with. The enterprise platform becomes a single control point for understanding what's running, what data it accesses, what it costs, and how it performs. Instead of AI agents scattered across the organization in unknown configurations, everything flows through known, monitored infrastructure.
The sandbox environments built into the platform let teams experiment safely before deploying to production. This encourages free-flowing innovation while maintaining a degree of necessary control: Teams can test hypotheses quickly without risking production systems or sensitive data.
Measuring ROI: Productivity, workflows, and risk reduction
AI is notorious for building things that technically work but deliver little or no actual business value. That’s why enterprises need frameworks for connecting AI investments to outcomes.
IBM distinguishes between three categories of AI use cases, each with different measurement approaches.
- Everyday productivity tools save individual time: 15 minutes on a presentation, faster email summarization. These are valuable for users, but tough to tie directly to business outcomes.
- End-to-end agentic workflows are different, Lyteson says. "When I think about it through that lens, I can start to talk about my outcomes in terms of, are we growing revenue faster? If we're focused on the operations functions, are we getting better at operations? Which means am I doing a workflow faster? Am I producing the output of that workflow at a lower per unit cost?"
- The third category focuses on risk reduction and management. Plenty of AI applications don't grow revenue or cut costs directly, but they do meaningfully reduce exposure or enable compliance. Use cases like these naturally require different measurement frameworks.
Because IBM's platform connects provisioning to usage to cost tracking, they can see daily costs for specific AI use cases. They can detect when token usage spikes unexpectedly. They can benchmark before-and-after performance on workflow velocity and unit costs. This visibility enables informed decision-making around scaling or sunsetting agents.
"I can see on a daily basis last week, what did it cost me for this specific AI use case? Why did that spike? Why did that not spike?" Lyteson notes. This granular visibility prevents surprises and enables proactive management.
Ensuring reliability: Detecting non-determinism in enterprise AI agents
AI solutions aren't static. Unlike traditional software, where a deployed application behaves consistently until you change the code, AI agents drift over time. Model updates, prompt variations, and data changes create unpredictable behavior.
"We've even seen instances where you put it out there and then, a week later, it's producing different results than you initially tested for," Lyteson says. The dynamic nature of AI agents changes the operating model. You can’t think of AI as a "deploy and maintain" technology; it's a "deploy and monitor continuously" technology.
IBM uses watsonX Governance to detect drift and monitor performance over time. They've built feedback mechanisms—thumbs up, thumbs down—into all their tools. They track traditional operational metrics alongside AI-specific ones. When the Ask IT support agent's resolution rate drops from 82% to 75%, they investigate immediately.
The costs associated with drift can be significant. If prompts need refinement and users have to query twice to get results, operating costs double while satisfaction dips. Detecting drift early requires instrumentation and active monitoring—capabilities most enterprises have yet to build.
Shifting enterprise culture from effort to outcome
One underappreciated obstacle to scaling AI responsibly is culture. Organizations have spent decades rewarding working hard. Now they need to reward working smart, which often means letting AI handle the tedious, repeatable work while humans focus on tasks that demand experienced judgment and creativity.
But, of course, it’s not that simple. Employees worry about job security. They wonder if using AI is "cheating." They've been conditioned to demonstrate value through visible effort. If AI handles the most visible effort—the busywork, often—then employees and their managers need to reimagine what value and effort look like.
Leaders need to actively shape new behaviors. Lyteson describes being intentional about not giving accolades to people who work all weekend fixing a problem that could have been prevented: "I don't want to give you a gold star for that because now I've implicitly, if not explicitly, reinforced that our culture here is about working hard, when really I want you thinking differently about how we move."
Skepticism and distrust around AI tools remain high. Our 2025 annual survey showed that developers as a community increasingly distrust AI. Many tools fell short of vaunted expectations. Hallucinations freaked people out. Poor prompts produced poor results. Organizations need to invest in learning and skill-building around AI to help employees build confidence and expand their capabilities.
"I am convinced that the people who are going to be most effective are the ones who are finding how to use the technology to produce the results, validating the technology through that human knowledge that's not going to come natively from the technology," Lyteson says.
Balancing speed and governance to scale enterprise AI
Realizing success with AI projects at the enterprise level requires organizations to strike the right balance between rapid experimentation and clear guardrails. What level of governance is prudent and responsible, and what level stifles innovation and breeds frustration? How do enterprises democratize AI development without creating chaos? How do they measure outcomes, not just outputs?
IBM’s AI license to drive framework offers one model. AI fusion teams are another. But enterprise AI remains a dynamic, ever-changing challenge.
"Look, I think the opportunity is limitless," Lyteson says. "I really think this is the reinvention of the business world and we're all at different stages in our journey and there's a lot we can learn from each other. People are going to ping me and say, ‘Matt, here's something that we're doing that maybe you should consider.’ I love to learn from that. I am worried that if we don't have the right guardrails for the enterprise, it is too easy to miss, ‘Hey, we've got a data leakage here,’ or, ‘We've got a cybersecurity [issue] here.”
The challenge for enterprise leaders is how to build the governance, culture, skills, and infrastructure that make speed safe. To create systems where innovation and responsibility are mutually reinforcing, rather than in tension. If you can strike the right balance, you’ll thrive with AI.