Most engineering and operations leaders trying to scale AI automation are running into the same wall. Promising pilots and improved tools just aren’t translating into success in production.
At one time, AI capability was the issue, but the blocker we’re seeing most today is governance. Organizations struggling to get off the ground are automating in environments where tools are disconnected, ungoverned, and unmeasured.
This is where most companies stand with automation today: research from Retool’s 2026 Build vs. Buy report showed that 72% of organizations identify as Basic (early stages) or Intermediate (significant automation but room to grow), with just 19% describing themselves as Advanced (automation that’s central to operation).
What is the 19% doing differently?
Instead of operating in a chaotic landscape of scattered tooling and employees’ bring-your-own-AI experiments, organizations that have reached Advanced maturity have focused on building foundations: the governed layer underneath their automation.
Enterprise AI programs often get off to a strong start in controlled environments, then hit a wall when they move to production. That wall is governance.
Move fast without a unified access control layer, and IT won’t sign off on production access. Slow down to retrofit governance after the fact, and the CFO kills the project before it proves ROI. Most organizations end up caught between pilots that succeed in isolation and stall at the handover to production. AI tools sit in staging. The outcomes stay invisible.
The word governance gets used loosely. In practice, governance is a single enforced layer that controls access, logs activity, and makes automation observable across your environment. Not per-app rules. Not team-level workarounds. One layer, applied consistently, that IT can audit and leadership can report against.
This pattern is most obvious when it comes to measurement: 35% of organizations have no formal process for measuring AI productivity gains (including nearly 1 in 5 that are operating under an explicit AI productivity mandate from leadership). This is usually framed as a reporting problem, something to fix with better dashboards or more rigorous tracking.
The actual cause happens earlier: scattered, ungoverned tooling that no single layer can observe. When your automation lives across six point solutions, each with its own access model and integration, you have a visibility gap that makes measurement impossible.
That gap also explains why executive reporting on AI often feels disconnected from what practitioners are actually doing. Automation activity that lives outside a governed platform can’t be connected to business outcomes in any systematic way. Leadership gets anecdotes, rather than any demonstrable progress.
Governance is hard to build in retrospect because it touches everything. Access controls, audit logging, and production write permissions aren’t features you can drop into an existing stack of disconnected tools. They require a layer underneath the tools that enforces rules consistently, regardless of who built the app or when. Organizations that try to govern tool-by-tool end up with inconsistency at best, and at worst, a false sense of security: each tool appears governed in isolation, while the overall environment remains opaque.
The organizations that have crossed this threshold tend to have made the same kinds of decisions, in roughly the same order, laying out a path to maturity that others can learn from.
Tools running on exports or test environments produce results that don’t translate. ClickUp built six custom AI tools on a single governed platform—connected directly to Salesforce, Zendesk, Snowflake, and their data warehouse—and automated hundreds of hours of work weekly and reduced vendor spend by $200K+. That scale is only possible when the tools are working with real data.
Building on real data comes with risks, so the next marker is security and permissions configured at the platform level, not inside each individual app. When every team implements its own access controls, you get inconsistency and gaps. In an enterprise context, those gaps are what trigger the long IT approval cycles that kill AI programs before they reach production.
The team at Pernod Ricard needed to move fast, connect to production data, and iterate on the UI every two weeks—a cadence completely incompatible with standard enterprise release cycles. Building on a platform with audit logging, access controls, and a no-production-write guarantee already in place meant those risks were resolved before the IT conversation started. The result was D-Star: deployed across 28 countries, adopted by 85% of its users, generating $15M in annual ROI in the US alone.
Finally, central visibility is what makes measurement possible. Harmonic built 33 internal applications on one platform. When a team member wants new software, their default question is now “Why can’t we just build this in Retool?”—which is only a reasonable default when everything is connected and visible in one place.
These companies share a decision made before they started building: to establish one governed layer that all automation runs on, rather than accumulate point solutions, each with its own governance gaps. Automation is a platform choice rather than a tool-by-tool accumulation.
For leaders looking to meaningfully advance their organization’s automation with AI, these examples point to a sequence of shifts to make.
If your security and access rules live inside individual apps rather than a shared layer underneath them, every new tool restarts the governance problem from scratch. Organizations stuck at Intermediate typically have automation spread across five or six point solutions, each with its own integrations and blind spots. Consolidate onto a governed layer first. Otherwise, you're collecting isolated wins, not building momentum.
When AI productivity is hard to measure, the instinct is to build better dashboards. The more useful question is whether your environment makes measurement possible at all. Start by mapping what you’ve built, where it lives, who can see it, and whether any of it connects to the outcomes leadership is asking you to report on. Most teams find more gaps than they expected.
Tools running on test environments or manually refreshed datasets produce results that don’t survive contact with the real world. If your automation doesn't work against the same data your business actually runs on, the gap between what it demonstrates in a demo and what it delivers in practice will persist regardless of how good the underlying model is.
Thanks to Rebecca Dodd for her help with this piece.
