Ivanti Blog

The Invisible IT Department: How to Deliver Friction-Free Experiences with Agentic AI

Thu, 18 Jun 2026 19:42:35 Z

Every enterprise has bought AI, but many are still waiting for their investment to pay off. Ivanti’s 2026 AI Maturity Report found that only 2% of organizations say they currently have no AI use at all. As the majority of organizations move beyond the AI experimentation stage, the real competitive differentiator is if that AI is providing continuous, business value at scale.

Companies deploy chatbots that users ignore. They implement agents nobody trusts and roll out "AI-powered" tools that employees end up working around or disregarding personal, shadow AI tools. The problem isn’t what AI can do. It’s what you’re asking users to do with it. Most organizations approach AI as a feature to deploy rather than an experience to design. They focus on what AI is capable of instead of what users actually need. The result is another shelfware solution that generates more frustration than value.

Digital experience is the missing link that separates successful AI deployments from failed ones. Organizations that prioritize the AI user experience can identify the implementation pitfalls that kill user trust and develop a practical framework for deploying agentic AI that delivers improvements without interruptions. AI and IT work at their best when they serve as invisible superpowers. Users don't notice the technology; they notice how effortlessly they accomplish their work.

The AI adoption paradox

MIT research suggests that roughly 95% of enterprise AI initiatives fail to deliver measurable ROI with most stalling in pilot mode rather than scaling into real business value.

How it happens: Leadership greenlights an AI initiative, IT deploys the technology, training sessions are scheduled, adoption metrics are tracked, and within six months...nobody is using it. The chatbot goes dark, the AI assistant sits idle, and your employees develop workarounds to avoid the very tools that were supposed to make their lives easier.

This isn't a failure of change management, but the result of failing to understand what users actually experience when you layer AI on top of all their other workplace technology.

Users don't want AI for AI's sake. They want their laptop to boot faster, applications that don't freeze mid-presentation, video calls that don't lag, and issues to resolve before they notice something wrong. When you force them to interact with an AI interface to get those things, you've already lost.

Read More: How Agentic AI for ITOps Unlocks Value at Scale

Why most AI implementations fail on user experience

Walk into any enterprise IT environment and you'll find the same pattern. The AI implementation checklist gets followed religiously:

Technology vendor selected
Platform deployed
Integrations configured
Users trained
Go-live achieved

But six months later, the reality sets in. A 2025 EY survey found that 64% of employees reported increased workloads despite AI deployments, while only 5% said they were maximizing AI to actually transform their work.

IT did everything right according to the playbook, but what went wrong is that the playbook was written by people selling AI, not people using it.

Consider the typical AI chatbot deployment meant to "empower self-service" and "reduce ticket volume." In practice, means employees who used to send a quick Slack message to IT now must:

Navigate to a separate portal
Figure out how to phrase their question in a way the bot understands
Parse through irrelevant knowledge articles the AI surfaces
Eventually give up and submit a ticket anyways, now irritated and fifteen minutes behind schedule

The ticket still gets created, and the problem still needs solving, but now there's friction where there wasn't before because you've added steps, not subtracted them.

This is the fundamental mistake: treating AI as an interface users engage with instead of infrastructure that works for them. The moment you ask users to change their behavior to accommodate your AI, you're building resistance, not adoption.

Digital experience: where AI proves its value

The organizations getting real value from AI have stopped asking, "How do we get users to adopt this AI tool?" and started asking, "How do we use AI to improve what users already do?" It's a subtle shift with massive implications.

In digital experience management, AI doesn't sit between the user and their work. It sits between the user and the chaos: i.e. the performance degradation, the application failures, the mysterious slowdowns, the issues that haven't surfaced yet but will in the next 30 minutes.

This is where agentic AI fundamentally changes what's possible. Traditional monitoring tools alert humans when something breaks. But agentic AI prevents the break before it happens. It's the difference between a smoke detector and a fire suppression system.

Traditional IT operations measure incident responses in hours or even days. Agentic AI with autonomous remediation is fundamentally changing this equation, shrinking mean time to resolution from hours to minutes or seconds by detecting patterns and executing fixes before problems escalate.

Here's what that looks like in practice:

Traditional IT Ops:

A user's laptop starts showing early signs of disk failure.
Traditional DX tools flag the issue and create a ticket.
An IT analyst would review the alert, assess severity, schedule maintenance, and eventually reach out to the user.
Total time to resolution: multiple days.
Impact on your organization: planned downtime, data migration, and productivity loss.

Agentic AI

With agentic AI, the pattern gets detected before the user notices anything wrong.
The agent autonomously triggers automated backup processes, provisions a replacement device, stages the user's applications and data, and schedules the swap during a low-activity period.
The user gets an email: "Your new laptop will be waiting at reception tomorrow morning. Your existing setup has been transferred."
No ticket created or escalation needed or interruption experienced.

It’s the same problem, but with a radically different experience.

Building a friction-free AI implementation framework

Achieving invisible AI requires rethinking how you deploy, measure, and scale digital experience initiatives. Organizations seeing real ROI from agentic AI follow a consistent pattern that prioritizes experience over features.

Start with pain, not possibility

The worst AI implementations begin with the question, "What can this AI do?" The best ones start with, "What's currently painful, repetitive, or needlessly slowing users down?

Map your digital experience pain points before you map AI capabilities:

Where do users wait the longest for issue resolution?
Which problems generate repeat tickets?
What performance degradations happen predictably but aren't caught proactively?
Where does IT spend the most time on tasks that don't require human judgment?

These are user experience problems that AI can eliminate, not just “AI use cases,” and the distinction matters. When you start with pain, you end up with solutions users want.

Deploy AI behind the experience

Users should never need to decide whether to engage with your AI because that's your job as the implementer. In practice, this looks like:

Autonomous agents that detect and resolve issues before help is needed vs. A bot that users need to ask for help.
Predictive insight engine that pushes solutions to users before they search vs. A self-service portal with AI-powered search.
Self-healing systems that execute recommendations automatically within approved guardrails vs. AI-powered recommendations users have to action.

The pattern is consistent, and it’s to reduce user decision points, eliminate extra steps, and remove the need for extensive AI literacy. Your agentic AI should require zero user training because users should never directly interact with it.

Measure user experience, not AI performance

Here’s where most implementations go sideways: they measure AI performance instead of user outcomes

If you're tracking the number of AI interactions, AI response time, model accuracy scores, or automation rate, you're measuring the wrong things.

Instead:

Track reduction in mean time to resolution for end-user issues. Ivanti’s 2026 AI Maturity Report found that 45% of IT workers say AI has made their work faster and better.
Track user-reported satisfaction with IT responsiveness.
Track the percentage of issues resolved before users notice.
Track time saved on repetitive requests.
Track reduction in ticket volume, not because you're deflecting issues but because you're preventing them.

The governance framework that enables AI autonomy

The thing that actually slows down most agentic AI deployments isn’t a technical problem — it’s getting stakeholders comfortable with AI acting without being asked permission first.

Autonomy Tier	Risk Level	Example Actions
Full Autonomy	Low	Cache clearing, service restarts, performance optimization, routine patching
Autonomy with Notification	Medium	User profile resets, application reinstalls, driver updates
Human Approval Required	High	Major configuration changes, data migrations, infrastructure modifications
Human-Led, AI-Assisted	Critical	Security incident response, compliance decisions, budget approvals

The key is recognizing that "high-risk" shrinks over time as AI agents prove reliability and as your monitoring detects patterns you didn't initially anticipate. Organizations that treat AI governance as static end up with AI that can't do enough to matter. The ones that treat governance as dynamic end up with AI that continuously expands its impact while maintaining safety.

What success looks like

Organizations implementing AI-powered service experiences are seeing meaningful satisfaction gains. PwC research found that leading implementations have achieved 10-15% NPS improvements alongside operational efficiencies.

The conversation around AI changes. Users stop talking about IT as something that gets in their way and start not talking about IT at all, which is precisely the point. IT becomes infrastructure: invisible, reliable and present only when intentionally needed.

Your service desk sees the shift first, like:

Ticket volume drops not because you're deflecting issues but because you're preventing them
Escalations decrease because AI catches and resolves problems at progressively earlier stages
Analyst time reallocates from reactive firefighting to proactive system improvement
Mean time to resolution compresses because remediation often happens faster than detection did under the old model

For end users, the experience is simpler: things work, applications are responsive, systems are available, and slowdowns don't cascade into failures. And the mysterious performance issues their colleagues complain about somehow don't happen to them, not because they're lucky, but because AI agents are continuously optimizing their experience in ways they never see.

This is the real adoption metric is when users stop thinking about IT. Not because they're ignoring it, but because there's nothing to think about.

The real choice: invisible AI or ignored AI

Every organization will deploy AI in digital experience management. The question isn't whether, but how, and more importantly, whether users will actually benefit or just have another tool foisted on them.

This requires fundamentally rethinking how you implement, measure, and scale AI initiatives. Get this right, and you transform how your organization perceives IT, to competitive advantage instead of cost center, to proactive enablement instead of reactive firefighting, to invisible infrastructure that just works instead of necessary overhead.

The best AI, like the best IT, is the kind you never see. Users don't experience your technology, but they experience the absence of problems. And that's precisely the point.

Ready to improve your digital experience with agentic AI?

Discover how Ivanti Neurons for ITSM deploys agentic AI that works behind the scenes, predicting issues, resolving problems autonomously, and optimizing experiences before users notice anything wrong.

Shadow IT and Discovery AI Blind Spots: What Legacy Tools Miss

Mon, 15 Jun 2026 13:32:02 Z

Ask three teams what assets exist in your environment, and you’ll get three different answers. Most organizations don’t lack tools. They lack agreement on what actually exists in their environment. Asset, endpoint and cloud data exist — but it’s fragmented, stale and trusted differently by teams across every department and function.

The reason for this disconnect? In the AI era, environments are changing faster than legacy discovery is built to handle. Cloud workloads spin up and disappear in minutes, often provisioned automatically for testing, scaling or short-term projects. But the gap is now widened even more by AI services, copilots, APIs and embedded models — as well as browser-based tools and automation workflows — that teams adopt without going through standard IT provisioning.

By the time traditional discovery tools scan the environment, these resources may already be gone or they may never appear in the systems IT relies on as a single source of truth — leaving no record, no owner and no shared operational context. Meanwhile, SaaS adoption continues to rise across every department, remote devices rarely touch the corporate network, and identities, integrations and data flows now matter just as much as devices. Yet many organizations still rely on discovery approaches built for a world of static endpoints and predictable perimeters.

The result is partial visibility at best and growing blind spots everywhere else.

In 2026, the visibility gap is now a chasm — and the data is clear. According to Ivanti’s autonomous endpoint management research, 45% of IT professionals report lacking sufficient data about shadow IT, and 38% say they have insufficient data about devices accessing the network. This problem is amplified in cloud environments.

According to 2025 research from SecPod revealed that 67% of organizations struggle with blind spots across their cloud asset inventories, reinforcing that even organizations with modern IT and security tools still operate with incomplete visibility.

These blind spots create more than gaps in inventory. When teams can't agree on which assets are real, active or decommissioned, IT and security work on conflicting timelines. Incident response slows. Exposure prioritization breaks down. Security teams chase alerts without context. IT leaders burn hours reconciling spreadsheets instead of reducing risk.

What makes this especially costly is not just missing data, but delayed action. When teams can’t trust what exists in their environment, every response slows down: incidents take longer to resolve, audits require manual reconciliation, and risk decisions are made with incomplete context. Visibility gaps don’t just increase exposure; they consume time, attention, and operational confidence across IT and security.

Across Ivanti’s experience working with large hybrid enterprises, a clear pattern has emerged. Visibility gaps rarely exist because teams fail to deploy discovery, but because those tools were never designed to share or reconcile data at the speed modern environments demand.

Legacy tools are not simply outdated. They're fundamentally incompatible with the speed and complexity of modern IT.

Where legacy tools fall behind

The limitations of legacy discovery tools fall into five categories, each compounding the others:

Fragmented visibility

According to Ivanti’s 2025 Securing the Borderless Digital Landscape Report, every 2 in 5 edge devices are currently outside of IT management and oversite. Today, nearly every organization has unauthorized cloud accounts, yet traditional discovery solutions don’t reflect this reality. Most point tools capture only one slice of the environment, but they rarely reconcile them into a shared operational view. For IT directors, this fragmentation means juggling multiple dashboards during outages and audits. For CIOs, it means wasted spend and delayed decisions. When no team trusts the data enough to act confidently, the entire organization slows down.

Dependence on agents

Agent-based discovery still plays an important role in modern IT, especially for collecting rich telemetry from managed endpoints. The problem arises when discovery becomes agent-based only. In hybrid environments, many assets cannot support an agent. Temporary cloud workloads may exist for minutes or hours. SaaS applications and managed services do not allow agent deployment at all. Contractor devices, personal endpoints and unmanaged systems often fall outside corporate control policies.

As a result, these assets never appear in inventories that rely exclusively on agent-based collection. The flaw isn't with agents themselves; it's with relying on a single collection method that can't account for the full scope of modern environments.

