UK enterprises have been adopting AI agents at pace. New research from KTSL and BMC Helix shows that 88% of large UK enterprises in retail, pharma, and financial services are now past planning and actively deploying agents. The global market backs the trajectory: Fortune Business Insights puts AI agents at $11.78bn in 2026, projected to reach $251.38bn by 2034, a roughly 21-fold expansion over the next eight years.
But the same research shows something else: 25% of enterprises say their AI agent deployments have failed to meet ROI expectations. That’s one in four programs in companies with 4,000+ employees that fall short. Given the scale of those investments, the failure rate is the number that should be focusing every CIO and Head of IT’s attention.
Before we get into the failures, the kind of ROI enterprises are looking for has shifted, which changes how to read the rest of the numbers. Cost savings, often assumed to be the primary AI business case, ranked last among desired benefits at 29%. Faster incident resolution and enhanced customer experience tied at the top at 44%. Financial services led on better decision-making (46%), retail on customer experience (47%), and pharma on faster incident resolution (50%). Enterprises are buying speed and quality, not savings.
I want to dig into why a quarter of these programs aren’t paying back, because the report (which surveyed 400 senior IT leaders through Censuswide in January 2026) does more than show the failure rate. It tells us what the 71% have in common, and the answer isn’t about the technology.
The security gap with AI agents
One of the most worrying findings in the research: only 27% of enterprises have a comprehensive, formal security policy in place for their AI agent deployments. That means 73% are running autonomous decision-making systems on ad hoc security measures or, in some cases, no formal framework at all.
These are not low-stakes systems. The research shows enterprises prefer learning agents (44% adoption) over simple reflex agents (under 30%). The preference is for AI agents that adapt over time and make decisions on behalf of the business. 46% of respondents cite decision-making as the primary function they’re putting AI agents to.
And then 73% of those enterprises are doing that without a comprehensive security framework. Worse, the largest enterprises (£200m+ IT budgets) have weaker policies than smaller firms. Only 33% have comprehensive policies in place.
The security gap isn’t an issue for the security team alone. It’s a governance question, and it likely explains some portion of the 25% failure rate. AI agents fail in production for the same reasons any autonomous system fails: unclear access controls, no decision audit trail, and no rollback path when something goes wrong. The cost of skipping that work upfront is paid later, usually in public.
IT service management (ITSM) teams should pay particular attention here. Agentic AI in service management means giving systems the authority to resolve incidents, approve requests, and trigger changes. Stephen Mann’s piece on agentic AI in ITSM lays out the use cases. Each one of them is a governance question before it’s a technology one.
Different barriers for different sizes
The research also breaks down the barriers by enterprise size, which I found particularly interesting.
For smaller enterprises (IT budgets of £1m to £50m), the dominant barrier is internal skills: 40% cite a lack of in-house knowledge as their primary obstacle. They understand the use cases. They’ve built business cases. What they don’t have is the engineering and operational expertise to take an AI agent from concept into production at scale.
For the largest enterprises (£200m+), only 23% cite skills as a barrier. Their gap is data quality and finding the right partners. They have the people and the budgets, but they’re sitting on data estates that aren’t fit for purpose and are struggling to find vendors who can navigate the complexity of their environments.
Those are different gaps requiring different fixes. A mid-market IT leader needs partners (an ITSM vendor, a systems integrator, or a specialist consultancy) who will transfer skills, build alongside the in-house team, and leave the organization in a stronger position at the end. A CIO running a £200m+ shop needs vendor and integration partners who can make sense of legacy systems and fragmented data, and who can stand up the engineering scaffolding to support agents across the business.
There’s a related issue worth raising: how ITSM vendors are selling AI agents right now. Most of the positioning I see is built around features and functions rather than around the gaps the research has identified. The demos lead with what the AI can do. So do most of the sales conversations. Very few vendors lead with the question they should be asking first: what are you trying to solve, and where is your gap?
Vendors carry some of the blame for selling that way, but buyers are the ones paying for it. If every vendor’s USP is “we do AI,” there’s no way to tell the ones that will deliver from the ones that won’t. The 25% of programs that aren’t paying back didn’t all buy bad technology. Some of them bought decent technology from a partner who never helped them think through what success looked like before the contract was signed.
The 71% who are getting ROI aren’t doing so because they’re smarter or better resourced. The more likely explanation is that they were matched with the right kind of help for the gap they had, whether that’s skills, data, or integration.
