AI adoption is exposing IT skills gaps and governance strain

At a glance

What this is: This is an analysis of how AI adoption is reshaping IT work, with skills gaps, training, and risk management emerging as the main barriers to scale.

Why it matters: It matters because IAM, NHI, and human identity programmes now need to govern people and machine-driven workflows together, not as separate operational tracks.

By the numbers:

• 56% of IT professionals who use AI daily say it saves them time and reduces stress.
• 38% of IT leaders who praise AI also report that it increases the complexity of their jobs.
• 63% of companies require their teams to complete some kind of AI training.
• 50% of organizations expect to add new roles and need people with special skills as they use more AI.

👉 Read JumpCloud's analysis of AI readiness, skills gaps, and IT complexity

Context

AI in IT is not just a productivity layer, it is also a governance problem. The article argues that teams need new skills, clearer workflows, and better training because AI changes how work is delegated, reviewed, and managed across daily operations.

For identity and access teams, the key issue is that AI adoption stretches both human governance and machine oversight at the same time. That means role design, access boundaries, training, and risk ownership have to keep pace with how work is actually being split between people and systems.

Key questions

Q: How should organisations train IT teams for AI adoption?

A: Organisations should train IT teams on AI integration, risk management, and compliance using real workflows, not generic awareness content. Training needs to show staff how AI changes approval paths, exception handling, and data use. The goal is to make people capable of supervising AI safely, not just using it quickly.

Q: Why does AI make IT governance more complex?

A: AI makes IT governance more complex because it changes how work is delegated, reviewed, and owned. Teams must manage productivity gains alongside risk, compliance, and legal exposure. That means governance has to cover both the human operator and the AI-assisted workflow, especially where decisions influence access or sensitive data.

Q: What do organisations get wrong about AI readiness?

A: Many organisations treat AI readiness as a deployment problem when it is also a people and control problem. They may have the tool in place without the skills, ownership, or review process needed to use it safely. Readiness depends on training, role clarity, and governance embedded in the workflow.

Q: How can security teams reduce risk as AI becomes more common in IT operations?

A: Security teams should define accountability for AI-enabled workflows, then test whether permissions, data boundaries, and review points still make sense after AI is introduced. They should also verify that staff know when to escalate exceptions. The objective is to keep AI within a governable operating model.

Technical breakdown

AI workflow integration and role redesign

AI adoption changes work distribution, not just task speed. When teams let AI handle routine actions and surface recommendations, the operational model shifts from direct execution to supervision, exception handling, and verification. That means role boundaries, approval paths, and escalation logic all need to be rewritten. The article's core point is that productivity gains only hold when teams understand where AI is augmenting work and where it is changing the control surface. In practice, the challenge is less about the model and more about how the workflow is stitched into existing operations.

Practical implication: map which IT tasks are now AI-assisted, then redefine approval and review points before those workflows become the default.

AI risk management and compliance controls

Once AI participates in operational decisions, risk management stops being a side process. Legal exposure, policy compliance, and ethical use all become part of the delivery path, especially where AI influences actions that affect access, data handling, or customer outcomes. The article treats this as a central adoption barrier, which is consistent with how identity programmes fail when governance lags behind automation. Security teams need clear ownership for model use, data exposure, and exception handling so that AI does not become an unmanaged decision layer inside the enterprise.

Practical implication: define accountable owners for AI-enabled workflows and tie them to existing governance, legal, and security review processes.

Skills gap versus control gap in AI operations

The article distinguishes between wanting AI and being ready to operate it. A skills gap means the organisation lacks people who can configure, govern, and troubleshoot AI in context. A control gap means the organisation may be using AI without enough oversight for risk, compliance, or quality. Those two failures often appear together. For IAM and NHI teams, this matters because workforce readiness shapes whether AI is deployed as a governed capability or as a loose operational shortcut.

Practical implication: treat AI readiness as both a training issue and a control-design issue, not as a pure technology rollout.

Breaches seen in the wild

• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.
• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

AI adoption is now a workforce governance problem, not just a tooling decision. The article makes clear that the main barrier is not whether AI can save time, but whether teams can absorb the workflow, skills, and oversight changes that come with it. That is a governance issue because access, accountability, and decision ownership all shift when AI becomes part of everyday IT execution. Practitioners should read AI adoption as a change-management and identity-control problem, not a feature deployment.

