AI orchestration is becoming the real support control plane

At a glance

What this is: This interview argues that AI in customer support is increasing demand and making orchestration, not standalone automation, the core operating problem.

Why it matters: IAM teams should care because the same routing, escalation, and delegation patterns are now emerging across human, NHI, and AI-assisted service flows.

By the numbers:

• AI agents are claimed to achieve 80 to 90% resolution rates in support interactions.

👉 Read WorkOS's interview on AI orchestration in customer support

Context

AI orchestration is the coordination layer that decides whether a request is handled by a human, a machine, or an AI system. In this interview, the central finding is that better automation does not simply remove work. It changes the volume, shape, and governance of the work that remains, which is why the support control plane matters as much as the support agent.

For identity programmes, this is a useful reminder that delegation is now a policy problem, not just an operations problem. The same logic that routes support cases will increasingly shape who or what is allowed to act, when escalation occurs, and where accountability sits when humans and AI systems share execution paths.

Key questions

Q: How should organisations govern AI systems that route support cases between humans and machines?

A: Treat routing as a governed policy layer, not a hidden optimisation. Define the signals that keep a case with AI, the conditions that require human escalation, and the evidence required to justify each handoff. Without that structure, accountability for service outcomes becomes diffuse and hard to audit.

Q: Why can AI in customer support increase workload instead of reducing it?

A: When support becomes faster and easier to use, more customers submit requests that they would previously have delayed or avoided. That demand expansion can outweigh efficiency gains. The result is a higher inbound volume, more edge cases, and greater pressure on escalation and exception handling.

Q: What breaks when AI agents can contact support on behalf of users?

A: The support model breaks if it assumes every request comes from a human with stable intent and direct authority. Delegated agents can blur representation, consent, and scope, so teams need clear rules for what the agent may ask, what it may approve, and what must still require human confirmation.

Q: How do support teams know whether AI orchestration is working?

A: Look for fewer unmanaged escalations, consistent routing decisions, and clear ownership of exceptions. If requests are bouncing between AI and humans without traceable rationale, the orchestration layer is not controlling work, it is obscuring it. Measurement should focus on decision quality, not only resolution speed.

Technical breakdown

Human to AI routing in high-volume support

Support orchestration sits above the individual responder and decides whether a ticket stays with AI or moves to a human. That decision typically blends intent classification, queue depth, customer value, issue complexity, and service-level risk. The important mechanism is that the routing layer is not merely automation. It is a policy engine that continuously balances experience, cost, and operational capacity across different identity types.

Practical implication: treat routing logic as governed access to work, with clear escalation criteria and auditability.

Why AI support systems create demand instead of removing it

The interview describes a Jevons paradox pattern: when support becomes easier to access, more customers engage. In operational terms, efficiency gains lower friction, which expands total demand rather than shrinking it. That changes capacity planning because the bottleneck shifts from simple answer generation to exception handling, edge cases, and exception approval. The organisation must manage the new volume created by convenience, not just the cost savings from automation.

Practical implication: model AI support as demand expansion and re-baseline staffing, queue design, and escalation thresholds accordingly.

Agent-to-agent interfaces and delegated support actions

When an AI agent contacts support on behalf of a user, the interaction stops looking like a human conversation and starts resembling an API transaction. That introduces identity questions around representation, consent, and scope. The support side must understand whether the agent is acting as a delegated proxy, a bounded workflow helper, or an independently deciding system. Those distinctions affect what can be trusted, logged, and approved across the interaction chain.

Practical implication: define delegated-agent identity boundaries before allowing programmatic customer support actions.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• AI LLM hijack breach — attackers used stolen AWS access keys to hijack Anthropic LLM models on Bedrock.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Support orchestration is becoming an identity governance problem, not just a service design problem. When humans and AI both handle customer requests, the control point shifts from response generation to delegated action routing. That means the real question is who or what may act, under what conditions, and with what evidence of approval. Practitioners should treat orchestration policy as part of access governance, not as an engineering detail.

