Boards want AI on the roadmap. But middle management doesn’t know where to put it.
Then, when leadership says “go” and technical teams say “yes,” projects stall because no one has defined what the system should actually do.
This tension is showing up across commercial integration as AI moves into internal operations. But integrators aren’t the first to face this problem. Cybersecurity teams were among the first to push AI into high-stakes, high-volume workflows; their experiences help us better understand what happens when AI deployment moves faster than operating models.
Start with the Problem, Not the AI Platform
A recent ThreatQuotient report shares insights from 750 senior cybersecurity professionals who have wrestled with AI deployment. When asked about what’s steering the technology within their organizations, 71% said leadership or the board is the driver for AI adoption. As executives push for AI-enabled productivity, however, management buy-in remains a top implementation challenge.
Presumably due to this disconnect between leadership expectations and management readiness, nearly all respondents (96%) reported at least one problem during AI implementation, whether that involved lack of management understanding, lack of in-house skills, or poor decisions related to AI.
When problems like these surface, it’s a sign that organizations are starting with the tool instead of the task. They buy into the promise of AI before they decide where it belongs, who will rely on it, how much autonomy it should have, or what a good outcome looks like.
That’s a critical lesson for integrators. Before choosing any AI platform, it’s essential to make sure AI will take a specific, repeatable burden from a human team without creating a new layer of uncertainty or another problem. It should also preserve the human-in-the-loop model. Users may want speed, but they still want control; making sure people have oversight is a great way to build trust. Early adoption works better when AI sharpens judgment instead of trying to replace it.
Triage is a good example: In access control, AI can flag unusual entry patterns or credential anomalies and recommend follow-up actions, while security personnel review the findings and decide whether to investigate, escalate, or dismiss.
Can Your AI Vendor Answer the Hard Questions?
Once AI deployment scope is clear, the next question should be about whether the platform being evaluated deserves trust.
AI buying decisions are governance decisions. Vendors talk about intelligence, speed, and efficiency, but buyers need to understand what’s under the hood. For integrators, it’s not enough to compare features, interfaces, and licensing terms. It’s time to ask harder questions that demand transparency:
- What data is being used to train or tune the model?
- What documentation exists around model behavior and decision logic?
- How easily can overdependence on one provider be avoided?
- Where was the AI developed and are there restrictions tied to that?
Visibility also matters. If integrators can’t see how an AI-enabled platform reaches a conclusion, it’s harder to trust it enough to let it act on its own. The more opaque the system, the more important it becomes to keep a person close to the decision and limit AI deployment to narrow, easy-to-verify workflows.
What Does AI Success Look Like for You?
A well-defined scope and a transparent vendor are important, but just as critical is agreeing on what success looks like.
This is where many AI projects lose momentum. No one establishes a baseline, defines the KPIs, or agrees on a review process before deployment; a few months in, teams are arguing over whether the technology is even helping.
For the cybersecurity professionals in the ThreatQuotient report, leading ROI measures include mean-time-to-detection and mean-time-to-resolution. Those operational metrics can be adapted by integrators, too. For example, if the goal is faster response or quicker issue resolution, then define what “faster” or “quicker” means in measurable terms and track it from the beginning.
The survey also found that 53% of cybersecurity professionals look at employee satisfaction and retention when assessing AI’s impact. These teams are paying attention to whether the technology makes work more manageable, and integrators should as well. A system that saves time on paper but adds friction, confusion, or mistrust in practice does not create value.
To avoid that trap, tie AI deployment to one or two visible operational outcomes. Decide how they will be measured and make those measures part of the conversation from the start. That provides a way to defend the investment and decide whether the next phase should expand or stop.
The Practical Path to AI Adoption
AI adoption gains traction when it begins with a narrow problem and a clear owner.
To get it right, start with a triage-style workflow where the burden is obvious and the outcome is measurable. Keep someone close to the process to validate the output and stay accountable for the result.
Pressure-test your AI vendor when it comes to transparency, data handling, and dependence on a single platform. Then decide upfront how success will be measured, whether that means faster response, less manual review, better uptime, or a lighter load on the people using the system every day.
In other words: Pick one thing AI can fix, and then see if it does.
This article was developed with insights from members of NSCA’s AI and Cyber Committee, including significant input from Core Consultor’s Brian Banks. This committee continues to help NSCA examine how AI and automation can be responsibly integrated into the commercial integration industry.