What it means for ITSM
There are two things ITSM leaders can learn from this research.
First, be honest about which gap you’re trying to close and pick partners accordingly. Skills, data, integration, governance: these are different challenges with different fixes. A platform sale alone, with no advisory, no skills transfer, and no integration work, won’t get you there. Letting a vendor lead with features is one of the quickest routes into the 25%.
Second, take security and governance seriously before you scale. The temptation with agentic AI is to chase early wins and worry about controls later. The research shows that this is a category of mistake the largest enterprises in the UK are already making, and it will show up in audits, incident response, and regulatory scrutiny long before it shows up in deployment metrics. Define access controls, decision audit trails, and rollback paths before AI agents are deployed to production systems.
A final note on AI agents
The 25% is the headline figure, but the real story underneath it is that AI agent failure isn’t a technology failure. The technology works. 71% of UK enterprises are getting ROI from it. The market is expanding fast, and the products are getting better.
As with anything in service management, success with the technology hinges on the people decisions made around it. Picking partners for the right reasons rather than the loudest features. Putting governance in place before AI agents begin real work. These are the things that move enterprises from the 25% to the 71%, and they’re not things any platform sale can hand you.
Read the full research: The 2026 State of AI Agents in the UK, KTSL in partnership with BMC Helix.
AI Agent FAQs
An AI agent is a software system that can perceive information, make decisions, and take actions to achieve specific goals with varying levels of autonomy. Unlike traditional automation, AI agents can adapt to changing conditions and learn from data over time.
Agentic AI in ITSM refers to AI-powered systems that can independently perform service management tasks such as resolving incidents, fulfilling requests, managing knowledge, and supporting change management processes with minimal human intervention.
According to the KTSL and BMC Helix research, UK enterprises are primarily investing in AI agents to improve customer experience, accelerate incident resolution, and enhance decision-making. Cost reduction is a secondary driver compared to service quality and operational speed.
The KTSL and BMC Helix research found that 88% of large UK enterprises surveyed have moved beyond the planning stage and are actively deploying AI agents across their organizations.
The KTSL and BMC Helix report suggests that AI agent failures are often linked to governance, security, data quality, skills shortages, and poor partner selection rather than shortcomings in the underlying technology itself.
The most common barriers vary by organization size. Smaller enterprises often struggle with a lack of in-house expertise, while larger organizations are more likely to face challenges related to data quality, legacy systems, and integration complexity.
Governance is critical because AI agents are increasingly being trusted with autonomous decision-making. Organizations need clear access controls, audit trails, accountability frameworks, and rollback procedures before deploying AI agents into production environments.
Without proper governance, AI agents can introduce risks related to unauthorized access, poor decision transparency, compliance violations, and unintended actions. Comprehensive security policies help reduce these risks and support responsible deployment.
Organizations can improve ROI by clearly defining business objectives, addressing data quality issues, implementing governance frameworks early, selecting the right implementation partners, and ensuring sufficient skills transfer during deployment.
The KTSL and BMC Helix research indicates that learning agents are the most commonly adopted type. These agents can adapt their behavior over time based on experience and changing business conditions, making them more suitable for complex enterprise environments.
ITSM leaders should assess their organization’s readiness across skills, data quality, integration requirements, security, and governance. They should also define success metrics and establish controls before granting agents authority over service management processes.
Rather than focusing solely on product features, enterprises should look for partners that understand their specific challenges, provide implementation expertise, support governance requirements, and help build long-term organizational capability.
No. AI agents are typically designed to augment ITSM teams by automating routine work, accelerating service delivery, and supporting decision-making. Human oversight, governance, and strategic leadership remain essential
Data quality is one of the most important factors affecting AI agent performance. Poor, incomplete, or fragmented data can limit an agent’s ability to make accurate decisions and reduce the likelihood of achieving expected business outcomes.
The AI agent market is expected to grow significantly over the coming years as organizations expand deployments beyond pilot projects. Success will increasingly depend on governance, integration, security, and organizational readiness rather than technology selection alone.
Sophie Danby
Sophie is a freelance ITSM marketing consultant, helping ITSM solution vendors to develop and implement effective marketing strategies.
She covers both traditional areas of marketing (such as advertising, trade shows, and events) and digital marketing (such as video, social media, and email marketing). She is also a trained editor.
