Spacelift’s The AI Readiness Gap Report Reveals a Growing Divide Between AI Adoption and Infrastructure Governance

Artificial intelligence is rapidly transforming software development, but a new report from Spacelift suggests that many organizations are struggling to keep their infrastructure practices aligned with the speed of AI adoption. In The AI Readiness Gap, part of the company’s 2026 State of Infrastructure Automation research, Spacelift surveyed 406 IT decision-makers and platform engineering leaders to examine how AI is reshaping infrastructure management, governance, and automation. The findings reveal a widening disconnect between the rapid adoption of AI-assisted development and the systems organizations have in place to govern and manage the resulting changes.

AI Is Accelerating Development Faster Than Infrastructure Teams Can Respond

The report highlights what Spacelift calls the “AI-infrastructure gap.” While AI-assisted coding has become commonplace, the infrastructure teams responsible for deploying, governing, and maintaining that code are struggling to keep pace. According to the survey, 89% of organizations report that developer velocity has increased because of AI, while 82% say that between one-quarter and nearly three-quarters of their code is now AI-assisted. Yet despite these gains, only 25% of organizations consider AI a top strategic priority.

The consequences are already becoming visible. More than six in ten respondents say application development is moving ahead of infrastructure in terms of AI adoption, creating pressure on DevOps and platform teams to absorb a growing volume of AI-generated changes. As AI-generated code increasingly flows into production environments, infrastructure teams are encountering higher levels of operational complexity and risk.

Four Levels of AI Readiness

To better understand how organizations are managing this transition, Spacelift introduced an AI Maturity Index that categorizes respondents into four groups: Exposed, Fragmented, Outpacing, and Pioneer. The classification is based on factors including AI integration, governance maturity, infrastructure automation, risk exposure, and platform readiness.

Nearly one-quarter of organizations fall into the Exposed category, meaning they are actively using AI but lack the governance frameworks needed to manage it safely. Another 32% are considered Fragmented, where AI adoption exists but remains inconsistent across teams. Twenty-five percent are classified as Outpacing organizations, embracing AI aggressively but allowing governance to lag behind. Only 19% qualify as Pioneers, having established governance and automation practices before accelerating AI adoption.

One of the report’s more notable conclusions is that organizational size is not a determining factor. Large enterprises and smaller companies can appear in any category. The distinction comes down to behavior, governance discipline, and operational practices rather than budget or headcount.

The Governance Confidence Problem

The research uncovered a striking contradiction in how organizations view AI governance. While 86% of respondents expressed confidence in their organization’s ability to govern AI, only 30% reported having a formal AI governance policy in place.

This gap between confidence and operational reality forms what the report describes as the “AI-governance paradox.” Many organizations believe they are effectively managing AI-related risks despite lacking the policies, controls, and oversight mechanisms typically associated with mature governance programs. The discrepancy is particularly pronounced among organizations categorized as Exposed, where only a small fraction have formal governance policies despite widespread confidence in their capabilities.

The findings suggest that governance remains one of the least mature aspects of enterprise AI adoption. While companies are eager to implement AI tools and workflows, fewer have established the controls necessary to ensure those systems operate safely and consistently at scale.

Infrastructure Teams Are Already Seeing AI-Driven Incidents

The report argues that the consequences of weak governance are no longer theoretical. Ninety-three percent of surveyed organizations reported experiencing at least one AI-related infrastructure incident during the previous year.

Among the most common issues were rework resulting from AI-generated changes, security misconfigurations reaching production environments, compliance violations, infrastructure drift linked to AI-generated modifications, and incidents involving agentic systems. Each category affected roughly one-third of respondents.

The difference between governance leaders and laggards is significant. Organizations classified as Exposed reported dramatically higher rates of AI-related incidents, while Pioneer organizations were far less likely to encounter such problems. According to the report, governance and automated validation systems help catch issues before they reach production, reducing operational disruptions and limiting the need for costly remediation efforts.

“Vibe Coding” Is Reaching Infrastructure

The report also explores the growing influence of so-called “vibe coding,” where developers rely heavily on AI-generated code with limited review or oversight. While the concept has primarily been discussed in the context of software development, Spacelift’s data suggests it is rapidly extending into infrastructure management.

Nearly 80% of respondents reported using AI to generate infrastructure-as-code configurations, governance policies, or related infrastructure artifacts. More concerning, a substantial share of infrastructure teams indicated they would approve AI-generated infrastructure code with little or no review.

Unlike application bugs, infrastructure errors can have broad operational consequences, affecting security, compliance, networking, and cloud resources. As a result, the report argues that AI-generated infrastructure changes require governance mechanisms capable of validating and enforcing controls before those changes are deployed.

The Next Challenge: Agentic AI

If organizations are struggling with AI-assisted development today, the report suggests that agentic AI may amplify those challenges. Eighty-nine percent of respondents say they plan to adopt agentic AI for infrastructure operations, and nearly one-quarter expect to do so within six months.

Agentic systems differ from traditional AI tools because they can make and execute decisions autonomously. In infrastructure environments, that could mean provisioning resources, modifying configurations, or responding to incidents without direct human approval. While these capabilities promise significant efficiency gains, they also increase the importance of governance, since there may be no human reviewer positioned between an AI decision and production deployment.

The report notes that early adopters are already reporting incidents involving agentic systems, suggesting that governance frameworks will need to evolve alongside these increasingly autonomous technologies.

Platform Engineering Emerges as a Potential Solution

One of the report’s strongest findings centers on platform engineering. Organizations that have embraced platform engineering appear significantly more prepared for AI-driven infrastructure environments than those relying on traditional approaches.

More than 80% of respondents are considering a shift toward platform engineering, and Pioneer organizations are far more likely to have already made the transition. According to the report, platform engineering creates governed, self-service pathways that allow developers to move quickly without bypassing compliance, security, and operational controls.

Rather than forcing governance to compete with speed, platform engineering attempts to integrate governance directly into workflows, making compliant actions easier than non-compliant ones. The data suggests that organizations succeeding with AI adoption are increasingly following this model.

Measuring the Wrong Things

The report also argues that organizations may be focusing on outdated metrics. Many infrastructure teams continue to track productivity, deployment frequency, and security incidents, but relatively few monitor AI-specific indicators such as the volume of AI-generated infrastructure code entering pipelines or the error rates associated with AI-generated changes.

Without visibility into these AI-specific signals, organizations may struggle to determine whether governance controls are actually working. As AI-generated infrastructure becomes more common, measuring traditional operational outcomes alone may not provide sufficient insight into emerging risks.

AI Readiness Is Becoming an Infrastructure Challenge

The findings suggest that AI readiness is no longer simply a question of model adoption or developer productivity. Increasingly, it is becoming an infrastructure challenge centered on governance, automation, platform engineering, and operational discipline. Organizations that invested in these capabilities before AI arrived appear to be adapting more successfully, while others are finding that AI is exposing weaknesses that already existed beneath the surface.

As enterprises continue moving toward AI-assisted and eventually agentic operations, the gap between adoption and governance may become one of the defining technology challenges of the next decade. Spacelift’s The AI Readiness Gap report suggests that many organizations have already crossed the threshold into AI-driven infrastructure, but far fewer have built the governance foundations needed to manage it effectively.