This structural limitation directly contributes to the visibility gaps organizations continue to face. According to 2025 research from Trend Micro, nearly 3 in 4 organizations have experienced security incidents caused by unknown or unmanaged assets. These figures demonstrate how agent-only discovery consistently leaves significant areas of the environment unmonitored.

Ivanti’s 2025 Digital Employee Experience Report found that 27% of office workers regularly use unauthorized tools and applications, often out of frustration with employer-provided technology. This behavior expands the attack surface faster than traditional discovery methods can respond.

Risk and exposure blind spots

When parts of the environment remain unseen, organizations lose the ability to maintain consistent security controls. Unmonitored devices, unrecognized cloud resources and unsanctioned SaaS services often bypass patching, configuration baselines and policy enforcement. These blind spots open pathways for attackers to exploit misconfigurations, unpatched workloads or forgotten assets.

Slow, point-in-time scanning

Periodic scans cannot keep up with cloud velocity or SaaS churn. SecPod found that only 42% of organizations have real-time monitoring, leaving large windows where misconfigurations go undetected. High‑profile incidents involving exposed cloud storage buckets, unsecured API endpoints and misconfigured access controls continue to show how short‑lived or poorly tracked resources can introduce risk long before teams are aware they exist.

Manual reconciliation

Data from spreadsheets, ITSM, CMDBs and disconnected tools rarely align. According to 2025 cybersecurity research by Bedrock Security, 82% of organizations report visibility gaps across their asset landscape, driven by fragmented data sources and inconsistent ownership. These blind spots make it difficult to normalize and reconcile cloud, SaaS and on-premises inventories, leaving security and IT teams unsure whether their asset data is complete or accurate.

These limitations slow operations, weaken security and create persistent blind spots across the entire estate — the exact issues that legacy discovery tools were never designed to solve.

A platform-governed visibility model for a modern world

Simply scanning more often or deploying another point solution won't close the visibility gap. Today's environment demands a fundamentally different approach.

Modern environments require a shift from periodic discovery to continuous, shared intelligence that multiple teams can trust. A platform-governed visibility model establishes a shared system of record for asset and configuration data across IT and security — one that continuously normalizes, reconciles and distributes trusted operational context.

Active and passive discovery work together to surface managed devices, unmanaged endpoints, cloud workloads, SaaS apps, remote assets and the identities connected to them. In practice, this requires a shared operational data foundation that can govern asset and configuration intelligence across systems, so teams are working from the same views rather than fragmented or conflicting records.

Core platform data and system of record

The Ivanti Neurons Platform serves as the authoritative operational data layer for IT and security, governing assets, endpoints and configuration state through a continuously updated system of record. This platform-governed operational data layer maintains a continuously updated view of asset and device inventory, support context and relationships, and software estate information.

A continuous discovery engine continuously ingests signals from across the environment and normalizes, deduplicates, and reconciles them into clean, consistent operational data. This governed data foundation is what automation and AI rely on to act safely and accurately, ensuring decisions are based on current operational reality rather than fragmented or conflicting inputs.

When execution systems consume this platform governed data, teams can act with confidence across IT and security. Where IT service management is in scope, this same operational data can extend into ITSM and CMDB workflows, while also supporting ITAM use cases such as lifecycle tracking and software entitlement management.

Normalize and reconcile continuously

A unified intelligence layer cleans, deduplicates, and correlates records and usage signals from every source, creating a shared, continuously updated asset dataset suitable for operational audit needs.

Map exposures to real assets

Exposure aggregation links vulnerabilities and misconfigurations to the exact devices, users and service owners affected — improving vulnerability prioritization and accelerating remediation.

Turn visibility into action

As environments continue to evolve faster than traditional tools can respond, organizations must rethink how visibility is achieved and shared. The path forward does not begin by replacing every tool, but by establishing a trusted visibility foundation that integrates with existing systems and enables better decisions everywhere else.

This live, platform-governed visibility foundation enables Autonomous Endpoint Management. Powered by the Ivanti Neurons Platform, it acts with confidence — triggering remediation, patching, configuration enforcement and self-healing based on verified operational state.

For organizations constrained by legacy discovery approaches, this means:

Shifting from periodic snapshots to continuous intelligence.
Moving from isolated tools to shared context.
Replacing manual reconciliation with automated trust.

Modern, platform‑governed discovery doesn’t just improve visibility. It creates conditions for action — where insight can reliably trigger remediation, automation and verification instead of stalling in dashboards.

Ready to eliminate blind spots for good? Explore how the Ivanti Neurons Platform establishes trusted asset and configuration visibility and enables autonomous endpoint management, exposure management and ITSM workflows to act on governed operational data across hybrid environments.

How Agentic AI is Transforming Infrastructure and Operations

Thu, 11 Jun 2026 13:35:04 Z

Infrastructure and Operations (I&O) teams have long operated under a familiar paradox: the faster the business scales, the more pressure I&O absorbs. Every new application deployment, every endpoint added, and every cloud workload spun up generates more complexity, more risk and more tickets.

The traditional responses to this pressure — more headcount, more tooling, more scripts, more APIs — have delivered incremental relief at best. Yet, the core structural problem, the underlying architecture of reactive operations, has remained stubbornly intact. Until now.

Agentic AI reinvents that architecture entirely.

AI in IT and Operations (I&O) has transcended the assist-and-suggest phase. Autonomous agents capable of reasoning, planning, executing and learning are now operational and not just future roadmap items. Organizations that are intentionally deploying agentic AI are already seeing significant benefits. Our 2026 AI Maturity research report found that 57% of IT organizations are using agentic AI for several important IT workflows, with 17% relying on it for extensive end-to-end processes. This deployment is leading to a compression of resolution times from hours to minutes and the deflection of thousands of manual tickets per quarter.

Moreover, 89% of organizations that have scaled AI to a broad or business-critical level reported that AI frequently helps their teams detect issues before end users are even aware, compared to 43% in the early experimentation stage. This shift is changing I&O from a reactive to a proactive and intelligent posture.

The question that remains is how quickly can your organization make the transition to implementing agentic AI in your I&O environment at scale?

Learn More: Transform IT with Agentic AI: the Dawn of Accelerated, Autonomous Service

Why we’ve reached the ceiling of traditional automation

To understand the significance of Agentic AI, it helps to appreciate what came before it and why it was never enough.

Traditional automation in I&O has been enormously valuable. Runbooks codified institutional knowledge. Scripts standardized repetitive processes. Robotic Process Automation (RPA) bots handle structured rules-based workflows. These tools reduced manual effort at the margins and allowed teams to do more with the same headcount. But they were always fundamentally brittle — dependent on explicit instructions, incapable of adapting to novel situations and unable to act without a human hand at the wheel.

Consider a classic scenario: a patch deployment fails on a subset of endpoints at 2 AM. A rule-based automation might log the failure and create a ticket. A more complex script might attempt a retry. But neither can diagnose whether the failure stems from a conflicting application, a corrupted agent, a network segmentation issue or a policy configuration drift. Neither can adapt its remediation strategy in real time. Neither can communicate context to the service desk, update the CMDB or escalate intelligently based on the criticality of the affected assets. A human engineer gets paged. The cycle continues.

This is the ceiling of traditional automation: it executes instructions, but it doesn't think. It automates tasks, but it can't orchestrate outcomes. And as infrastructure environments have grown exponentially more complex — spanning on-premises, multi-cloud, edge and hybrid architectures — the gap between what rule-based automation can handle and what I&O teams need has widened into a chasm.

Agentic AI is the answer to filling that gap.

What agentic AI means for I&O

Agentic AI systems can independently set goals, develop plans to achieve them, take multi-step actions across tools and systems, evaluate outcomes, and adjust their approach — all without requiring human intervention at each step. Unlike a chatbot that answers a question, or a script that executes a predefined workflow, an agentic system is goal-driven and adaptive. It operates across the full lifecycle of a task, from identification through resolution.

In the I&O context, this means an autonomous agent can do what previously required either a skilled engineer or a complex, fragile chain of automation scripts: correlate signals from disparate monitoring systems, identify the root cause of an incident, execute the appropriate remediation, verify that the fix worked, update the relevant records, and close the loop — all in the time it'd take a human to open a ticket.

The shift isn't just operational; it's philosophical. We move from a model where humans initiate action and automation executes it, to a model where intelligent agents start, execute, and verify action — and humans provide oversight and governance. For I&O leaders, this isn't a threat to the team. It's the greatest force multiplier your team has ever had.

Agentic AI powers I&O at scale

The service desk ticket queue is the most visible symptom of an I&O function under strain. Password resets, software installs, access provisioning, connectivity troubleshooting — these high-volume, low-complexity requests consume a huge share of analyst time and drive up operational costs. They're also deeply frustrating for employees who need resolution now, not after a 48-hour SLA window.

Learn More: Ticket Taker to Team Leader: Managing an Agentic IT Workforce

Eliminating the tyranny of the ticket queue

Agentic AI eliminates the queue as a bottleneck. Imagine having a conversational AI agent, like Ivanti Neurons AI Self Service Agent that not only retrieves an answer from a knowledge base — it validates identity, checks compliance policy, executes the provisioning workflow, confirms the change in the system of record, and notifies the requestor, all within minutes. The ticket never reaches a human analyst. The analyst's time is reclaimed for work that requires human judgment.

Now imagine giving an analyst more time to handle complex tasks. An agentic AI digital teammate, that works alongside a human agent to assist with proactive insights, advises about the best way to resolve the issue, and automates with intelligent actions.

Organizations deploying Agentic AI across their service desk consistently report significant reductions in ticket volume — often within the first year of deployment and compounding further as the system matures and learns. That's not automation in the traditional sense. That's intelligent orchestration at scale.

Proactive remediation before users feel the impact

The most expensive incidents in I&O are the ones that could have been prevented. Disk capacity that wasn't observed until it hit 100%. Certificate expirations that weren't tracked until services dropped. Software vulnerabilities that weren't patched until they were exploited. These failures were almost always predictable in retrospect — the signals were there. The problem was that no one was watching everything, all the time.

Autonomous Endpoint Management with agentic AI continuously monitors telemetry across endpoints, networks, applications and cloud infrastructure. The agents detect anomalies, correlate weak signals and begin remediation before an issue surfaces as an outage or a security incident. A disk trending toward capacity gets expanded. An expiring certificate gets renewed. A vulnerable endpoint gets patched during its next maintenance window, before exploitation becomes a risk.

This shift from reactive to proactive is the highest-value capability Agentic AI brings to I&O. It doesn't just reduce the cost of incidents — it prevents the incidents, the downtime, the business disruption and the reputational damage that accompany them. For I&O leaders, this shift redefines what operational success looks like. It moves the measure from mean time to resolution — a reactive metric — to mean time to prevention: how often your environment detects and corrects before business impacts occurs.

Scaling without scaling headcount

Enterprise IT environments are growing faster than IT budgets. The ratio of endpoints to engineers continues to widen. Cloud workloads multiply. Security requirements intensify. In this environment, the traditional lever of "hire more people" is neither financially sustainable nor operationally sufficient — the talent market simply can't supply the volume of skilled engineers required.

Agentic AI redefines the scaling equation. An autonomous agent doesn't have standard working hours, cognitive bandwidth limits or onboarding timelines. It can handle hundreds of concurrent tasks across thousands of endpoints without degradation in performance or quality. As the environment grows, the agent scales with it — not linearly, but exponentially. One well-configured autonomous agent can cover the workload previously distributed across multiple junior analysts, freeing senior engineers to focus on architecture, innovation and strategic initiatives rather than routine remediation.

This isn't about replacing people. It's about enabling them to operate at the level their skills deserve.

The system of record as the foundation for success

Deploying Agentic AI effectively requires more than a capable AI engine. It requires a trusted, comprehensive foundation of data — and that foundation is your system of record built into the Ivanti Neurons foundation, which contains an authoritative source of data including device intelligence, vulnerabilities and exposures, software inventory and service management information. A system of record that knows what assets exist, who owns them and are they compliant.

A system of record in the I&O context is the authoritative source of truth for your IT environment: every hardware and software asset, every configuration, every relationship, every policy, every change. It's the intelligence layer that enables an autonomous agent to make decisions with confidence. Without it, an agent operating in your environment is guessing. With it, it's reasoning from fact.

The most effective system of record for agentic AI in I&O brings together several critical elements. Configuration Management Database (CMDB) data must be accurate, current, and enriched — not the stale, manually updated repository that most organizations have inherited, but a dynamically maintained record of your actual environment. IT Asset Management (ITAM) to manage assets from creation to disposal and ensure accurate ownership is maintained.

Service management workflows must be fully integrated, so agents can create, update and resolve tickets as part of their execution flow. Identity and access data must be accessible, enabling agents to make policy-compliant decisions about provisioning and entitlement. And telemetry streams from monitoring, vulnerability and performance tools must flow into a unified context that agents can query in real time.

When these elements are in place, autonomous agents operate with precision. They know which assets are critical and which aren't. They know which changes require approval and which fall within defined automation boundaries. They know the history of an asset — previous failures, pending patches, installed software, active vulnerabilities — and they apply that context to every decision.