Jevons-style efficiency effects can overwhelm static support governance. Faster AI resolution reduces friction and increases inbound demand, which means capacity controls built for pre-AI volumes become unreliable. This does not just change staffing models. It changes the assumptions behind escalation thresholds, queue ownership, and exception handling, which are all governance decisions. Teams need to plan for higher interaction volume, not only lower average handle time.

Delegated support actions expose a named concept we can call identity routing debt. The more a platform relies on dynamic switching between human and AI responders, the more it accumulates hidden decision paths that are hard to audit after the fact. The governance risk is not just misrouting. It is that accountability becomes fragmented across systems that each see only part of the request lifecycle. Practitioners should assume every unresolved routing choice becomes future operational debt.

AI agents acting on behalf of users will force support organisations to separate representation from execution. A customer-side agent may be authorised to ask questions, but not necessarily to approve refunds, returns, or account changes. That distinction matters because the delegation chain can outgrow the original policy model. The implication for practitioners is that customer support identity models now need explicit proxy semantics, not just authentication at the front door.

From our research:

• AI agents are claimed to achieve 80 to 90% resolution rates in support interactions, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
• Our research also shows that when AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
• For a broader identity lens on delegated machine access, review NHI Lifecycle Management Guide for the governance controls that keep machine actions attributable.

What this signals

Support operations are now a preview of broader identity governance failures. Once a platform decides dynamically whether a human or AI should act, the organisation has to govern delegation, exception handling, and accountability as a single control surface. That is the same pattern identity teams will face as customer workflows, internal service desks, and AI assistants converge.

Identity routing debt: when AI and humans share a service workflow without explicit proxy boundaries, the organisation accumulates hidden decision paths that are difficult to reconstruct later. The practical consequence is that traceability becomes an afterthought unless routing logs, escalation reasons, and approval ownership are designed in from the start.

As AI-mediated support grows, the governance challenge shifts from proving that automation works to proving when it should stop. Teams that already use the NIST Cybersecurity Framework 2.0 should map support orchestration into govern and protect outcomes, because service routing has become part of operational resilience, not just customer experience.

For practitioners

• Map support routing as a governed decision path Document which signals cause AI to retain a case and which signals trigger human escalation, then require ownership for each decision point in the workflow.
• Rebaseline capacity after AI self-service gains Assume easier access will increase demand, then adjust queue targets, staffing assumptions, and escalation thresholds before service levels degrade.
• Define delegated-agent permissions explicitly Separate question answering, case creation, refund approval, and account changes so an AI agent can only perform the actions it is actually trusted to represent.

Key takeaways

• AI support orchestration is a governance issue because it decides when humans act and when machines act.
• Efficiency gains can increase demand, so support teams need to plan for higher volume rather than fewer interactions.
• Delegated AI support actions require explicit boundaries for representation, approval, and auditability.

Key terms

• Support orchestration: Support orchestration is the control layer that decides whether a customer request is handled by AI, a human, or a sequence of both. In identity terms, it is a delegation system that governs who may act, when escalation happens, and how those decisions are recorded and reviewed.
• Delegated agent: A delegated agent is an AI system acting on behalf of another party within a bounded scope. The important distinction is not that it can communicate, but that it may be authorised to request or trigger actions without being the final decision owner. That makes representation, consent, and auditability central controls.
• Identity routing debt: Identity routing debt is the accumulation of hidden decision paths created when workflows shift repeatedly between human and machine actors without explicit policy boundaries. The result is weak traceability, unclear ownership, and difficult post-incident reconstruction. It is a governance problem that grows as orchestration layers become more dynamic.
• Exception handling: Exception handling is the process for resolving requests that do not fit standard automation paths. In support operations, exceptions often require human judgment, policy override, or manual approval. When AI is introduced, exception handling becomes a key boundary for what the system can safely automate and what it must defer.

Deepen your knowledge

AI orchestration and delegated support governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your team is beginning to formalise machine and AI-assisted workflows, it is worth exploring.

This post draws on content published by WorkOS: Assembled CEO John Wang on the jevons paradox of customer support. Read the original.