The question enterprises are asking has changed. It’s no longer whether to deploy AI agents — it’s why so few deployments ever move beyond the pilot stage. IDC projects that the number of actively deployed AI agents will exceed 1 billion worldwide by 2029 — 40 times more than in 2025.
  
Yet according to Camunda’s own research, 71% of organizations are already using AI agents, but only 11% of those use cases reached production last year. The gap between ambition and outcomes is widening. The root cause isn’t the technology — it’s the absence of a structured path forward.

How IT Leaders Can Move from Pilots to Production

Scaling agentic AI requires more than deploying more agents. It requires building the operating model that makes agents trustworthy, governable, and reusable across the enterprise. Here’s how to get there:
  
Start where agents create the most value. Focus first on processes that strain deterministic automation and look for unstructured inputs, incomplete data, and high exception rates (e.g. claims intake, KYC checks, customer onboarding, and email correspondence handling). These are the areas where agents have the highest impact and where the business case is easiest to demonstrate.
  
Build for reuse, not repetition. Treat agents, connectors, and process templates as shared enterprise assets. A central library of reusable components prevents pilots from splintering into disconnected projects and accelerates deployment across teams.
  
Establish governance before you scale. Define confidence thresholds, escalation paths, and human review triggers from day one. Wrap every agentic action in audit trails so compliance and risk teams have full visibility — before deployment, not after.
  
Connect agents inside business processes, not alongside them. The turning point comes when agents operate within orchestrated, end-to-end business processes. Deterministic logic handles predictable steps; agents handle ambiguity and exceptions. The result is a process that is stateful, fault-tolerant, and auditable at every stage.
  
Shift from pilots to platforms. Formalize the operating model once early use cases prove out. Establish a central team to standardize process design patterns, onboarding templates, and success metrics — so new agentic processes can be built without reinventing the foundation each time.
  
Measure outcomes and expand autonomy incrementally. Track cycle time, exception rates, cost per case, and compliance accuracy. Use those feedback loops to refine agent behavior and increase autonomy gradually — starting with classification and data enrichment before moving into fully autonomous decision-making.

The right operating model

Agentic orchestration is what makes all of this possible at enterprise scale. It brings deterministic process logic and dynamic AI decision-making together: rules handle what’s predictable, agents handle what isn’t, and the business retains full visibility and control throughout. The leaders who will define this era aren’t those running the most experiments – they’re the ones who have built the orchestration infrastructure to make AI deliver, at scale, with governance built in from the start.

Every CIO has a version of the same story. The AI pilot worked. The proof of concept impressed the board. And then — somewhere between the demo and enterprise-wide rollout — things stalled. The culprit is rarely the AI model. More often, it is the content. According to IDC, unstructured data accounts for roughly 90% of all enterprise data globally, and APAC organisations are generating it faster than anywhere else. Yet most of it sits ungoverned, siloed, and invisible to the very AI systems designed to act on it. The challenge keeping CIOs awake is not whether AI is capable enough — it is whether the data foundations beneath it are ready.

From Storage Problem to Strategic Asset

The shift required is a fundamental rethinking. Leading enterprises are treating content not as a storage problem but as a strategic asset — classified, governed, and connected to the workflows and people that need it in real time. For CISOs, the stakes are equally high: as AI agents act autonomously on enterprise content — summarising, routing, deciding — ungoverned data is no longer just an operational inefficiency. It is an expanding attack surface. Content that cannot be classified cannot be protected.
  
This urgency is compounded by ASEAN’s regulatory landscape. MAS Technology Risk Management guidelines in Singapore, OJK frameworks in Indonesia, and emerging data protection regimes across Thailand and the Philippines all require demonstrable governance over how data is accessed — including by AI. Content governance is not a best practice. It is a compliance obligation.

The Questions CIOs Should Be Asking Now

Organisations pulling ahead treat content governance and AI readiness as one initiative, not two — asking: Do we know where our sensitive data lives? Can AI agents operate within our compliance boundaries without us choosing between capability and control? Consider a regional bank deploying AI on loan documents spanning a decade of applications and amendments — ungoverned, scattered, inaccessible. The AI cannot safely act on what it cannot reliably see. The bottleneck is not intelligence. It is content readiness. This is the reality facing enterprises across ASEAN today.
 
For CIOs and CISOs across ASEAN, the first question is not “which AI model should we deploy?” — it is “is our content ready for AI to act on?” A content readiness audit is the practical first step. The window to get these foundations right is now.

A retail ERP system underwent a vertical scaling operation to support growth from 3,000 to 10,000 stores on AWS. Immediately following the cutover, users experienced widespread HTTP 503 (“Service Unavailable”) errors and checkout failures. Yet, standard performance dashboards indicated a healthy environment.

During the incident response, each team reviewed their respective telemetry, which indicated normal operation:

– Database Team: “Query latency is flat at sub-millisecond levels. The database is executing requests instantly.” 
– Application Team: “JVM threads are in a WAIT state on sun.nio.ch.SocketDispatcher.read. The code is blocked, waiting for database responses.” 
– Infrastructure Team: “CPU is at 9%, storage IOPS is at 8%, and bandwidth is within SLA. We have substantial headroom.”

While component-level metrics appeared healthy, system-wide transactions were failing.

Case Study: Non-Linear Failure at 3X Scale

To understand why this happens, we have to look outside standard telemetry. This article breaks down a real production incident where the root cause was an invisible bottleneck: the EC2 instance had hit a hard packets-per-second (PPS) ceiling, not a bandwidth limit.
 
The system looked perfectly healthy at 9% CPU and under 10% storage IOPS. It wasn’t; it was silently discarding traffic. TCP retransmissions had climbed past 20% at peak (with spikes to 50%), database insert latency jumped from 1ms to 150ms, and connection time to the SQL service ballooned to 3 seconds.
 
The standard monitoring stack saw none of it.

This postmortem documents how cross-layer correlation—specifically overlaying synthetic connection probes, network stack metrics, and application thread states on a single timeline—exposed what siloed monitoring missed, and exactly what SRE teams must instrument to catch it early.

(Note: This article summarizes a 15-page forensic postmortem. Download the full technical case study (PDF) for the complete timeline, configuration diffs, and TCP tuning parameters.)