Organizations that attempt to deploy Agentic AI without investing in their system of record typically find that their agents produce inconsistent results or require constant human correction. The AI is only as intelligent as the data it has access to. Investing in data quality and integration isn't a prerequisite that can be deferred — it's the work that determines whether Agentic AI delivers transformative value or marginal improvement.

Business value: beyond efficiency metrics

The operational benefits of Agentic AI in I&O are compelling on their own terms. Faster resolution times. Lower ticket volumes. Reduced mean time to detect and remediate. These are metrics that resonate with I&O leaders and that justify the investment on a pure cost-efficiency basis.

But the business value extends well beyond the service desk dashboard.

When I&O teams are freed from reactive, repetitive work, they redirect their capacity toward the initiatives that drive competitive differentiation: accelerating application deployment, hardening security posture, enabling digital transformation programs and building the resilient, scalable infrastructure the business needs to grow. The I&O function evolves from a cost center absorbing operational noise into a strategic enabler shaping business outcomes.

Employee experience is an often-underappreciated dimension of this value. When employees receive instant, intelligent responses to their requests instead of days-long ticket queues, their productivity increases and their frustration with IT decreases. In a world where employee experience is a competitive differentiator for talent acquisition and retention, a frictionless, responsive IT function is a genuine business asset.

Agentic AI also delivers meaningful risk reduction. In an environment where a single ransomware incident can cost millions in downtime and remediation, and where regulatory penalties for security non-compliance are accelerating, proactive vulnerability management and automated policy enforcement provide quantifiable risk mitigation that resonates far beyond the IT organization at the board level and in the CFO's office.

Finally, agentic AI compounds in value over time. Every interaction, every resolution, every escalation decision generates data that improves the agent's future performance. Unlike static automation that degrades as environments change, agentic systems adapt and improve — delivering increasing returns on the initial investment.

The path forward

Infrastructure and operations are undergoing a pivotal transformation. The systems we oversee today are more intricate, widespread and vital to business success than ever before in the realm of enterprise IT. Demands on I&O are at an all-time high. However, the conventional operating model, which relies on reactive manual interventions and fragile rule-driven automation, has reached its maximum potential.

Agentic AI offers a fundamentally better model: one where intelligent, autonomous agents handle the high-volume, time-sensitive and increasingly complex work of infrastructure management — continuously, accurately and at scale — while your engineers focus on the strategic work that makes your organization more competitive and resilient.

Organizations investing in this capability today aren't simply improving their IT operations. They're building an I&O function capable of meeting the demands of the next decade of enterprise technology. We believe that's the standard every I&O leader should be building toward — and that Agentic AI is the most powerful tool available to get there.

Explore how Ivanti's Agentic AI capabilities are helping I&O teams transform their operations in Navigating the Shift to Agentic AI in IT Service Management.

June 2026 Patch Tuesday

Tue, 09 Jun 2026 21:27:02 Z

Source: Graph generated using Claude (Anthropic) on June 9, 2026, based on author-designed prompts and dataset by Chris Goettl.

You may have seen or heard a reference to the Patch Apocalypse, if not, you can dig into some more details here. The graph above shows a sample of several of the top vendor applications in all our environments. You can see a trailing twelve-month history of the number of CVEs resolved each month in these applications. Prior to February 2026, the scariest thing each month was the OS updates. Microsoft, Apple, Android, Linux flavors of every kind. This was the foundation that organizations built their monthly maintenance around and really focused on Patch Tuesday as the starting point of that monthly maintenance.

Looking at the three dotted lines on the graph you can see February was the first month when that blue line representing the Microsoft Windows OS started to see some competition. This was the first attribution of CVEs discovered by AI tools. In April, the second dotted line, we witnessed the announcement of Project Glasswing and a significant spike in CVEs discovered.

Fast forward to June Patch Tuesday and we see a massive green line next to a massive blue line. This is Google Chrome and Microsoft Edge (Chromium) which released a pair of updates already in June resolving over 500 CVEs in total including a zero-day exploit (CVE-2026-11645). Today, we are in the Patch Apocalypse. The Patch Apocalypse is now.

This is not intended to be a scare tactic. It is meant to outline the challenge that many organizations were anticipating, but the new generation of LLMs has accelerated significantly in the first half of 2026.

There are going to be more CVEs resolved by vendors at a faster and more continuous pace than we have ever seen previously. Unfortunately, this will also include more zero-day and n-day exploits than previously seen as well. The window from release from a vendor to exploitation had already shortened to 5 days as of 2023 threat intelligence data.

Many vendors have been acknowledging the need to utilize AI tools in their security research to identify and resolve security flaws in their products. Oracle recently announced their move to include the CSPU or monthly security update, which June will be the second instance of that new release cadence. Google Chrome had already moved to a weekly cadence back in 2023. Mozilla has typically released one to two security releases each month and is now tracking a nearly weekly cadence now as well.

Ivanti is tracking a 30-40% increase in patches released each month across the vendors supported in our Patch Catalog and we anticipate this to continue to accelerate for a while until we reach a new stable threshold, but the expectation is that this is not a spike. It is the new normal.

With that we return to the regularly scheduled June 2026 Patch Tuesday for a point in time update. Microsoft has resolved 198 CVEs, Google Chrome resolved 74 including the zero-day exploit (CVE-2026-11645), and Adobe resolved 123 CVEs across 11 updates.

I feel a bit desensitized at this point, but need to call it out that this is the largest CVE count resolved by Microsoft in a single Patch Tuesday. October 2025 was the previous high at 175 CVEs resolved. It seems inconsequential compared to CVE compared to the Chrome and Edge CVE count of 429 in the June 3, 2026 update from the prior week.

Expanding the conversation to the continuous release challenge: Based on Ivanti’s Patch Catalog, a quick tally of security related updates between May and June Patch Tuesday’s included 89 updates resolving 513 CVEs (Chrome and Edge are de-duplicated in this count). These updates should be included in your upcoming maintenance if you don’t have a continuous update approach in place today.

These releases include multiple releases for all major browsers (Chrome, Firefox, Edge, Opera, etc), PDF editors and viewers (Foxit, Adobe, Nitro), development tools (Node.js, VSCodium, Docker), common utilities and apps (Notepad++, PuTTY, PyCharm, Wireshark, Splunk UF), productivity and telecommunications apps (Teams, Zoom) and more.

Microsoft’s publicly disclosed vulnerabilities

Microsoft resolved a Security Feature Bypass Vulnerability in Windows Bitlocker (CVE-2026-50507). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 6.8, but has been publicly disclosed. The CVE lists exploit code maturity as Proof-of-Concept which puts this at a higher risk of exploitation. An attacker with physical access could use this vulnerability to bypass a security feature gaining access to encrypted data.

Microsoft resolved a Denial-of-Service Vulnerability in HTTP.sys (CVE-2026-49160). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.5, but has been publicly disclosed. The CVE lists exploit code maturity as unproven meaning to sample code was disclosed at the time this was released. An unauthorized attacker could take advantage of uncontrolled resource consumption in HTTP/2 to cause a denial of service over a network.

Microsoft resolved an Elevation of Privilege Vulnerability in Windows Collaborative Translation Framework (CVE-2026-45586). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but has been publicly disclosed. The CVE lists exploit code maturity as unproven meaning to sample code was disclosed at the time this was released. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges on the target system.

Ivanti security advisories

Ivanti has released two security updates for June. The updates affect Ivanti Endpoint Manager Mobile and Ivanti Sentry and resolve a total of four CVEs. More details and information about mitigations can be found in the June Security Advisory.

Third-party vulnerabilities

Adobe released 11 updates resolving 123 CVEs. Adobe has prioritized the ColdFusion update as the highest priority.

Google Chrome resolved 74 CVEs in the latest Chrome update including a zero-day exploit (CVE-2026-11645). This comes on the heels of the largest Chrome release on June 3 that resolved 429 CVEs. Microsoft Edge also needs to be updated to resolve these CVEs.

June update to-do list

Google Chrome and Microsoft Edge are the top priority this month to resolve 500+ CVEs resolved in the past week and a zero-day exploit (CVE-2026-11645).
The Windows OS update is the next highest priority as it resolves over 110+ CVEs depending on edition.

June 2026 Security Update

Tue, 09 Jun 2026 14:06:32 Z

Ivanti releases standard security patches on the second Tuesday of every month. In today’s rapidly evolving technology and threat landscape, we believe responsible transparency should be a cornerstone of any product security program. AI is compressing the time-to-exploit, and Ivanti uses leading technologies to proactively find and fix issues ––including integrating advanced LLMs into our Engineering and product security to enhance the capabilities of our teams.

Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) and Ivanti Sentry.

It is important for customers to know:

We have no evidence of these vulnerabilities being exploited in the wild.
These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in the Security Advisories:

How AI will affect vulnerability disclosures in our products

Ivanti continues to explore, test, and implement leading technologies and processes in every stage of our product development. In recent months, our security team began a project to integrate multiple advanced LLM models into our product security processes.

This project has increased the capabilities of our Engineering and Product Security Red Teams to identify and fix vulnerabilities, especially those that are difficult to identify with traditional tooling, such as SAST and DAST. We have already successfully identified vulnerabilities which traditional tools missed, including some of those disclosed today.

As these tools are integrated further into our processes and refined, we expect an increase in vulnerability disclosures. We will continue to share transparently what we have found and resolved to ensure the security of our products. If you are not already following our Security Blog or subscribed to receive alerts for updates on the products you own through the Ivanti Innovators Hub, we highly recommend you do so.

Importantly, we are committed to using AI responsibly in product security, including keeping a human in the loop to verify automated or agentic work. While this will result in an uptick in disclosures, we see this as a good thing, and an important part of ensuring our products keep pace with modern security requirements as they change.

Our top priority is the security of our customers and believe the increase in identified, resolved, and transparently communicated vulnerabilities demonstrates that commitment.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

June 2026 Ivanti Neurons for ITSM Security Update

Mon, 01 Jun 2026 14:00:44 Z

In today’s rapidly evolving technology and threat landscape, responsible transparency should be a cornerstone of any product security program. As part of our ongoing product security program, we continually assess, investigate, and address vulnerabilities. When an issue is found, we communicate relevant information as quickly and responsibly as possible.

To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Neurons for ITSM (cloud and on-premises). Customers should review the Security Advisory for more information and version specific details.

Customers using the on-premises Ivanti Neurons for ITSM solution should review the Security advisory and apply fix as soon as possible.

At the time of this publication, we are not aware of any customers being exploited through the vulnerability disclosed today.

Our top priority is the security of our customers and believe the increase in identified, resolved, and transparently communicated vulnerabilities demonstrates that commitment.

Customers and partners with questions about their environment or remediation steps can contact Ivanti Support. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

To Up-Level Your Security Maturity, Rethink Your Vulnerability Remediation Capabilities

Thu, 28 May 2026 14:00:05 Z

Security teams are drowning in vulnerabilities. We’re talking tens of thousands of findings per quarter. Hundreds of thousands at larger organizations. Today's IT environments have no boundaries and span across every OS platform. Managing and securing that estate in a linear fashion is no longer viable, and neither is a vulnerability remediation process that treats every fix as a simple, low-impact task.

Risk-based prioritization helps cut through that noise by introducing threat context and business context into the vulnerability remediation process. That was a meaningful step forward. But many organizations that have adopted risk-based prioritization are still missing SLAs, still generating friction with IT and still watching exceptions pile up faster than remediations.

Knowing what to fix first is only part of the equation.

The harder part, and the part many programs still lack, is understanding what the real-world impact of that fix will be. More importantly, how to accelerate remediation from once a month to a continuous process, while balancing risk vs. impact.

This is operationally balanced remediation: the practice of weighing the real-world impact of a fix before committing to it. It is the critical missing piece in many vulnerability remediation programs and one of the clearest markers of exposure management maturity. Ivanti's Exposure Management Maturity Model identifies it as one of six core capabilities that separate mature security programs from reactive ones.

What is operationally balanced remediation?

The maturity model defines it simply: the ability to fix or mitigate exposures in a way that's both effective and practical. Security urgency balanced against IT realities like system uptime, patch testing and business continuity.

In practice, it comes down to one equation: security risk plus real-world impact equals an informed remediation decision. Identifying exposures has no value if you can't remediate them. And remediation that creates unplanned downtime, breaks production systems or triggers rollbacks hasn't reduced risk. It's shifted it.

The vulnerability remediation maturity journey: from reactive to strategic

Phase 1: traditional vulnerability management (the scan-and-patch era)

This is where vulnerability remediation started for many organizations, and where many still sit. Prioritization is CVSS-driven and first-in-first-out. Your scanner tells you "You have 10,000 CVEs" with no context about which ones matter.

Exceptions go undocumented. Vulnerability scanning and remediation workflows live in separate tools with minimal integration.

The result is reactive mode: chasing the latest high-profile disclosure instead of addressing what poses the greatest risk to the environment.

Phase 2: risk-based vulnerability prioritization (adding context)

Risk-based prioritization introduced two better questions: "Is this vulnerability actively being exploited?" And "How critical is the asset it affects?" Combining severity with threat intelligence and asset criticality gave security teams a sharper focus for their vulnerability remediation efforts. AI-driven vulnerability intelligence and patch reliability scoring have accelerated this process further by reducing the manual analysis burden that once forced security teams to make prioritization calls with incomplete data.

