Fact: AI is not replacing DevOps; it is amplifying it, with 70% of IT leaders worldwide agreeing that strong DevOps practices contribute to successful AI adoption across the SDLC. That is according to the Perforce 2026 State of DevOps Report and sounds reassuring, until you flip the picture. Where DevOps foundations are not mature, AI amplifies weaknesses at machine speed. Consequently, as AI agent adoption expands, governance, including data governance, has become more vital than ever to reduce risk.
Once AI agents move from assisting developers to acting on their behalf, the risk is no longer just bad code; it also includes the potential for bad data flowing through autonomous systems. For organizations already struggling with poor data governance and DevOps processes, AI agents will magnify existing problems very quickly.
Trust in outputs doesn’t match auditability
This is why it is crucial to put processes and tools in place that make it safer to trust AI outputs, covering compliance, security, transparency, auditability, and traceability. But even though adoption of AI is heating up, only 39% of organizations have fully automated audit trails, even though 77% report confidence in AI outputs.
Addressing the gap between AI adoption and comprehensive governance needs to happen fast. While many enterprises are still in the early stages of AI, primarily using the technology to help humans work faster, the landscape is shifting rapidly. This evolution in roles and responsibilities sets the stage for new operational dynamics.
“A developer might come into work to find that AI has, overnight, touched 12,000 lines of code… That developer could barely carry out random spot checks of what AI did, let alone have a full picture.”
For example, a developer might come into work to find that AI has, overnight, touched 12,000 lines of code, run 10,000 tests, written 200 pages of documentation, and deployed 32 new product features, with a million users already accessing them. That developer could barely carry out random spot checks of what AI did, let alone have a full picture of what AI has done.
Back to basics
We’ve had many technological revolutions — maybe not at the scale of AI — but one of the foundations I always recommend as a leader is to go back to basics, review the maturity of existing DevOps or agile foundations, and prioritize reinforcing or adopting good practices. This should not be viewed as a delay, but rather as essential groundwork to prevent weak security, inconsistent data governance, or other broken processes. That foundational effort must be done now, not as an afterthought to widespread AI agent implementation, by which time mitigation may be difficult or impossible.
Governance must be at the heart of this DevOps maturity review, especially for those in highly regulated industries. The ability to build trust in AI through full transparency, auditability, traceability, and guardrails will become a key differentiator for organizations that want to remain competitive while operating safely.
Seven steps to better governance
What does that mean in practice? Here are some suggested starting points:
1. Have good data hygiene
Cleaning data is an accepted practice, but organizations often fall into the trap of treating it as a one-time task. Data will not stay clean; it will change and grow. So, it is critical to fix the processes that create the data, not just the data itself. Identify the specific data flows supporting business decisions and apply the appropriate governance controls. In particular, it is vital to ensure that AI never accesses actual customer or other sensitive data. Techniques such as data masking can provide realistic, but never real, data.
“Data will not stay clean; it will change and grow. So, it is critical to fix the processes that create the data, not just the data itself.”
2. Ensure solid test frameworks are in place
Establish robust unit, functional, and performance testing. Ensure that the right policies are defined and enforced, including compliance requirements, whether internal or industry-driven.
3. Remove the bottlenecks
Work toward CI/CD pipelines that run smoothly end-to-end, minimizing the need for human intervention to trigger processes. Automate as much as possible, while ensuring appropriate safety measures are in place for each AI system.
4. Make safety and compliance checks easy
For now, many processes will still depend on a human in the loop, but make those steps as simple as possible. Provide users with everything they need to make a clear “yes” or “no” decision, rather than requiring them to dig through reports, log in to multiple systems, and interpret findings. Use AI to summarize: “I ran these checks, everything has been verified, and this is my verdict.”
5. Track everything
We are rapidly moving toward a world where conversations with AI become part of the intent behind software development. These interactions must be captured. It will soon be essential to maintain a write-once, read-only, immutable single source of truth that neither humans nor AI can alter.
6. Contain AI
Sandbox or containerize AI agents so they only have access to the data and tools they need. Prevent them from modifying information that must remain immutable, such as audit records.
7. Start stepwise and build
Put the basic framework in place first, then layer accelerators on top as the organization becomes in a position to move through AI maturity levels. Levels one and two are human-directed, following human intent with human-in-the-loop reviews, while levels three and four is where AI becomes multi-agent autonomous at scale, with a proactive self-improving system and requiring minimal human involvement except to guide high-level intent. It is important to note that none of this can happen overnight, especially in safety or mission-critical environments where humans must still be closely involved.
Even in those environments, however, AI agent adoption will accelerate rapidly and push enterprises toward higher maturity AI levels. That is why it is essential to start building or reinforcing those foundations now, using DevOps practices (which are, ultimately, established SDLC common sense) as a guide to achieving competitive innovation at speed, while always prioritizing strong governance.
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don’t miss an episode. Subscribe to our YouTube
channel to stream all our podcasts, interviews, demos, and more.
SUBSCRIBE
Group
Created with Sketch.
Rod Cope is the CTO of Perforce Software. Previously in his 30+ year software career, he worked at IBM, IBM Global Services, General Electric, and for the CTO of Anthem. Rod has also led key technical teams working on mission-critical…
