Managing the risks and rewards of AI in digital product development and service management
Regardless of the debate around who said it, the quote, “There are decades where nothing happens and there are weeks where decades happen”, could easily apply to how AI is affecting service management and digital product development.
A year ago, analysts at Forrester reported that “Agentic AI is pushing the boundaries of what’s possible in service management…from proactive issue resolution to personalized user experiences”.
“The question”, they added, “is no longer whether AI will dominate service management but how quickly organizations can implement and leverage its full potential”.
A year is evidently a long time in an AI world, as Tim Mills of UK-based firm, ‘ITSM People’ recently highlighted on LinkedIn a post by Matt Shumer, founder and CEO at Hyperwrite (AI writing tool), about the current speed of change and capability in AI.
What Shumer called “the most important development” was OpenAI’s release of GPT-5.3 Codex, which is, according to the company, “…our first model that was instrumental in creating itself. The Codex team used early versions to debug its own training, manage its own deployment, and diagnose test results and evaluations”.
Shumer commented, “Read that again. The AI helped build itself.”
Summarizing what the latest developments in AI mean for software engineering, he added: “A year ago, AI could barely write a few lines of code without errors. Now it writes hundreds of thousands of lines that work correctly…there will be far fewer programming roles in a few years than there are today.”
AI is faster, but its adoption might be slower
However, quoted in The Atlantic magazine, Daron Acemoglu at MIT, who won the Nobel Prize in Economics in 2024, takes a different view of AI: “History tells us it’s actually going to happen much slower.”
The Atlantic’s writer, Josh Tyrangiel, explained that “Before AI can transform a company, it has to access the company’s data and be woven into existing systems... A trade secret of most Fortune 500 companies is that they still run many critical functions on lumbering, industrial-strength mainframe computers that almost never break down and therefore can never be replaced.”
And he added: “Integrating legacy tech with modern AI means navigating hardware, vendors, contracts, ancient coding languages, and humans, every one of whom has a strong opinion about the ‘right’ way to make changes. Months pass, then years; another company holiday party comes and goes and the CEO still can’t understand why the miracle of AI isn’t solving all of their problems.”
According to some experts, the advent of AI can expose either the maturity or immaturity of an organization’s service value system. Dr. Arun Kumar Singh, ITIL Master and specialist in digital transformation across complex environments, commented in the ITIL Online Forum:
“Where governance, practices, and continual improvement are well established, AI strengthens value co-creation through optimized incident management, knowledge management, and change enablement. Where roles, configuration management, risk controls and measurement are weak, AI accelerates service instability, uncontrolled change, and loss of trust.”
Fresh thinking about how to use AI confidently for business growth, while applying the necessary governance, has been central to developing ITIL (Version 5). So, how do the experts involved in the new ITIL approach the challenge of AI?
Trust but verify
“You cannot give AI carte blanche,” David Cannon, Senior Director: ITIL, said. “You have to validate that work is complete, including data governance, and understand what’s being automated, plus which capabilities can or can’t be replaced by AI. Trust, but verify.”
What AI means for most people right now, the use of large language models (LLMs), is not the end state for the technology, according to Kaimar Karu, one of the authoring team for the ITIL: AI Governance white paper. However, LLMs’ current use, while enabling automation on an unprecedented scale, can be unreliable in unexpected ways:
“LLMs, and their failures, are unpredictable in nature and we don’t have the reliable mechanisms to deal with them yet; results that may be meaningful in one instance won’t necessarily be meaningful in another,” Karu said.
The risk of the current evangelism around AI, Karu added, is that some vendors are selling it as a panacea that will solve everything, while relegating the practical realities of using it far down the list of considerations.
Human or AI, a binary choice?
A recent LinkedIn post from ITIL Master, Paul Brandvold, cited the experience of organizations that chose to replace people with AI:
“Klarna replaced around 700 customer service roles with AI in 2024. Customer satisfaction dropped. By 2025, they were hiring humans again. The CEO admitted they had gone too far. Commonwealth Bank of Australia replaced 45 customer-facing roles with a voice bot.
Instead of fewer calls, volumes went up. They apologized and offered people their jobs back.”