But there’s still a missing piece. Risk-based prioritization tells security what to fix. It says nothing about what IT needs to keep running. Collaboration between the two teams still often happens case by case, and the impact of remediation on IT operations remains an afterthought or more often an anchor holding organizations back from accelerating remediation activities.

Phase 3: the missing piece — operationally balanced remediation

For organizations that have developed the maturity to understand the real-world risks of an exposure, the next question they ask is: "What will the impact of this fix be on the systems we need to keep running, and can we afford to leave it exposed?"

When vulnerability remediation is forced without considering downstream effects, the result is downtime, resistance from IT and a growing backlog of exceptions that undermine the very security goals driving the urgency.

Ivanti's 2026 State of Cybersecurity Report found that 48% of security professionals say IT teams don't respond urgently to cybersecurity concerns, while 40% believe IT lacks an understanding of their organization’s risk tolerance. That's what happens when security and IT operate with different priorities and no shared way to resolve them.

The most mature programs address this not just through process alignment, but through automation that removes the manual handoffs where friction accumulates. Automated self-healing capabilities can detect, diagnose, and remediate endpoint and cyberhygiene issues proactively. This reduces the volume of vulnerabilities requiring manual triage in the first place. When remediation is built into how endpoints operate rather than bolted on after the fact, the gap between security urgency and IT capacity shrinks on its own.

The maturity indicator here is clear: shared KPIs between security and IT, documented exception processes and a vulnerability remediation tracking system that accounts for both risk reduction and business continuity. Achieving this continuously requires IT and security to operate from shared data and shared workflows.

When asset visibility, exposure aggregation, risk-based prioritization, and remediation run on a unified platform, the alignment that Phase 3 demands becomes a structural property of the system rather than a hard-won cultural achievement.

How operationally balanced remediation differs from risk-based prioritization

The simplest way to see the progression is through the questions each approach can answer.

Approach	Questions It Answers	What It Misses
Traditional VM	How many vulnerabilities exist?	Context and prioritization
Risk-based prioritization	Which vulnerabilities pose the greatest risk?	Operational feasibility and impact
Operationally balanced remediation	Which vulnerabilities should we fix first, given both security risk and operational constraints? How can automation ensure those fixes execute efficiently and without disruption?	Most comprehensive approach

This approach adds a layer of context to vulnerability remediation management: patch testing requirements, system dependencies, maintenance windows, potential downtime and rollback capabilities. These determine whether a fix holds — or creates new problems that require rollback.

Why operationally balanced remediation is central to exposure management

The maturity model identifies six core capabilities: asset visibility, asset importance, real-world vulnerability assessment, business-driven vulnerability prioritization, operationally balanced remediation and data/workflow integration.

Of these, operationally balanced remediation is the execution layer that makes the rest actionable.

Without it, exposure management stays theoretical. You can build perfect asset inventories, score every vulnerability with precision and produce dashboards that look impressive.

But if the vulnerability remediation process remains separate, it creates friction between security and IT, known risks accumulate, patches are delayed and the metrics on those dashboards stop reflecting actual risk posture.

The maturity progression runs from ad hoc prioritization (Phase 1) through case-by-case collaboration (Phase 2) to shared KPI-driven remediation (Phase 3) and finally audited retrospectives with a continuous improvement loop (Phase 4). Not every organization needs to reach Phase 4 across every capability. But getting from ad-hoc to shared, KPI-driven remediation is where the real gains happen.

The business case: balancing security and operational goals

Hidden costs of remediation without operational context

When vulnerability remediation is driven purely by security urgency, costs pile up in ways that stay invisible until they become systemic.

Unplanned downtime is the most obvious cost: critical business systems taken offline without proper impact assessment. But the downstream effects are just as damaging.

IT teams build workarounds when security mandates are impractical to execute, creating shadow processes that increase risk instead of reducing it. Exception fatigue sets in when exceptions outnumber compliant cases, rendering SLAs meaningless. And trust between security and IT erodes when each side views the other as either reckless or obstructionist.

Ivanti's research confirms how widespread this friction is. Thirty-nine percent of cybersecurity professionals say they struggle to prioritize risk remediation and patch deployment, and 35% report difficulty maintaining patch compliance.

Meanwhile, only 60% use business impact analysis to inform risk prioritization, and just 51% use a cybersecurity exposure score or risk-based index.

Many still rely on process metrics like mean time to remediate or percentage of exposures remediated, which can look positive in isolation but reveal little about whether the vulnerability remediation process is actually improving risk posture.

The ROI of operationally balanced automated vulnerability remediation

When organizations make this shift, the results show up fast. Shared KPIs drive realistic remediation timelines, which in turn improve SLA compliance. Median time to remediate drops when deployment barriers are expected rather than discovered mid-rollout.

Fixes stick because they account for system dependencies and maintenance windows rather than creating new problems that require rollback. Ring deployment is a good example: patches roll out to progressively larger groups, validated at each stage before expanding. That's what makes balanced remediation practical.

Combined with automated workflows that handle the correlation, triage and deployment orchestration, these mechanisms turn balanced remediation from a concept into a continuously operating system. When the platform handles the operational complexity, security teams spend less time managing the remediation process and more time validating outcomes.

Organizations at Phase 3 or Phase 4 maturity in Ivanti’s model track vulnerability remediation with metrics that reflect both security and operational outcomes:

SLA broken out by known exploited vs traditional severities
Median time to remediate (MTTR) for exploited vulnerabilities
Percentage of exception requests reviewed jointly by security and IT
Reduction in repeat exceptions over time

The strategic value extends further. When vulnerability remediation management accounts for what IT needs to keep running, security stops being perceived as a blocker and starts functioning as a business enabler. That shift is what unlocks sustained investment and executive support for exposure management.

From prioritization to execution: close the gap

Risk-based vulnerability prioritization was a necessary evolution. But it solved only half the problem. Knowing what to fix first has limited value if the act of fixing it creates downtime, resistance or a growing pile of undocumented exceptions.

Operationally balanced remediation closes the gap by getting security and IT working from the same playbook. That shows up in shared KPIs, clearly defined exceptions, and maintenance windows that protect business continuity. It also means automating remediation workflows that can spot and avoid potential downtime before it becomes a problem.

With prioritization, insight generation, and orchestration, remediation can keep pace with the environment instead of falling behind it. And with a unified platform that connects endpoint and security data, teams aren’t fighting silos—they’re moving in sync.

For a deeper look at how to benchmark your organization’s current maturity and build a targeted plan for growth, see Ivanti's Exposure Management Maturity Model.

Transform IT with Agentic AI: the Dawn of Accelerated, Autonomous Service

Tue, 19 May 2026 14:49:37 Z

The IT service management (ITSM) industry stands at a real inflection point. For decades, service desks have operated on a fundamentally reactive model — employees face problems, submit tickets and wait for human analysts to diagnose, triage and resolve their issues. Automation improved throughput within that model, but it never challenged the model itself.

The inflection point: why ITSM will never be the same

Agentic AI changes the equation entirely. Rather than simply accelerating the speed at which humans process requests, agentic systems understand intent, pull contextual information, choose an action path, execute across enterprise tools and confirm outcomes without waiting for a human to press "approve" on each step. We're witnessing the transition from IT service management to IT service autonomy, and the implications for every CIO, CISO and IT leader are profound.

The numbers reinforce the urgency. Gartner predicts that by the end of 2026, roughly 40% of enterprise applications will embed task-specific AI agents, up from less than 5% in 2025. Gartner research also predicts that 70% of enterprises will deploy agentic AI agents to simultaneously operate their IT infrastructure by 2029 — compared to less than 5% today.

These aren't incremental shifts. They represent a wholesale reinvention of how technology organizations deliver, secure and optimize services.

From scripted bots to autonomous agents: the evolution of intelligence in ITSM

Understanding where the industry is heading requires understanding where it has been. The evolution of AI in ITSM follows a clear arc that moves from deterministic scripted logic toward truly autonomous reasoning.

Phase one: rule-based automation

The earliest wave of ITSM automation involved scripted workflows — if a ticket matched certain keywords, it was routed to a predefined queue; if an asset fell out of compliance, a remediation script fired automatically. These automations deliver measurable efficiency gains by eliminating costly manual processes and making operations more compliant and secure. However, they remained brittle. Every new situation required a new rule, and the system could never handle ambiguity or learn from its own outcomes.

Phase two: AI-assisted service management

The arrival of machine learning and generative AI introduced a more adaptive layer. AI began classifying tickets automatically, summarizing incidents for analysts and generating knowledge articles from historical resolution data. Approximately 40% of organizations have now embraced AI to facilitate more efficient ticket resolutions.

Chatbots and virtual assistants have brought consumer-grade conversational interfaces into the enterprise, enabling employees to interact with IT support through natural language rather than structured forms. These abilities represented a meaningful leap, but the AI still operated primarily as an assistant. The AI is augmenting human decision-making rather than replacing it.

Phase three: Agentic AI and autonomous workflows

This is where the industry stands today, at the threshold of a third and far more transformative phase. Agentic AI systems don't wait for instructions. They observe, reason, plan and act.

In ITSM terms, an agentic system can detect an anomaly on an endpoint, correlate it with known vulnerability patterns, start a healing sequence, update the Configuration Management Database (CMDB) and close the resulting ticket — all before the affected employee notices a problem. Gartner has formalized this trajectory, predicting that by 2028, at least 15% of day-to-day work decisions will be made autonomously through agentic AI, up from 0% in 2024, and that 33% of enterprise software applications will include agentic AI by that same year.

The critical distinction is agency. Earlier AI tools responded to prompts. Agentic systems pursue goals. They maintain memory across interactions, reason about the best path to an outcome and execute multi-step workflows across integrated enterprise systems. This is the architectural leap that transforms ITSM from a discipline centered on processing requests to one centered on delivering outcomes.

The anatomy of agentic ITSM: persona-based and task-based intelligence

As agentic AI matures, its application in ITSM is coalescing around two complementary architectures: persona-based agents and task-based agents. Together, they form what many industry observers are calling the "conversational front door" to IT — a unified, intelligent interface that replaces fragmented portals, forms and phone trees with natural, adaptive interactions.

Persona-based agents

Persona-based agents are designed around the needs of specific user roles. A self-service agent, for example, serves as the first point of contact for employees. Rather than forcing users to navigate a service catalog and complete structured forms, a conversational self-service agent uses adaptive intent understanding and guided data capture to translate a natural language request into a fully structured, actionable ticket. The result is dramatically reduced friction for employees and significantly improved data quality for service teams. The impact of this approach is substantial — organizations deploying AI-powered virtual support agents have reported 50% to 70% reductions in call volumes alongside employee adoption rates of 80% to 85%.

Service-desk agents

By contrast, a service desk agent augments the live analyst. It provides context-aware guidance during ticket handling, accelerates triage and classification and offers real-time coaching that elevates less experienced analysts to the proficiency of seasoned veterans.

AI-driven incident summarization saves analysts significant time by automatically distilling complex ticket histories into actionable briefs. The analyst remains in the loop, but the loop is tighter, faster and more informed.

Task-based agents

Task-based agents handle discrete operational functions, such as knowledge search, incident creation, service request fulfillment, summarization and Q&A. These agents operate within an agentic framework that includes goal definition, environmental modelling, memory, reasoning and action execution. The interoperability standards appearing around Agent-to-Agent (A2A) and Model Context Protocol (MCP) communication are particularly significant. They signal an industry moving toward multi-agent ecosystems where specialized agents collaborate to resolve complex, cross-domain issues — what some analysts are calling "agent squads."

Gartner's own roadmap confirms this trajectory. By 2027, one-third of agentic AI implementations are expected to combine agents with different skills to manage complex tasks within application and data environments. The implication for ITSM is clear: the future service desk isn't a single monolithic system but an orchestrated ensemble of specialized agents, each contributing domain-specific intelligence to a unified service experience.

Self-Healing, self-securing, self-serving: the 3 pillars of autonomous IT

The strategic promise of agentic AI in ITSM rests on three interconnected capabilities that, taken together, define what truly autonomous service delivery looks like in practice.

Self-healing

Self-healing represents the most visible departure from traditional reactive support. Through anomaly detection and automated diagnosis, modern platforms can identify endpoint and security issues before they affect users. Cloud-based bots powered by hyper-automation don't just alert IT staff to problems — they actively resolve previously unreported or ignored issues, proactively expediting detection, resolving incidents automatically and freeing IT to focus on innovation. The industry trajectory here's unmistakable. As organizations mature their self-healing capabilities, the volume of human-touched tickets will decline steadily, and the service desk's role will shift from resolution to governance and continuous improvement.

Self-securing

Self-securing addresses the reality that cybersecurity and IT operations can no longer operate in silos. AI-driven visibility across devices, organizational structures and digital experiences enhances security posture by proactively identifying potential vulnerabilities based on social trends and vulnerability scoring.

Maintaining a consistently reconciled software inventory helps identify exposures before they become breach opportunities. The convergence of ITSM and security operations is accelerating as agentic AI provides the connective tissue between threat detection, vulnerability management and remediation workflows.

