Transforming IT
The IT function must change in response. Many CIOs have already begun experimenting with different models for embedding data and AI into their organizations, and no single operating model has yet emerged as the clear winner. In some organizations, AI capability is centralized within IT; in others, it is distributed across business functions; in many, it is a hybrid of both. What matters most is finding a setup that works within a given organization’s culture and structure. But regardless of the model chosen, one principle holds: the CIO must remain the guardian of the AI architecture. Governance, coherence, and strategic direction cannot be delegated away.
There is a persistent myth worth dispelling: that AI simplifies the CIO’s operational reality. It does not. More AI means more software, more integrations, more vendors, and more architectural decisions to make and stand behind. The surface area the CIO must govern is growing, not shrinking. Cost discipline is becoming a critical new competency, particularly around model consumption, cloud infrastructure scaling, and the hidden costs of moving AI pilots into production at scale. CIOs who treat AI purely as an innovation agenda without an equally rigorous cost management discipline will find themselves with difficult conversations ahead.
A more fundamental shift is also underway. Historically, every piece of enterprise software was designed around human interaction: screens, workflows, the assumption that a person would eventually be on one end of the transaction. AI-native software does not carry that assumption. Agents read, write, decide, and act without a human in the loop. This changes how CIOs think about procurement, build versus buy decisions, and integration architecture in ways most IT functions have not yet fully worked through. The question is no longer simply whether a system is usable. It is whether it is composable, auditable, and governable by both humans and machines.
Several core competencies will define the IT function going forward. Enterprise architecture becomes even more critical, as the complexity of connecting AI systems, data platforms, agents, and legacy infrastructure demands genuinely sophisticated design thinking. The data function must be elevated accordingly. And as citizen development accelerates, CIOs will need to build real no-code and low-code expertise across IT, empowering business users to build responsibly while maintaining appropriate guardrails. This is not a small ask: citizen developers need meaningful support, training, and clear boundaries to operate effectively and safely. Most importantly, they need guidance on how self-developed software can be put into production, and how it can be taken out of the environment to avoid a graveyard of unused software products.
It is also worth reframing how the IT function thinks about business-led technology development more broadly. Shadow IT has long been treated as a problem to suppress. In the AI era, multidisciplinary teams in which business and technology expertise sit alongside each other – what might more accurately be called embedded IT – are often where the most grounded and effective AI solutions emerge. The CIO’s role is not to prevent this but to ensure it happens within a framework of architectural authority: clear standards around data governance, legal exposure, security, and code review that apply consistently regardless of where in the organization the development is taking place. As AI enablement increasingly happens within business domains rather than in IT itself, the most effective IT teams will be those that combine deep AI expertise with understanding of business processes. The days of IT as a purely technical function are over. Design thinking, long a staple of innovation labs, is poised for a second peak as the discipline that connects user needs, business outcomes, and AI capability in a practical and human way.
Managing AI proliferation across a large organization also requires segmentation rather than a one-size-fits-all approach. Effective CIOs are distinguishing between different user personas: end users who need accessible, approved tooling; professional developers who need agent orchestration platforms and coding environments; and business functions investing in domain-specific AI applications. Each group needs a different governance approach, a different level of enablement, and carries a different risk profile. Applying a single framework across all three tends to produce either over-restriction or loss of meaningful oversight.
A new governance responsibility is also emerging that few IT functions are currently structured to handle: the management of machine workers. AI agents are active participants in business processes, executing tasks, making decisions, and in some cases interacting directly with customers and colleagues. IT must develop the capability to onboard, manage, audit, and retire AI agents with the same rigor they would apply to human employees. This includes not only access rights, performance standards, and behavioral guardrails, but also the legal dimension: record retention, audit trails that hold up over extended time horizons, and clear accountability for decisions made by automated systems. The CIO who builds this governance capability early will have a meaningful advantage over those still treating agents simply as software deployments.
AI will also transform how IT operates internally. The traditional software development lifecycle is giving way to what might be called an AI-driven development lifecycle. Code generation, testing, documentation, and deployment are increasingly handled by AI tools and autonomous agents. Infrastructure monitoring, incident response, and security patching are being automated from end to end. Tasks that once required entire teams, from writing boilerplate code to triaging support tickets to generating technical specifications, are now completed in minutes. The engineer’s role shifts from doing to directing, reviewing, and governing.
The scale of this shift should not be underestimated. Research by The Hackett Group found that generative AI is expected to reduce IT operating costs by as much as 37%, freeing up significant resources for more strategic work. This is not primarily a cost-cutting story. It is a reinvestment story: fewer people will be doing routine work, more people will be doing work that genuinely matters.
Innovation remains a non-negotiable mandate: continuously scanning the market, identifying where the next wave of AI capability will come from, and translating that awareness into organizational readiness is a responsibility that cannot be outsourced or automated.
The overall implication is counterintuitive: operational roles in IT will shrink significantly as AI absorbs routine activity. But architecture, integration, and governance roles will grow in both importance and likely in number, driven by the sheer complexity of the AI-enabled enterprise. The IT function will have strategic significance across the entire organization.