Human training cannot be separated from machine oversight once AI enters operational paths. The report shows 63% of companies already require AI training, which signals that policy alone is not enough. If staff cannot recognise AI limits, exceptions, and compliance boundaries, then the operating model becomes unstable. The practical conclusion is that identity and governance programmes need to cover both user behaviour and AI-assisted decision flow.

The skills gap is the visible symptom, but the deeper issue is governance load. The article's 46% risk and compliance concern shows that AI introduces more than efficiency pressure, it also expands who must review, approve, and own outcomes. That raises the burden on IAM, security, and legal teams at the same time. Practitioners should expect AI adoption to increase governance complexity before it reduces operational friction.

AI is creating new roles because the enterprise now needs people who can control the control layer. The article's expectation that half of organizations will add new roles reflects a structural shift in how technology gets managed. As AI takes on more work, organisations need specialists who can interpret outputs, verify policy fit, and keep automation aligned with business rules. The practitioner takeaway is that operating AI safely requires new governance-capable roles, not just more users.

AI maturity now depends on whether the organisation can operationalise trust in the workflow itself. The named concept here is workflow trust debt: the accumulated gap between what AI is allowed to do and what teams can actually supervise. As that gap grows, the organisation becomes more dependent on informal judgment and less on repeatable controls. Practitioners should treat that debt as a scaling constraint, not an abstract maturity score.

From our research:

• 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
• 66% report that managing machine identities requires significantly more manual intervention compared to human identity management, according to The Critical Gaps in Machine Identity Management report.
• For the broader control picture, review the NHI Lifecycle Management Guide to connect identity governance, rotation, and offboarding to operational practice.

What this signals

Workflow trust debt: as AI moves from assistive tooling into operational decision paths, the gap between what teams allow and what they can actually supervise will become the limiting factor in maturity. That gap will show up first in review cycles, escalation design, and exception handling, not in model performance.

With 66% of organisations saying machine identity management requires significantly more manual intervention than human identity management, per The Critical Gaps in Machine Identity Management report, the governance lesson is simple: automation without operating discipline only shifts the workload.

The practical response is to align AI oversight with identity governance, especially where non-human actors and human teams share responsibility for access, compliance, and data handling. Teams that build that operating model early will be better placed to absorb new roles, higher decision volume, and stronger audit expectations.

For practitioners

• Map AI-assisted workflows end to end Identify which IT tasks are now being augmented by AI, which decisions remain human-owned, and where review or escalation points disappear when speed increases.
• Assign explicit owners for AI risk and compliance Tie each AI-enabled process to a named business, security, and legal owner so policy exceptions, data use, and approval changes do not sit in a shared grey zone.
• Build role-based training around real operational scenarios Use training that covers integration, compliance, and incident handling for AI-enabled work rather than generic awareness modules that do not change day-to-day behaviour.
• Review access and data boundaries before scaling AI use Check whether new AI workflows can see, move, or infer data beyond their intended scope, and adjust permissions before adoption becomes routine.

Key takeaways

• AI adoption is changing IT governance because it alters how work is delegated, reviewed, and owned, not just how fast tasks get done.
• The clearest evidence of strain is the combination of productivity gains, 38% reporting higher complexity, and 63% requiring AI training.
• Teams should pair role redesign with accountability, training, and access boundary checks before AI workflows become embedded in daily operations.

Key terms

• AI-assisted workflow: A work process in which AI completes part of a task or shapes a decision before a human finishes it. The key governance issue is not speed alone, but whether approvals, exceptions, and accountability still function when execution is shared between people and systems.
• Workflow trust debt: The accumulated gap between what an organisation allows AI to do and what its teams can actually supervise. It grows when automation expands faster than training, review paths, and ownership, and it becomes visible when operations rely on informal judgment instead of repeatable controls.
• AI governance ownership: The assignment of clear responsibility for how AI is used, reviewed, and challenged inside a business process. In practice, this means naming who owns risk, who approves exceptions, and who can stop a workflow when AI behaviour no longer fits policy.

Deepen your knowledge

AI workflow integration and risk management are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building governance for AI-assisted operations, this is a practical place to start.

This post draws on content published by JumpCloud: AI readiness, skills gaps, and the dual nature of AI in IT operations. Read the original.