Organizations that unify IT and security through an AI-driven platform are positioned to deliver what the industry increasingly describes as "invisible but inescapable security" — protection that operates continuously without creating friction for end users.

Self-service is being reimagined from the ground up. Traditional self-service portals suffered from low adoption because they imposed the system's logic on the user rather than adapting to the user's intent. Conversational AI inverts this dynamic.

Employees interact through natural language, and the system handles the complexity of routing, classification and fulfillment behind the scenes. AI-powered virtual assistants deliver exceptional experiences by increasing productivity and satisfaction, bringing the ease of consumer virtual assistants into the workplace while maximizing adoption and reducing call volumes. Looking ahead, self-service will evolve further as voice automation, mobile-first interfaces and proactive notifications create an omnichannel support experience that meets employees wherever they work — at a desk, on the factory floor or on the road.

The strategic implications: what this means for IT leadership

The rise of agentic AI in ITSM carries implications that extend well beyond the service desk. For CIOs and IT leaders, several strategic themes demand attention.

The shift from cost center to value center

When routine incidents resolve themselves and AI handles first-line triage, the service desk is no longer defined by ticket volume and average handle time. Instead, IT teams are liberated to focus on strategic initiatives — digital transformation, employee experience innovation and business process automation. The question for IT leaders is no longer, "How do we handle more tickets faster?" But, "How do we redeploy the capacity that autonomous service creates?"

The imperative of governance and trust

The same Gartner research that forecasts explosive growth in agentic AI also sounds a note of caution: Over 40% of agentic AI projects may be canceled by the end of 2027 if costs, value clarity or risk controls prove inadequate. Successful implementations will demand built-in compliance, visibility rules and policy adherence from day one. AI governance isn't a bolt-on problem — it's a foundational design requirement. Organizations that embed guardrails, approval workflows and auditability into their agentic architectures will realize sustainable value; those that treat governance as an afterthought will face costly reversals.

The convergence of IT and security operations

Data silos between IT and security teams have long weakened organizational resilience. Agentic AI platforms that unify service management, endpoint management and exposure management create a system of record — enabling coordinated, intelligent response across traditionally separate domains. This convergence isn't just a technology play; it requires organizational alignment, shared metrics and a cultural commitment to breaking down functional barriers.

The employee experience as competitive advantage

The ability to measure and quantify the digital employee experience — across devices, service management, security and applications — through AI-driven sentiment analysis transforms employee experience from an abstract aspiration into a data-driven discipline. Organizations that provide seamless, consumer-grade IT experiences will attract and retain talent more effectively than those that treat IT support as a back-office function. The Digital Employee Experience (DEX) score is emerging as a critical KPI, offering service desk analysts the visibility to deliver personalized, empathetic support at scale.

Enterprise service management beyond IT

Perhaps the most underappreciated implication of agentic AI is its potential to extend intelligent service delivery beyond IT into HR, facilities, finance and other business departments. When the underlying platform supports no-code, workflow design and pre-built integrations with external systems, patterns proven in IT service management become templates for enterprise-wide transformation. Business departments that still rely on ad hoc emails, dated spreadsheets or paper documents stand to benefit enormously from the same agentic capabilities reshaping IT.

The autonomous service imperative

The transformation of IT service management through agentic AI isn't a distant possibility — it's an active, accelerating reality. The organizations that thrive will be those that recognize this shift for what it is: not just a technology upgrade, but a fundamental reimagining of how services are designed, delivered and experienced across the enterprise.

The human role will shift, not disappear. Agentic AI won't eliminate IT professionals — it'll elevate them. Analysts will transition from ticket processors to AI supervisors, governance architects and experience designers. The most valuable IT professionals of the next decade will be those who can design, train and govern autonomous systems rather than operate them manually.

The path forward demands a clear-eyed strategy. Start with the automation foundation — intelligent workflows, AI-assisted classification and self-service interfaces that reduce friction and improve data quality. Build toward autonomous capabilities — self-healing endpoints, self-securing environments and conversational agents that resolve issues end–to-end. And invest in the governance, culture and talent development that'll sustain autonomous operations at enterprise scale.

The question for IT leaders is no longer whether agentic AI will reshape service management. The question is how quickly and how strategically your organization can operationalize it. The era of autonomous service has begun, and the competitive advantage belongs to those who move decisively — not to those who wait for certainty that'll never arrive.

May 2026 Patch Tuesday

Tue, 12 May 2026 21:52:21 Z

Continuing the Patch Apocalypse this month we are already seeing some more aggressive shifts in updates from many vendors.

Oracle announced a new release cadence starting in May 2026 to address the acceleration of vulnerability detection introduced by Mythos and other AI security models. Monthly Critical Security Patch Update (CSPUs) will fill in the two-month gap between their quarterly Critical Patch Update (CPU).

Mozilla had been working with AI models prior to Mythos which led to 22 security-sensitive bugs being resolved in Firefox 148. They announced continued collaboration with Anthropic to apply an early version of Mythos to Firefox and released Firefox 150 resolving 271 vulnerabilities identified during the evaluation. Since Firefox 150.0.0 released, they have been on a more aggressive weekly cadence for security updates including the release of Firefox 150.0.3 on May Patch Tuesday resolving between three to five CVEs in each release.

Apple is another early participant in Project Glasswing and has seen a recent spike in the number of exposures resolved. They typically average around 20 CVEs per iOS security update. For their most recent update on May 11, there is a spike of over 70 CVEs resolved. across the 11 Apple updates. While there are not actively exploited vulnerabilities, there are a lot of updates to manage.

Microsoft resolved 118 CVEs in the May 12, 2026 Patch Tuesday update. There are no exploited or publicly disclosed vulnerabilities this month, but the updates resolve 16 Critical CVEs, 105 Important, 5 Moderate, and 1 Low. Office is likely the higher risk this month with four Critical RCE vulnerabilities resolved in this update, but the OS, as usual, has a lot of CVEs being resolved.

Third-party vulnerabilities (Leading up to and including Patch Tuesday)

Adobe resolved 52 CVEs in their Patch Tuesday update that included 10 bulletins. Adobe Commerce is the clear priority — it's the only Priority Two update this month, with 10 Critical CVEs including two at CVSS 8.7, and several DoS vulnerabilities that require no admin privileges to exploit.

Apple released updates for their platforms on May 11 resolving between 25 and 52 CVEs across all platforms. The release did not include any exploited or publicly disclosed vulnerabilities, but is notably larger than average.

Google released Chrome 148 on May 5 resolving 127 CVEs including three Critical ratings. Google has been on a weekly cadence for Chrome updates for a while now, but the May 5 update is far larger than average for Chrome (possibly the largest CVE count resolved in a single update). Another Chrome release is expected on or shortly after Patch Tuesday.

Mozilla has been on a steady weekly release scheduled for Firefox since the release of Firefox 150. Mozilla made some headlines with the 271 CVEs resolved in Firefox 150.0.0 and has been averaging three to five CVEs resolved each week since. The release of Firefox 150.0.3 on Patch Tuesday is the latest release, which resolved five CVEs all with a High rating.

Ivanti security advisories

Ivanti has released four security updates for May Patch Tuesday. The updates affects Ivanti Secure Access Client, Ivanti Xtraction, Ivanti Virtual Traffic Manager, and Ivanti Endpoint Manager and resolves seven CVEs. More details and information about mitigations can be found in the May Security Advisory.

In addition, Ivanti released a Security Update for Ivanti Endpoint Manager Mobile (EPMM) on May 7 which resolved five CVEs including CVE-2025-6973. At the time of disclosure, Ivanti was aware of very limited exploitation of CVE-2026-6973, which requires admin authentication for successful exploitation. More details and information about mitigations can be found in the May 2026 EPMM Security Update Advisory.

May update to-do list

Third-party update cadence is accelerating. Ensure you are prioritizing more frequent update schedules for priority applications such as browsers, productivity apps, and telecommunications apps.
Microsoft and Apple both released updates across pretty much every platform. No exploits, but there are a lot of vulnerabilities to remediate.

The Messy Truth About AI Data Management (And What to Do About It)

Tue, 12 May 2026 16:23:42 Z

Data will always be unclean. It's just a matter of degree.

I internalized that on day one of my master's program in data science, when a professor warned us that roughly 80% of our time would go to preprocessing and cleaning, not building models.

Years later, as Principal Product Manager for AI, ML and Analytics at Ivanti, I've found the guidance holds up remarkably well in practice.

As my team and I work to bring AI out of the lab and into production for IT and security teams, AI data management matters more than ever. Ivanti’s 2025 Technology at Work Report found that 42% of office workers use generative AI tools at work, up 16 points in a single year. Among IT professionals, adoption reached 74%.

The appetite is there. So is the hesitation. Many IT leaders know their data isn’t clean, their systems are fragmented, and their governance hasn’t caught up. The good news: you don't need perfect data to adopt AI.

You need a clear data management for AI strategy built around what you already have.

Why IT data is never perfect

In enterprise IT, data quality issues aren't anomalies. They're the baseline reality of AI and data management. Tickets get categorized inconsistently. Asset inventories are incomplete. Critical information lives in silos across systems. And unstructured text in support tickets and survey responses defies neat categorization.

Ivanti's research confirms how deep this goes. Our 2026 Autonomous Endpoint Management Advantage Report found that 89% of IT professionals say siloed data negatively impacts operations, with 39% saying silos cause inefficient resource use.

Our Tech at Work Report tells a similar story:

38% of IT professionals cite tech complexity as a significant barrier to effective operations, up four points year over year.
Nearly half (46%) say new software deployments actually drive-up ticket volume rather than cut through the noise.

Add that 48% of organizations still run end-of-life software, and the picture becomes clear: this is a data environment that's messy by design.

As David Pickering, Ivanti's Product Marketing Director, told me: when data is formatted differently across systems, entered inconsistently, siloed by department, shaped by years of acquisitions, you’ll find agentic AI workflows that span those systems quickly run into trouble. You can't tell an AI which data to trust if you don't know yourself. And without that foundation, even well-designed automations will fall apart at the seams.

In other words: "Garbage in, garbage out" still applies. But pristine data isn't coming anytime soon. Any serious approach to master data management and machine learning must account for the mess, not wait for it to resolve itself.

The decision framework — choosing your data management strategy

There are two primary paths for data management for AI in IT. Both are valid, both have trade-offs, and many organizations will use both for different use cases.

Path 1: Manual/programmatic cleaning

When my team introduced ticket classification for Ivanti’s ITSM system, we were training a model to categorize service requests. That demanded clean, well-labeled training data. So, we built a step into the workflow that gave administrators the opportunity to review and clean data before it fed the model. That human review made a measurable difference in accuracy.

This path works best when you're training or fine-tuning a custom model, ingesting data into a knowledge base or working with structured datasets where quality standards can be defined. The trade-off is time and resources. The outcome is high accuracy and full control.

It also works best when baseline data hygiene is already in place. Many organizations aren't there yet: just 35% track device age or location, and only 37% track patch status.

Path 2: Generative AI processing

Sometimes manual cleaning isn't feasible. I learned this working on Ivanti's survey analytics. Survey responses are some of the messiest data any IT team encounters: freeform text, inconsistent formatting, wildly varying detail. Cleaning that manually at scale isn't realistic.

Instead, we used large language models to identify themes, patterns and sentiment across incomplete and unstructured inputs. We could summarize entire surveys, flag satisfaction drivers, and surface actionable insights fast.

This path is ideal for high-volume unstructured data, situations where manual cleaning simply isn't possible, or any scenario where the cost of cleaning exceeds the value of the output. It does require access to capable large language models and validation that the use case is a fit.

Choosing between the two strategies

The decision comes down to data volume and variety, time constraints, accuracy requirements and how much control you need over where your data goes and how it's processed.

Fine-tuning a model where precision is critical? Invest in cleaning. Working with large volumes of unstructured input where speed matters? Lean into generative AI. The goal is deliberate choice, not inaction because the data isn't perfect.

Building AI-ready infrastructure for data management

Cloud services are essential here, and I don't say that lightly. When my team built a digital experience score to measure, quantify and improve digital employee experience, cloud was the critical enabler. It served as our integration hub, bringing together service tickets, device telemetry, application performance, and security signals.

That level of multi-source integration isn't feasible at scale without cloud infrastructure. Cloud also enabled us to run a hybrid AI model that processes both text and numeric telemetry simultaneously. Supporting thousands of devices and users at that complexity level isn't feasible on-premises.

Beyond compute, AI-ready infrastructure means tackling master data management for machine learning. Organizations need a single source of truth across systems. Data formats need to be standardized, particularly when growth through acquisition introduces legacy platforms with different conventions.

Data governance complicates the picture further. Regulations like GDPR and CCPA impose strict requirements on how personal data is processed and where it can be transmitted. For global organizations, that means AI pipelines need to account for regional jurisdictional differences, particularly when evaluating whether to use external AI services or keep processing in-house.

Our Autonomous Endpoint Management research found that just 32% of IT professionals use a unified endpoint management system. Without consolidated visibility, AI and automation can’t reach their potential. Effective AI data management starts with visibility: you can't automate what you can't see.

Best practices for IT teams implementing AI

When it comes to data management for AI, adopting tools without developing the processes to support them is one of the most common mistakes I see.

