// How I think about AI in IT
Engineering, finance, GTM, ops, every function is starting to ship its own workflows, agents, and internal tools. Corporate Engineering's job isn't to gate that, it's to provide the paved roads, identity, and governed AI surface that make it safe and easy. This page is the operating view: where AI clearly helps, where I keep humans in the loop, and what I would not automate. AI doesn't replace foundations like identity, governance, and lifecycle automation. It sits on top of them, and amplifies whatever it's pointed at.
Internal AI needs the same primitives we give engineers: identity, RBAC, audit, evals, and a managed gateway. Credal-style brokers in front of ChatGPT Enterprise, Claude, and Gemini give the org safe surface area without a different login per model.
2026 is the year IT moves from task automation (summarize this ticket) to role-based agents (orchestrate this access request end-to-end across Workday, Okta, Slack, and Jira). The IT engineer's job shifts from doing the work to managing the digital workforce that does it.
Identity-aware retrieval across Slack, Notion, Drive, Jira, and Zendesk turns institutional knowledge into a queryable system. The result: fewer DMs to senior people, faster ramp, and a measurable drop in repeat tickets.
Shadow IT is a signal, not a threat. When employees reach for unsanctioned AI, it tells you where the paved road is missing. The Corporate Engineering team's job is to make the safe path the easy path, Credal instead of personal ChatGPT, governed Okta and MCP connectors instead of one-off scripts.
AI amplifies whatever it's pointed at. Clean identity state, accurate HRIS data, and strict RBAC aren't compliance checkboxes, they're the prerequisites that decide whether an AI rollout helps the company or quietly grants the wrong access to the wrong person.
What I'd not hand to an agent on day one.
Most of the credibility in an AI-in-IT plan is in what you choose not to automate. A short, honest version of mine.
AI can stage the request, gather context, and pre-fill the approval. The actual grant of admin, finance, or production access stays behind a human approver. The wrong way to adopt AI in IT is to automate bad processes faster.
Anything that touches customer data paths, identity provider config, or core SaaS tenants gets a reviewer. Agents draft the change; a human ships it.
Agents execute the deprovisioning flawlessly once the signal fires. The signal itself, the decision that someone is leaving, stays a human, HR-driven event with audit trail.
AI is great at applying existing policy. New policy, new exceptions, and anything that sets precedent is a human call, with the AI as a research assistant, not the author.
// A note on vibecoding
Most internal tools a company needs are small: a Slack bot that looks up a group, a script that reconciles two systems of record, a dashboard that surfaces stale access, a one-off form that routes a request to the right approver. They never make the engineering backlog, so historically they never get built, and the people who actually need them, ops, finance, GTM, IT itself, end up doing the work by hand.
That's the gap AI-assisted coding closes, and it's exactly why every team is becoming a software team. A Corp Eng team that's comfortable describing what they want and letting an AI scaffold the first 80% can ship those tools in an afternoon, and more importantly, can give other teams the paved road to do the same on top of governed identity, data, and AI primitives. The role of the engineer shifts from typing every line to reviewing, hardening, and integrating, which is where the judgment was always the valuable part.
This site is the proof of concept. It was vibecoded end-to-end with Lovable. The point isn't the site, it's that the same posture, describe the outcome, let AI draft, edit with taste, ship, is exactly what an IT engineer should be doing for their internal customers every week, and exactly what IT should be enabling every other team to do safely.
The same pattern, trigger → workflow → governed AI → identity-aware retrieval → continuous evidence, is what every team should be able to compose on top of the platform IT runs.
New hire record fires SCIM events. The identity provider is the only system that decides who exists.
Workflow brokers app provisioning, group membership, and manager notifications, replacing a ticket queue with code.
A managed AI gateway sits in front of frontier models. Generates personalized onboarding plans, summarizes role-specific docs, and answers Day-1 questions inside chat with identity-aware context.
Permission-scoped retrieval across the knowledge graph, docs, chat, tickets, code, so the new hire's first 'who owns X?' question is answered without DMing a director.
Provisioning evidence collected continuously by the GRC platform. Access reviews are a query, not a quarterly fire drill.
Onboarding time-to-productive drops measurably. IT stops being the bottleneck and becomes the platform other teams build on.
The categories that make a lean Corp Eng team work.
Slack, Notion, Drive, and Jira become a single queryable surface scoped to what each person is allowed to see.
RBAC, audit, DLP, and evals applied uniformly so the org doesn't end up with a different shadow account per model.
Joiner, mover, leaver flows wired directly into HRIS so provisioning is a system property, not a checklist.
Replaces the quarterly evidence scramble with a system that already has the answer when an auditor asks.
Engineering, finance, GTM, and ops are all about to ship their own agents and internal tools. A small Corporate Engineering team with the right primitives, identity, an AI gateway, a workflow runtime, identity-aware retrieval, and continuous compliance, lets them do that safely and well, without becoming a bottleneck. That's the bet I want to make for your company.