TL;DR: AIOps combines machine learning, anomaly detection, and closed-loop automation to reduce alert noise, speed root-cause analysis, and improve incident response in complex IT estates, according to Kong. The governance test is whether automation remains observable, bounded, and accountable when operations increasingly depend on AI-driven decisioning.
NHIMG editorial — based on content published by Kong: What is AIOps? Transforming IT Operations with AI
By the numbers:
- The average cost of IT downtime has reached $9,000 per minute.
- AIOps implementations report a 90% reduction in Mean Time to Detect.
- AIOps implementations report a 60% improvement in Mean Time to Resolution.
Questions worth separating out
Q: How should security teams govern AIOps tools that can take automated action?
A: Treat AIOps as delegated operational authority, not just analytics.
Q: Why do AIOps platforms struggle when alert quality is poor?
A: Because the model can only correlate what it receives.
Q: How can organisations tell whether AIOps is actually improving operations?
A: Look for fewer false positives, faster root-cause identification, and shorter resolution cycles, but validate those metrics against service ownership and audit trails.
Practitioner guidance
- Define automation boundaries for incident response Classify which AIOps actions may execute automatically, which require approval, and which must always remain human-led.
- Improve telemetry quality before expanding automation Normalize logs, metrics, traces, and event naming so correlation engines work on clean inputs.
- Separate recommendation from execution Keep diagnostic output, change execution, and rollback permissions in different control paths.
What's in the full article
Kong's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step explanations of how AIOps ingests logs, metrics, traces, and events across a modern stack.
- The article's own breakdown of anomaly detection, pattern recognition, and predictive analytics in operational contexts.
- Practical examples of closed-loop automation, including automated remediation and dynamic resource management.
- The vendor's discussion of implementation challenges such as security, privacy, integration, and team adoption.
👉 Read Kong's guide to AIOps and automated IT operations →
AIOps and alert fatigue: what IAM teams should watch?
Explore further
AIOps shifts the governance problem from monitoring volume to delegated operational authority. The article shows that once systems correlate alerts, identify root causes, and trigger remediation, operations is no longer just observation. That changes the control question from “can we see the issue?” to “who is allowed to act on machine-generated conclusions?” For identity teams, the implication is that operational automation needs access boundaries, auditability, and human override points before it is trusted in production.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should be accountable when AIOps triggers remediation automatically?
A: Accountability should sit with the service owner and the control owner, not with the model. Automated remediation only remains governable when every action has a human owner, an approved scope, and a rollback path that can be reviewed after the event.
👉 Read our full editorial: AIOps exposes the gap between automation and operational control