Establishing Knowledge Management Practices

Ivanti’s ITSM platform uses AI to generate knowledge articles from past tickets and incident resolutions. The productivity gain is real. But it doesn't eliminate the need for management discipline.

Articles still require review and approval cadences, version control and clear ownership.

Despite 86% of IT professionals agreeing that AI is important to efficient operations, fewer than half use it for high-value scenarios like predictive maintenance or automated incident response. The gap in AI and data management isn't technology. It's process maturity.

Validation and governance

Validation is just as important on the output side as data quality is on the input side. AI-generated results need to be checked, especially as organizations move toward agentic AI, where autonomous systems act on decisions in real time. The question isn't just whether the data coming back looks right. It's whether the system is taking the right actions.

Measuring AI performance matters too: how often it's being used, how accurate it is and where it's failing. Ivanti's 2026 State of Cybersecurity Report found that 92% of security professionals say automation effectively reduces mean time to respond. That effectiveness, though, depends on continuous monitoring and tuning.

Using AI as a catalyst for better data practices

AI doesn’t just consume good data practices. It drives them. By lowering barriers to content creation and analysis, AI frees teams to build the governance frameworks they’ve deferred. When generating a knowledge article takes minutes instead of hours, the team can invest that time in approval workflows and quality assurance.

This is especially valuable when junior technicians get real-time AI guidance, enabling them to contribute at a higher level while senior staff focus on strategy.

Our Autonomous Endpoint Management Advantage Report found that 62% of IT professionals feel overwhelmed by day-to-day operations, and one in four say a colleague has resigned due to burnout. AI that augments human expertise helps teams scale without that cost.

The path isn’t always clear, but the strategy can be

Perfect data is a myth. That shouldn’t stop you.

Manual cleaning for structured, high-precision use cases. Generative AI for unstructured, high-volume scenarios. Both require intentional investment in cloud infrastructure, governance and process development.

As AI models continue evolving, incorporating not just statistical pattern recognition but explicit rules and structured reasoning, the barrier to AI-ready data management will keep dropping. The organizations that move now, clear-eyed about their data’s imperfections and equipped with a strategy to manage them, will capture the most value.

May 2026 Security Update

Tue, 12 May 2026 14:11:21 Z

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Secure Access Client, Xtraction, Virtual Traffic Manager and Endpoint Manager (EPM).

It is important for customers to know:

We have no evidence of these vulnerabilities being exploited in the wild.
These vulnerabilities do not impact any other Ivanti solutions.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in the Security Advisories:

How AI will affect vulnerability announcements in our products

Our top priority is the security of our customers and believe the increase in identified, resolved, and transparently communicated vulnerabilities demonstrates that commitment.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

May 2026 EPMM Security Update

Thu, 07 May 2026 14:23:06 Z

In today’s rapidly evolving technology and threat landscape, responsible transparency should be a cornerstone of any product security program. Especially with the advancements in AI, we believe it is important to respond quickly when a new risk is discovered.

Ivanti’s efforts integrating AI into our development and product security process have increased the capabilities of our Engineering and Product Security Red Teams to identify and fix vulnerabilities. Our objective in proactively discovering issues is to increase the resilience of our products in today’s threat environment and reduce the likelihood of exploited-in-the-wild Zero Days. We have already successfully identified vulnerabilities traditional tools missed, including some that are being disclosed today.

Importantly, we are committed to using AI responsibly in product security, including keeping a human in the loop to verify automated or agentic work. Our top priority is the security of our customers, and we expect that this work will naturally increase the number of vulnerabilities found, fixed, and disclosed. While this will result in an uptick in disclosures, we see this as a good thing, and an important part of ensuring our products keep pace with modern security requirements as they change.

To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM).

More information can be found in the Security Advisory, which describes the nature of the vunlerabilities and detailed remediation instructions for customers.
At the time of disclosure, we are aware of very limited exploitation of CVE-2026-6973, which requires admin authentication for successful exploitation.
We are not aware of any customers being exploited by the other vulnerabilities disclosed today.

The issues only affect the on-prem EPMM product, and are not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products.

Advanced AI models have collapsed the time-to-exploit from days to hours after disclosure. Because of this, we strongly encourage our customers to apply the patch to their on-premises EPMM promptly to protect their environment.

How AI will affect vulnerability announcements in our products

Ivanti continues to explore, test, and implement leading technologies and processes in our product development. In recent months, our security team began a project to integrate multiple advanced LLM models into our product security processes.

Our top priority is the security of our customers and believe the increase in identified, resolved, and transparently communicated vulnerabilities demonstrates that commitment.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Ticket Taker to Team Leader: Managing an Agentic IT Workforce

Thu, 30 Apr 2026 13:00:02 Z

The promise of AI in IT service management has been circulating for years. Chatbots that deflect tickets. Virtual agents that answer FAQs. Automation that routes requests. These are useful, but probably not the dream-state you were originally sold.

What's different today is the arrival of agentic AI: systems that don't just respond to instructions but reason, act, and adapt across multi-step workflows with real consequences. The question for IT leaders is no longer whether to adopt agentic ITSM. It's how to govern it well enough to run at speed.

AI agents aren't coming to your service desk — they're already there. Ivanti Neurons for ITSM is at the center of this shift by embedding AI agents directly into incident management, service requests and knowledge management.

The agentic service desk deployed

An agentic ITSM workforce isn't a chatbot with extra steps. In Ivanti Neurons, AI agents are purpose-built for defined ITSM personas, triaging and classifying incidents the moment they arrive, executing approved change workflows end-to-end, querying and reconciling the CMDB without analyst intervention, and surfacing knowledge articles that actually resolve issues — not just surface them.

These agents operate across your existing tech stack. Agentic AI agents should work across your entire tech stack, not in isolation. Our vision is to have agents across ITSM, endpoint management, patch management and security to enable the autonomous enterprise.

Here's how forward-looking IT leaders are governing, scaling and getting real results with an agentic ITSM workforce.

Real outcomes, not pilot projects

Organizations that have moved beyond experimentation with Ivanti Neurons for ITSM are seeing compounding returns as AI agents mature in production. According to Ivanti's own AITSM research: 86% of IT professionals say AI-powered technology is key to making IT organizations more efficient and 85% believe AI and automation solutions like root-cause analysis and predictive maintenance can help decrease IT ticket volume.

These findings reinforce the scale of the opportunity. Critically, 58% of organizations are already using AI for password resets and 52% for employee onboarding — routine tasks that consume analyst hours and deliver little strategic value.

Analysts estimate the average cost to resolve an IT ticket ranges from $15 to $17 — and multiples higher for escalated requests. AI agents that handle the high-volume, low-complexity tier of that queue don't just reduce costs. They free your best people for the work that actually moves the business.

— Ivanti AI: The Future of ITSM Automation Report.

This transformation is happening across sectors where Ivanti Neurons for ITSM is deployed:

Healthcare: Device provisioning and EHR access requests resolved autonomously across multi-site environments, reducing delays that previously stretched service windows.
Financial Services: AI-scored change risk surfaces CAB-critical flags, cutting review time and keeping audit trails complete without manual effort.
Manufacturing: Endpoint health signals are automatically correlated with open incidents, reducing MTTR across converged OT and IT environments.

Governance isn’t just a guardrail — it's the engine

The highest-performing agentic ITSM organizations share one trait: they treat AI agent governance with the same rigor as change management. Agents that are well-governed don't just perform — they improve. Agents that lack governance will degrade quietly, drifting as ticket patterns evolve; knowledge articles go stale and organizational change outpaces model assumptions.

What does good ITSM agent governance look like in practice?

Defined autonomy boundaries. IT teams need to configure exactly which workflow steps are fully autonomous, which require human confirmation and which must always escalate.
Continuous improvement through feedback loops at every touchpoint. Agents learn from analyst corrections, end-user satisfaction scores and resolution outcomes. These signals surface in the aggregate, so your team isn’t only closing tickets — they're also improving their processes.
Audit trails for every agent action. Every decision by an AI agent should be logged with full context — what triggered it, what data it used, what action it took. Compliance is built in, not bolted on.
Escalation that actually works. Agents know their limits. When confidence drops below a configurable threshold, the AI technology needs to seamlessly route it to the right human with the full context attached, so the analyst isn't starting from scratch.
Trusted information. AI agents must use data you trust rather than relying on external, unknown sources or hallucinations. Maintaining control over your data sources is vital for guaranteeing reliable information.

The new required IT leadership skill set

The shift to an agentic ITSM workforce changes what it means to be an effective IT manager. The core competency is no longer ticket throughput or process compliance but the ability to orchestrate a hybrid team of humans and agents, evaluate agent performance with the same critical eye you'd apply to a direct report and continuously tune the system to the evolving demands of the business.

Ivanti's 2025 Technology at Work Report and 2025 DEX Report bring this challenge to the surface:

46% of IT professionals report a rise in ticket volume due to new software deployments.
34% of help desks identify repetitive, time-consuming tasks and long resolution times as their top pain points.

These are exactly the pressures agentic AI is built to absorb, but only if leaders build the management muscle to direct it.

IT leaders using Agentic AI with ITSM should consider building weekly rhythms around agent performance reviews the same way they might review analyst KPIs by asking questions such as:

Which agents are underperforming, and why?
Which workflows are ready to expand AI autonomy?
Which escalation patterns suggest a knowledge gap in the model?

Organizations leading the way with agentic AI must go beyond evaluating analysts and AI agents in isolation. True performance measurement means assessing them together as one integrated team of humans and AI working toward a shared goal.

Slow adoption is technical debt

There's a tendency in IT to treat AI adoption as something to get right before going big. The instinct is understandable since ITSM touches every part of the organization, and failure is visible. But the risk calculus has flipped. In 2026, the cost of moving slowly isn't avoided risk. It's accumulated distance from organizations that are compounding their agentic advantage every quarter.

Ivanti's research identifies the real barriers: 42% of IT professionals cite security and compliance concerns as the number one challenge to IT automation. Moreover, 44% of organizations have invested in AI but say their employees lack adequate skills or training to use these tools effectively. These are fixable problems, but only when leadership steps up to solve them.

The barrier to agentic ITSM is seldom technical, but organizational. Unclear ownership of AI outcomes, misaligned incentives and cultural resistance from analysts who fear replacement rather than augmentation stand in the way of full-scale AI adoption.

It's worth noting that 74% of IT professionals are already using generative AI tools in 2025, up from 66% the year before. The workforce is moving. The question is whether the organization is moving with it or creating friction that drives that adoption underground.

The principles that drive real transformation

Organizations striving to build genuinely agentic IT operations share a common operating philosophy:

Start with outcomes, not use cases. Identify a strategic metric — SLA compliance, MTTR, analyst-to-ticket ratio — and build backward to the agentic workflows that move it.
Treat AI agents as team members with onboarding plans. New agents are supervised, coached with feedback, and given expanding autonomy as performance warrants — not released into production and forgotten.
Measure agent performance like human performance. Resolution rate, escalation rate, end-user satisfaction and knowledge contribution are tracked per agent workflow, not just at the aggregate service desk level.
Invest in human capability alongside AI capability. The service desk gets better, and the people in it do too. The best analysts aren't displaced; they're retrained as AI coaches, workflow architects and exception managers.
Build governance before you need it. Configure autonomy thresholds, escalation logic, and audit policies in the first deployment, not after the first incident.
Treat AI agents and analysts as one team. Treat AI agents and human analysts as one team — planning, executing, and evaluating together. Guide this combined team through the team development framework of Forming, Storming, Norming, and Performing to build the trust and cohesion that drives real results.

The era of the passive service desk is ending. No more waiting for a ticket, working through a queue and measuring success by closure rate. The organizations defining the next decade of IT operations are building proactive service management operations that sense, reason and act: where AI agents handle the volume, and your best people handle the future.

Ivanti Neurons for ITSM is built for that service desk. The question is whether your organization is ready to lead it.

Ready to build your agentic IT workforce?

See how Ivanti Neurons for ITSM embeds AI agents into your existing service desk workflows — from day one. Learn more.

We’re in a Patch Apocalypse. That Means These Three IT Excuses Won’t Work Anymore.

Wed, 29 Apr 2026 14:00:07 Z

On April 7, Anthropic announced that its Claude Mythos Preview model had autonomously identified thousands of high- and critical-severity zero-day vulnerabilities across every major operating system and every major web browser. Over 99% of them were unpatched the day of disclosure.

Two weeks later, on April 21, Mozilla said it had used the same model to find and patch 271 vulnerabilities in the latest Firefox release. Mozilla's own assessment: "So far we've found no category or complexity of vulnerability that humans can find that this model can't."

271 is the first wave. Chrome, Edge, Windows, macOS, Linux, FreeBSD — the 17-year-old remote code execution flaw in FreeBSD that Anthropic's red team disclosed (CVE-2026-4747) is an early example of what's coming. Every vendor under Anthropic's Project Glasswing umbrella is positioned to ship fixes at a tempo the industry hasn't seen before. All those fixes become public CVEs with patches available, which lands them in the same place: your environment.