However, he added, IBM “took a different path”: “automated large parts of HR, reduced some roles, then redirected hiring toward areas where AI could not replace judgment, context or decision-making.”
This, Cannon explained, showed how “AI doesn’t replace institutional knowledge, which depends on perception and judgement of a situation, reading context and understanding intention. AI replacing people should free up people to be people; taking the stuff that’s routine and automating it so people can focus on other things.”
Indeed, Karu added, some organizations introducing AI in lieu of people made redundant are actually eliminating jobs that were never creating value for the business.
People’s perennial skills and knowledge in the age of AI
Shifting the responsibility for creating and managing digital products and services from people to AI may create more problems than it solves.
Someone, Cannon observed, might tell an AI bot to create a piece of code for a particular purpose, but do they test it and check it for accuracy? Where does it fit in the organization’s application portfolio? And, if the person leaves the organization, what remains is legacy code, which is wasteful and inefficient.
“LLMs used for coding, regardless of the complex systems they can build, are still working at the level of a junior developer with comprehension problems,” Karu said.
“An employee creating a proof of concept for a business function can provide a description to an LLM. However, they find that describing requirements is actually difficult: the AI makes assumptions and may build something that works, but improving that over time in a reliable way, making it enterprise-ready, and ensuring security considerations have been addressed is where it often gets tricky.”
“Equally”, he added, “using LLMs for analysis or reporting can result in hallucinations if the AI can’t access the necessary data, making it too unpredictable to use for anything business critical at this stage”.
Ultimately, the necessity for human intervention remains.
“Developers are still needed for business analysis; you can’t replace understanding of what you’re coding,” Cannon said. “Though the coding itself may be replaced, verifying, testing and quality assurance have become more important than ever before, as you need to make sure the code works before deploying it.”
The AI-native approach in ITIL (Version 5)
How does ITIL’s approach to AI recognize and enable the human dimension necessary to govern AI properly and effectively?
First, it recognizes the velocity that AI has introduced: “Today, there isn’t a neat line between development and operations/products and services, the two lifecycles are now rapidly combined,” Cannon said.
“Instead, there’s development work happening on services at the same time as operational work on products, and the speed of AI is changing that.”
Activities traditionally residing in the three enterprise layers of business, product management and technology development, Karu explained, are in flux: while elements of product management are moving to the business layer, IT, in the traditional sense, becomes more of a platform function with shared components, such as hardware, software and data lakes that need managing as services.
Meanwhile, the additional challenges AI brings include shadow IT, technology sprawl and the fact that it can be deployed by anyone in the organization using a digital tool – often leaving IT to pick up the pieces when things go wrong.
As product and service management are vital to making an entire digital enterprise work, ITIL (Version 5) applies all the lifecycle steps to both products and services. “The question of whether something is a product or service in some ways doesn’t matter anymore. The concerns and considerations often overlap and forces should be joined rather than pulled apart. It’s about what you’re trying to achieve.” Karu added.
“The concept of why ITIL was needed originally is as strong today. The difference is the speed, but the need for enabling governance and collaborative practices are just as important.”
Cannon sees ITIL (Version 5) reinforcing technology management disciplines in a new context:
1. The combined product and service lifecycle: By following this concept, an organization is better placed to leverage AI while avoiding security issues.
2. ITIL management practices: Practices remain relevant and flexible enough to be updated as the context evolves.
3. ITIL AI governance guidance: this enables conscious decisions about what you want AI to do and how to introduce it in a controlled way; understanding business problems, where AI might help and then designing guardrails to not expose the company to risk. Ultimately, the question is: how much power do you want to give to automation?
Dr Arun Kumar Singh added: “ITIL (Version 5) provides the operating model to manage adaptive, learning services—aligning automation with risk, integrating AI into the value chain and ensuring outcomes remain predictable, compliant, and value-focused.
“Perhaps most importantly, ITIL (Version 5) restores human accountability. AI can recommend, correlate, and predict, but ITIL insists someone still owns the decision, the risk, and the impact on experience.
“That ownership is what keeps AI augmentation from becoming AI abdication. In that sense, ITIL (Version 5) doesn’t slow AI adoption; it disciplines it.”