Study finds AI adoption high but operations lag behind

Thoughtworks and IDC have published research suggesting that most large organisations use AI tools, but few have embedded AI into day-to-day IT operations on a continuous basis.

The study found that nearly 90% of enterprises have adopted AI, yet only 12% have reached what it calls continuous, AI-driven IT operations. Most still rely on intermittent modernisation programmes and reactive maintenance.

The report links operational maturity to measurable changes in software delivery, security practices, and application architecture. It also points to shifting expectations in IT services contracts, with buyers seeking commitments to continuous improvement and outcomes rather than staffing levels.

Adoption gap

The findings focus on application operations and modernisation in large organisations. IDC surveyed 500 senior IT and digital decision-makers in the United States, the United Kingdom, Germany, and the Asia-Pacific and Japan region. Respondents worked at organisations with more than 1,000 employees in manufacturing, finance, retail, and life sciences.

The survey included organisations that already use AI or expect to adopt it within two years. The report argues that AI roll-outs do not automatically translate into changes in operating models, governance, data practices, or workforce skills.

Thoughtworks describes a common pattern: technology leaders launch discrete modernisation projects, then return to a steady state shaped by legacy systems and manual processes. The research characterises this approach as costly and slow to change, leaving teams to handle recurring incidents, deferred technical work, and fragmented improvements.

Release velocity

Release speed emerges as a key differentiator between organisations with higher AI maturity and those at earlier stages. AI-mature organisations deliver product and feature releases 45% faster, according to the report.

That matters for companies that treat software delivery as a competitive lever. Slower releases can also raise costs by increasing parallel work and rework across development, testing, and operations.

The report emphasises continuous modernisation rather than periodic intervention, framing it as an operating discipline rather than a one-off transformation programme.

"The era of intermittent application modernization is no longer sustainable," said Josh Burks, SVP and Global Leader of Managed Services at Thoughtworks.

"Our research with IDC confirms that a reactive, project-based modernization approach leads to high costs, security vulnerabilities and significant people impact. To maintain a competitive advantage and deliver AI that works, organizations are moving away from risky one-off interventions and toward a model of continuous modernization," Burks said.

Security focus

The research also highlights security outcomes, reporting a 48% reduction in risk exposure through AI-led vulnerability management. The summary does not define the risk metric, but it attributes the improvement to shifting routine vulnerability work into a more automated operating rhythm.

Security and operations teams face growing alert volumes and frequent change across software estates. The report suggests that organisations that embed AI in operational workflows see a clearer link between automation and risk reduction.

IDC's analysis also points to a shift in how teams use human expertise, with people focusing on higher-value decisions while automated processes handle more routine work across delivery pipelines and security checks.

"Enterprise security and operations are rapidly becoming AI-led, yet most organizations lack the maturity to realize the expected benefits," said Jennifer Thomson, AVP Global Services Insights at IDC.

"The shift we are seeing is a move toward a 'human-in-the-loop' strategy where human expertise is reserved for strategic architectural decisions and complex problem solving. By focusing on pipeline intelligence and automated security, organizations can finally bridge the gap between IT operations and business objectives, replacing outdated headcount pricing with shared-risk models that incentivize speed and scale," Thomson said.

Architecture gains

Higher AI maturity is also associated with changes in application architecture and technology management. The report cites a 36% improvement in maintainability and scalability, along with a 34% better alignment of IT to business goals.

Maintainability and scalability often depend on standardisation, clear ownership, and consistent engineering practices across teams. The report suggests that organisations treating modernisation as continuous work face fewer trade-offs between maintaining older systems and building new services.

The findings add to the debate over whether AI investment is driving structural change. Many organisations have deployed AI tools in development and support functions, but the research suggests the biggest gains come when AI becomes part of operating processes, service management, and decision-making routines.

Contract changes

Beyond technology practices, the research highlights shifts in procurement and supplier relationships. It found that 56% of organisations want contracts tied to continuous-improvement requirements, while 43% are seeking risk-reward sharing models for modernisation initiatives.

Buyers are increasingly judging success using value-based indicators such as speed, resilience, and customer experience, rather than a narrow focus on uptime.

Thoughtworks also outlines a 180-day action plan centred on proving value through pipeline intelligence, AI-guided remediation, and upskilling teams in AI and machine learning literacy, which it describes as the most critical skill across sectors.