The containment story also has a crack. On April 21, Bloomberg reported that a Discord-linked group gained unauthorized access to Mythos through a third-party vendor environment. Anthropic says the activity didn't extend beyond that vendor. Whether or not similar capability is already in attacker hands, the defensive runway is shorter than the April 7 announcement implied.

Mythos entered a world already trending this way. CrowdStrike's 2026 Global Threat Report documented an 89% year-over-year rise in AI-enabled attacks in 2025. That trend line predates Mythos.

Call this a patch apocalypse. The plain operational kind, where the volume and cadence of public CVEs with available patches is about to outrun how most IT and security teams currently work.

NIST is already feeling the effects of the patch apocalypse. In April, the agency announced a major shift in the National Vulnerability Database (NVD) operations in response to a 263% surge in submissions. NIST will no longer provide detailed enrichment to all vulnerabilities submitted, and will instead only provide this for vulnerabilities that meet a high-risk criteria, such as those in the CISA Known Exploited Vulnerabilities catalog or those affecting critical government software. NIST will be relying on CVE Number Authorities (CNAs), like Ivanti, rather than performing its own independent assessment.

I've been hearing three versions of the same response from customers and peers since the announcement. All three are variations of a program designed for a slower world.

“We have a vulnerability scanner”

Qualys, Rapid7 and Tenable do vulnerability discovery well. Scanners find, flag, score and list. Deployment, verification, reboot handling and rollback are outside their scope. That work still has to happen somewhere. In most programs it happens in a separate tool, with a separate team, on a separate cadence.

With the exploit window now running in hours and the Glasswing queue about to double the backlog, a scanner that produces 587 critical vulnerabilities and hands the list to a human team is a liability. The practical move is to connect the scanner you already own to a remediation engine that can act on its findings automatically. An autonomous endpoint management (AEM) platform, with ring-based deployment and rollback, and vulnerability intelligence to provide risk-based context for efficient remediation decisions so the list shrinks without a humans making every decision.

“We drive approvals through our ticketing system”

Speaking of humans having to make decisions… Long linear approval processes are going to slow the remediation process significantly. When is the last time you had to decide whether you were going to deploy the latest OS or browser update?

Organizations already know they are going to deploy these updates. Often the approval process is due to complex internal politics and misalignment on security outcomes. The end result? A very linear process that requires the vulnerability scanner previously mentioned, an analyst approving what you already know needs to be done, tickets going out to business owners for approval and sitting in inboxes waiting for approval, and ultimately valuable time wasted on a decision that was essentially already well understood and did not need to be made.

The market shift to Exposure Management is approaching this process very differently by focusing on defining an organizations risk-appetite and monitoring risk-posture. Next time a Windows OS update releases you already know you will deploy it, the schedule you will deploy it on and your SLA and compliance metrics you will measure success by. What you really want to know is:

1. Do I need to move faster because the update includes known exploited vulnerabilities?

2. Is the update impacting operations and we need to slow down (good thing the Autonomous Endpoint Management platform includes ring deployment with rollback)?

“We have Intune”

Microsoft Intune has two scope limits that matter here.

First, it only manages devices enrolled with it. Unenrolled and unmanaged endpoints — servers, contractor laptops, shadow IT, neglected edge devices — sit outside its visibility entirely. During periods of increased vulnerability volume, those blind spots multiply faster than teams can handle manually.

Second, while Intune simplifies application deployment and updates, its third-party application coverage and prioritization depth are narrower than most administrators realize. Intune can tell you what’s out of date, but not what actually increases your exposure––which forces teams to patch everything reactively, or based on guesswork when time is scarce.

Most enterprise environments aren’t exclusively Windows, fully enrolled, or running a small, homogenous app stack. When vulnerability disclosures spike, routing patching leaves gaps and turns into systemic risk.

Keep Intune. Pair it with a discovery and remediation layer that finds the assets Intune can't see, prioritizes the vulnerabilities that matter most, and applies patches with confidence across the applications Intune doesn’t cover.

What to do about it

Automation is the operating model. It has to be built into the workflow.

Practitioners have known the principle for a while. It shows up in three places:

Continuous triage. Known exploited vulnerabilities can follow a zero-day response track especially in less secure parts of the organization like end user systems. Above that, set and define specific applications like the browsers and telecommunication apps to get updated on a priority track that is checked weekly or even daily. Everything else can wait for the regularly maintenance window to come around.
Ring deployment with automated rollback. Test ring, early-adopter ring, broad production, mission-critical. The sequence is boring and it works for most maintenance. What's changed is that certain updates will need to compress to fit the exploit window vs waiting for your monthly maintenance. The test ring has to be automated and instrumented — a human checklist can't move that fast.
Closed-loop verification. The patch isn't deployed until it's verified installed on the endpoint, and the CVE isn't closed until a rescan confirms it. Most teams skip that step, which is why compliance evidence becomes a fire drill the week before the audit. That's why we shipped continuous compliance in our platform this week — so compliance evidence is produced continuously and automatically as patches deploy, with automation handling the prioritization decisions most teams don't have bandwidth for.

Mozilla's 271 Firefox vulnerabilities are a preview. Every major software vendor under Glasswing is about to startfixing more vulnerabilities and at an accelerated pace, and attackers with the same class of capability will be looking for exactly those openings whenever they gain access to a model like it. The resulting AI arms race will have a direct affect on the number and frequency of updates that organizations will have to remediate and at an accelerated pace. Automation is what carries a program through. Teams still doing monthly-only patching are in for a rough stretch.

If you run an IT or security program, the self-assessment is worth doing now. Take the last critical patch you pushed out. Even better, if a zero-day came out on a Friday would you be able to remediate it by Monday? Time it from CVE publication to verified install on the last endpoint. If that number is measured in weeks, the patch apocalypse is going to find you.

Ivanti Launches Agentic AI on the System of Record You Trust

Mon, 20 Apr 2026 22:00:02 Z

Investors and enterprises are finally asking the question they'd been avoiding: which software companies will survive the AI revolution, and which will be made obsolete by it? The answer is becoming clear. Companies that serve as the system of record, the authoritative source of truth that AI itself depends on, are essential.

Today, Ivanti is announcing a controlled release of the Ivanti Neurons AI Self-Service Agent, our first autonomous AI solution. We're building from a position of strategic strength, introducing the new solution initially within our IT Service Management (ITSM) framework, building on our long history of intelligent automation through built-in workflows, our Neurons bot infrastructure, generative AI tools and now a fully conversational autonomous agent.

Building the foundation to scale AI

There's no shortage of talk about what AI will eventually do, but that potential means nothing without a strong foundation beneath it.

Operationalizing autonomous AI and scaling its impact across an entire organization requires five foundational capabilities.

Knowing what exists: AI must operate on accurate discovery data, not assumptions. Without real-time visibility into devices, users, configurations and dependencies, autonomous actions become dangerous.
Maintaining institutional memory: AI needs durable context that survives organizational change. Relationships, history and dependencies must be preserved in a system of record.
Owning accountability: Every autonomous action needs clear ownership and a decision trail. When AI acts on behalf of the organization, someone must be accountable.
Enforcing policy: AI must distinguish between what's technically possible and what's organizationally permissible. Optimization without governance creates compliance risk.
Ensuring auditability: Every action or decision made through AI must be traceable, explainable and defensible in an audit.

That's not a limitation of any model, but rather the nature of how AI works. AI is powerful, but it operates on data. And if that data is fragmented, inaccurate or ungoverned, the AI built on top of it will be too.

This is what the Ivanti Neurons Platform was built to provide. Our Neurons Platform serves as a robust system of record and control panel for IT and security operations. Our Discovery Engine establishes ground truth. Our CMDB preserves relationships, dependencies, and change history. Our IT Asset Management (ITAM) capabilities assign ownership, lifecycle, and accountability. Our Software Estate Management enforces what's allowed versus what's merely detected.

This is more than product architecture. It's the foundation your organization needs to operate securely and intelligently.

The journey to autonomous service delivery

Agentic AI wasn’t built overnight. At Ivanti, we’ve been building toward this deliberately with a consistent focus on trust, governance, and repeatability.

Our path to autonomous service delivery was strategic and intentional.

Traditional automation: Established rule-based workflows executing predefined tasks in sequence.

Cognitive AI: Added intelligence through bots, machine learning and predictive analytics, moving IT from reactive to proactive.

Generative AI: Introduced large language models and natural language interaction.

Conversational AI: Deepened interactions by adding intent recognition, sentiment detection, and safety guardrails transforming AI from a tool into an interactive partner.

And now, autonomous agents that don't just respond but orchestrate actions across systems while maintaining governance at every step.

Each stage was built on the prior one. And each stage delivered real enterprise value only because it was grounded in accurate data, governance and accountability. That foundation is what makes today's announcement possible.

Introducing Ivanti Neurons AI Self-Service Agent

The problem is one every IT leader knows well — employees struggle to find answers scattered across disconnected knowledge systems. Basic tickets flood the service desk. Users abandon confusing portals in frustration. IT teams get trapped on a ticket treadmill, doing repetitive work instead of the strategic projects that actually move the business forward. Traditional self-service portals haven't solved this. They're rigid, frustrating, and often create more problems than they resolve.

Ivanti Neurons AI Self-Service Agent is different. We’ve all seen chatbots, but this is something else. It’s a true conversational AI agent. It converses, investigates, resolves and escalates only when it needs to. The first release focuses on intelligent knowledge search, incident escalation and the ability to request something from IT using natural language. It feels as easy as texting a friend.

This initial release delivers three things done exceptionally well: intelligent knowledge search, incident escalation when knowledge isn't enough, and the ability to request from a service catalog without the complexity of self-service portal forms.

We understand that time, speed, and accuracy are non-negotiable in the digital era and have built the capabilities with that in mind. The AI Self-Service Agent engages in natural conversation, asks the right questions, queries across internal and approved external sources, and surfaces verified answers. If this process alone doesn't resolve the issue, the agent escalates and captures a structured incident from the conversation without requiring the user to repeat their request, ensuring a frictionless user experience.

This solution is built on an AI framework designed to grow with it as we execute our full vision for autonomous endpoint management.

Driving real, measurable outcomes that matter most

This launch directly advances strategic outcomes for our customers: improving IT productivity, improving digital employee experience, and bringing teams and business functions together across one unified platform. Here’s what that looks like:

For the business, that means measurable productivity gains, lower cost per ticket, and IT operating as a driver of strategic outcomes rather than an operational bottleneck.

Autonomy requires a foundation you can trust

What makes our approach to autonomous AI trustworthy and attainable is that the AI Self-Service Agent is built on a system of record as part of the Ivanti Neurons Platform. This ensures that:

Our agentic AI doesn't improvise (that is, hallucinate.) It operates from accurate discovery data, validated asset information, and governed workflows.
It knows what devices exist, who owns them, what software is permitted and what policies apply.
It maintains durable state and enforces accountability across every action it takes.

The operating model is simple, but powerful: Continuously detect issues before they impact users. Decide using trusted data from the system of record. Act through governed automation within defined boundaries.

This is the difference between AI that generates answers and AI that organizations can trust in production, at enterprise scale.

The future we're building

This launch is both a milestone and a foundation for what’s next. We're building autonomous capabilities on the system of record that AI itself depends on. That makes our platform more resilient, our customer relationships more durable and the value we deliver stronger over time.

The future of IT is anticipatory, self-driven and strategic. IT leaders aren't reactive ticket-takers. They're orchestrators of intelligent, self-healing infrastructure. Autonomous agents handle the routine, learn continuously and escalate the complex to human experts — all within governance guardrails that the system of record enforces.

We've spent years building toward this moment. I'm proud of what our team has delivered, and I'm even more excited about what comes next.

Digital Sovereignty and Sovereign Cloud: Protecting EU Cloud Data for Operational Resilience

Fri, 17 Apr 2026 12:30:01 Z

Traditional data protection followed a straightforward principle: Data stored in country A is protected by the laws of country A; data stored in country B is protected by the laws of country B. But in today’s global economy, where your data physically resides no longer determines which governments can demand access to it.

Cloud infrastructure brought new jurisdictional complexity. The physical location of data centers, the nationality of the cloud provider's headquarters, and the entity controlling operations can each create competing jurisdictional claims, potentially allowing multiple governments to demand access to the same data.

What is digital sovereignty?

This challenge has a name: digital sovereignty. Digital sovereignty is the principle that organizations maintain complete control over their data within their home jurisdiction's legal framework. This idea has become a necessity for organizational resilience as businesses work in a more fractured, less trusting geopolitical world. Private and public organizations need secure access to cloud-based platforms that are compliant with local regulatory requirements and shielded from the known or unknown geopolitical risks their region faces.

How the U.S. CLOUD act impacts EU data residency

The 2018 US CLOUD (Clarifying Lawful Overseas Use of Data) Act further cemented these concerns for EU organizations. This law empowers US law enforcement to compel any US-based cloud provider to produce data stored anywhere globally — regardless of the data's physical location or the customer's nationality.

Both the US CLOUD act and the Foreign Intelligence Surveillance Act (FISA) have given firms in the European Union cause for concern. Through these two policies, US authorities could access data contained within cloud platforms of any US-headquartered organization, even when the cloud data center is stationed in another country.

For EU‑based companies, using US‑based tools triggers specific GDPR obligations because personal data leaves the EU. And since the EU–US Privacy Shield was invalidated (known as “Schrems II”), EU companies need other protections. Standard Contractual Clauses (SCCs) remain valid but are conditional and complex as they require case-by-case review.

A subsequent Data Privacy Framework has been introduced since, but underlying trust among the nations involved only goes so far. These dynamics increased pressure to ensure data protection, and so sovereign cloud solutions were needed to ensure operational resiliency.

Ivanti Neurons for MDM – Sovereign Edition: built for EU cloud sovereignty

For our partners and customers in the EU, Ivanti Neurons for MDM Sovereign Edition addresses these requirements through fundamentally different architecture and operations. Located in Germany and independently operated, this solution was designed to align with the Cloud Sovereignty Framework of the European Commission and has been evaluated by the highly reputable cyberintelligence.institute, where their expert assessment explained:

“The Ivanti Sovereign Cloud demonstrates a high level of European control in the areas of data processing, security and compliance governance. In its current configuration, the Ivanti Sovereign Cloud achieves at least SEAL 2 certification, meaning that data sovereignty is ensured in all areas. Furthermore, the Ivanti Sovereign Cloud meets the requirements for SEAL 3 certification in many relevant areas, thus achieving digital resilience.”

You can read the full technical assessment to learn more.

Achieving data sovereignty compliance with confidence

Neurons for MDM – Sovereign Edition – EU provides European firms with a strategic foundation for their IT and Security platform from a trusted leader, while maintaining local jurisdictional protections for risk management. This means public and private entities can continue their digital transformation with the confidence that their cloud data will remain secure while their operations gain resilience.

Next steps? Read our whitepaper, Sovereign Cloud as a Strategic Necessity for European Organizations, to discover how Ivanti Neurons for MDM Sovereign Edition achieves and exceeds SEAL 2 certification and provides the sovereign cloud architecture European organizations need to maintain data sovereignty while enabling secure digital transformation.

April 2026 Patch Tuesday

Tue, 14 Apr 2026 22:51:36 Z

The lead up to Patch Tuesday has been interesting. We had a Google Chrome zero-day (CVE-2026-5281) that was patched on April 1, an Adobe Acrobat Reader zero-day (CVE-2026-34621) late in the day on Friday April 10, and several older CVEs that were added to the CISA KEV list yesterday (April 13). All of this amidst a lot of industry buzz about Anthropic Mythos and Project Glasswing.

What is the correlation between these events and Project Glasswing you ask? Most of the discussions around Mythos have been focused on where it will be used and the ramifications.

Finding exploitable flaws in code can be a powerful tool for good when used by the vendor writing the code before it is released. However, it will also be used by researchers and threat actors to find flaws in code that is already released and that is where my speculation is directed.

Consider the knock-on effects of a massive model like Mythos and what it will mean near term and longer term for the software that companies consume. Near term you will have the big players using a solution like this to release more secure code. As researchers and threat actors adopt more robust AI models to identify exploitable flaws this will result in more coordinated disclosures (good), zero-day exploits (bad) and n-day exploits (bad). All of this will result in more frequent, and more importantly, urgent software updates.

Many organizations currently struggle to keep up with priority updates resolving exploited vulnerabilities when they occur outside of their normal monthly maintenance. I suspect most organizations were not aware of the Adobe Acrobat zero-day exploit until the CISA KEV update yesterday. This means that threat actors had another 2-3 days of free reign to exploit CVE-2026-34621 before most organizations became aware and many of those organizations will likely handle the update as part of their regular maintenance that is starting today on Patch Tuesday.

Browser security updates are a weekly occurrence. Many other applications that users are utilizing regularly release updates on a continuous cadence, not a set monthly release date. This means many of the user targeted exploits are going to occur in software that is releasing outside of the average organizations maintenance schedules and that frequency is about to increase. It is hard to say if that increase is going to be 1.5x or 5x, but rest assured that the increase will be noticeable and will exacerbate a challenge that most organizations already struggle with – timely patch management.

Enter Exposure Management. This is really a mindset and maturity change as much as a technology evolution. The mindset change requires us to consider a world where we need to make the decisions up front and monitor those decisions. This is called defining your Risk Appetite and monitoring your Risk Posture. Doing this effectively matures an organizations’ response to risks and makes remediation activities much more clear cut.

The technology evolution requires the traditional vulnerability assessment technologies to integrate into a broader ecosystem where asset visibility or system of record comes together with vulnerability assessment and vulnerability intelligence solutions to refine when risks require more immediate action vs waiting for your regular maintenance activities to occur. Most important is the need for this tech stack to be integrated with your AEM (Autonomous Endpoint Management) platform as this is where remediation predominantly (and automatically) occurs.

Now, back to our regularly scheduled Patch Tuesday update. Microsoft has resolved 169 CVEs this month which is a massive patch Tuesday lineup. April Patch Tuesday is the second-largest Patch Tuesday on record behind the October 2025 Patch Tuesday which resolved 175 CVEs. The lineup includes one zero-day exploit (CVE-2026-3220) and one public disclosure (CVE-2026-33825) and breaks down into 8 Critical, 156 Important, 3 Moderate and 1 Low severity.

The zero-day CVE is in Microsoft SharePoint and the public disclosure is in Microsoft Defender making those two updates the most urgent for this month in addition to the Adobe Acrobat and Google Chrome updates leading up to Patch Tuesday.

Microsoft’s known exploited vulnerabilities

Microsoft resolved a Server Spoofing Vulnerability in Microsoft SharePoint (CVE-2026-32201). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 6.5, but it has been confirmed to be exploited in the wild. An attacker who successfully exploits this vulnerability can view sensitive information and make changes to the disclosed information. The vulnerability affects SharePoint server Subscription Edition, SharePoint Server 2019 and SharePoint Server 2016. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft’s publicly disclosed vulnerabilities

Microsoft resolved an Elevation of Privilege Vulnerability in Microsoft Defender (CVE-2026-33825). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but has been publicly disclosed. The CVE lists exploit code maturity as Proof-of-Concept which puts this at a higher risk of exploitation. An attacker could use this vulnerability to allow an authorized attacker to elevate their privileges to SYSTEM on the local machine.

Ivanti security advisories

Ivanti has released one security update for April. The update affects Ivanti Neurons for ITSM and resolves two CVEs. More details and information about mitigations can be found in the April Security Advisory.

Third-party vulnerabilities

Adobe has released twelve updates this month, eleven of which released on Patch Tuesday and the zero-day update for Acrobat that released on Friday, April 10. 54 CVEs were resolved with a breakdown of 39 Critical, 13 Important and 2 Moderate. APSB26-43 resolved the zero-day exploit (CVE-2026-34621).

April update to-do list

Adobe Acrobat (CVE-2026-34621) and Google Chrome (CVE-2026-5281) each had zero-day exploits leading up to Patch Tuesday. Ensure that you are prioritizing remediation of these two products to the latest version.
Microsoft SharePoint includes a zero-day exploit (CVE-2026-32201) and should be investigated as a priority especially if you have known update challenges with your SharePoint environments.
The Microsoft Windows OS update this month resolves 133 CVEs (depending on edition) and includes 4 Critical CVEs. This update will resolve a significant number of findings across your environment.

April 2026 Security Update

Tue, 14 Apr 2026 14:08:24 Z

Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments.

We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Neurons for ITSM (on-premises and cloud).

It is important for customers to know:

We have no evidence of these vulnerabilities being exploited in the wild.
These vulnerabilities do not impact any other Ivanti solutions.
Customers using the cloud version of Ivanti Neurons for ITSM do not need to take any action as the fix was applied on 12 December 2025 to all cloud environments.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in this Security Advisory.

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Not All Agents Are Created Equal: Getting Agentic AI Right for IT

Wed, 08 Apr 2026 13:00:06 Z

Three months ago, a CIO told me her organization had “already deployed agents.” Her endpoint team assumed she meant the telemetry clients on every managed laptop. Her service desk thought she meant AI chatbots. Meanwhile, her security architect heard “autonomous decision-making.” They were all right and all talking past each other.

This is the agent confusion problem. It sounds like a semantics issue, but it creates real misalignment when teams try to get serious about implementing agentic AI. So, let’s untangle it.

Three types of “agents” for IT — and how they fit together

1. Endpoint agents

Endpoint agents are the lightweight clients that have run silently on managed devices for decades — collecting telemetry, executing policies, applying patches. If you run a modern endpoint management platform, they’re already across your fleet doing the quiet, continuous work. They're your infrastructure layer: always listening and reporting but not making decisions.

2. Automation bots and workflows

Automation bots and workflows handle the repetitive, structured processes IT runs on: proactive issue identification, self-healing, password resets, account unlocks, software provisioning, approval chains. These aren’t legacy limitations to apologize for. A well-built password reset bot is fast, predictable and exactly right for that job. They're your execution layer: reliable, auditable and purpose-built.

3. AI agents

AI agents are something genuinely different. Where endpoint agents collect data and automation bots execute tasks, AI agents coordinate both. Orchestrated by large language models (LLMs), they understand intent, reason across context from multiple systems, plan multi-step actions and decide when to escalate an issue that requires human expertise.

But here’s the nuance that matters: a well-designed AI agent doesn’t replace the automation bot; it calls it. When an employee asks to reset their password through a conversational interface, the AI handles the dialogue, verifies identity, applies policy logic and then triggers the existing workflow to execute. Intelligence orchestrating automation. That’s the architecture worth building toward. Add endpoint telemetry, and the picture gets richer.

Here’s what this looks like in practice:

An employee messages: “My laptop has been crawling since the last patch.”

The AI agent:

Interprets the intent, recognizes this as a performance issue potentially triggered by a recent change.
Pulls real-time CPU load, disk usage and startup process data from the endpoint layer.
Triggers a targeted remediation. Not a guess. A data-informed, auditable action.

That’s what self-healing IT looks like at the conversational layer.

What makes agentic AI for ITSM work

Getting agentic AI for IT service management right comes down to a few critical foundations.

Start with clean, current knowledge

An AI agent is only as good as what it knows and what context it has. Before enabling any agentic capability, audit your knowledge base and ask these key questions:

Is it current?
Is it tagged by use case?
Is it maintained after major changes?

Outdated knowledge leads to wrong outputs that quickly destroy employee trust. That said, these same AI agents can be used to accelerate knowledge creation, too. Every resolved ticket is a draft article. Every question the agent can't confidently answer is a knowledge gap it just surfaced for you. The agent becomes a contributor to your knowledge base, not just a consumer of it.

Provide context

Knowledge alone isn’t enough. Agents need real-time context across your entire IT environment. This includes device data from your CMDB, role and access information from HR systems and ticket history from ITSM. With this context layer, it’s possible to move from a smart-sounding bot to an agent that can close the loop.

Set governance guardrails

Having control and AI guardrails is not optional. Be deliberate about what the agent handles autonomously, what needs a human approval step and what always escalates. Having a human in the loop isn’t about being overly cautious. Rather, it’s a deliberate, intelligent design. For anything security-sensitive like MFA changes, privilege adjustments or data access requests, the agent should surface the decision, not make it unilaterally. Companies must build those thresholds from the start, not try to retrofit them later.

Change management

Even with the perfect setup, deployment fails when companies don’t consider change management.

Your service desk team needs a clear mental model of what the agent handles and where they take over. You might think of it like any other division of labor: you don't want overlap. You don't want humans burning cycles on tasks the agent can knock out instantly, and you definitely don't want the agent making calls where policy says a human needs to be in the loop. Clean boundaries keep both sides working at their highest value.

Your employees need to trust that context won’t be lost mid-conversation when an issue is escalated from agent to human. Immediately letting agents do more than foundational support is how a promising pilot becomes a painful rollback. Start narrow and earn the right to expand.

Here’s what success looks like

To prove ROI with agentic AI, organizations should focus on operational metrics that reflect real impact and can be improved through better orchestration.

Ticket deflection shows how effectively agents resolve common requests end to end without human involvement. Auto-remediation highlights when systems can diagnose issues and take approved corrective action, reducing manual effort and queue volume. Mean Time to Resolution (MTTR) reflects how much the system shortens the path from request to outcome by removing handoffs and tool switching.

Together, these metrics indicate whether agentic AI is truly reducing work, not just shifting it. But the most important measure is end-user satisfaction (CSAT). Speed without satisfaction simply creates faster friction.

The best agentic AI is invisible. Employees ask for help, get what they need, and move on without noticing the workflows, checks, or automated actions behind the scenes. Organizations that achieve success design agentic systems intentionally, with clear guardrails and a strong understanding of how autonomy reshapes operations.

Next steps

If you are evaluating the role of self‑service agentic AI in your IT ecosystem, a conversational entry point is often the most practical place to begin. Consolidating incident creation, service requests, knowledge access, and status checks into a single interface can reduce friction for employees while still respecting policies and existing workflows.

This approach lays the groundwork for a broader agentic platform. For IT leaders under pressure to do more with less, this is the moment to deliberately define how AI should operate, where autonomy adds value, and where guardrails are required.

Ready to take the next step in your agentic AI journey? Get our whitepaper for the framework, maturity model and implementation roadmap you need to succeed.