The barriers are known. Named. Quantified. And the remediation most organizations are running is aimed at the wrong target.
TL;DR
- The two leading barriers to AI scale in procurement are security concerns (50%) and trust in AI decision-making (47%). Neither is a technology problem.
- Most remediation is aimed at the wrong target. Adding governance as a policy overlay does not close a governance-as-architecture gap.
- The Foundry research shows that only 66% of procurement leaders have stakeholders who trust AI outputs enough to act on them without re-verifying. More than a third still re-check every output manually.
- Closing both barriers requires governance built into the execution layer rather than applied on top of it. This blog’s framing: policy embedded, audit native, escalation by design.
- Organizations treating the governance problem as a technology problem are spending more to close less of the gap.
- The full Foundry/CIO Market Pulse research is now available. Read the full report.
What Two Blogs Have Built Toward
The first blog in this series named the paradox: agentic AI ambition in procurement is near-universal; execution is rare. The second named the structural reason: automation and autonomy are different architectures, and 71% of procurement teams sit one stage short of the target. This blog answers the question both of those raise: what does it actually take to cross?
The barriers are known. They have been measured. And they are not what most organizations are currently spending to fix.
The Two Numbers That Explain the Stall
The Foundry research names the two leading barriers to scaling AI in procurement precisely. Security concerns are cited by 50% of respondents as a top constraint on scaling. Trust in AI decision-making is cited by 47%. Both rank ahead of ERP integration, data quality, skills gaps, and ROI uncertainty, the items that dominate most procurement AI investment roadmaps.
Read those rankings again. The items procurement leaders are spending to solve their AI scaling problem are not the items they say are actually blocking it. That is not a coincidence. It is a misdiagnosis. And misdiagnosis at the investment level is expensive.
Integration complexity, data quality, capability gaps, and ROI clarity are real constraints on procurement transformation. They are not the constraints that explain why AI scale fails once the technical foundation is in place. Security and trust are. And the remediation for each looks nothing like the remediation for the others.
Neither security nor trust is a technology problem. Both belong to the same category: governance of how AI systems decide, act, and account for their decisions. That category of problem is not solved by better integrations, tighter data pipelines, or more capable models.
Why Adding Governance Does Not Close the Gap
The default remediation is predictable. When security surfaces as a barrier, organizations add access controls and auditing infrastructure. When trust surfaces, they add model explainability dashboards and human-in-the-loop checkpoints. Both are governance overlays: policies and controls applied on top of a system that was not designed with governance at its center.
Gartner predicts that by 2027, 40% of enterprises will decommission autonomous AI agents due to governance gaps found only after production incidents. Not because the models failed. Because governance was applied on top of systems rather than built into them. The root cause Gartner names: organizations treat governance as binary, either locked down or fully trusted. Neither posture is architecture.
The distinction matters: governance as overlay versus governance as architecture. An overlay checks decisions after they are made. Architecture makes governance part of how decisions are made in the first place. An organization that adds AI into an unchanged decision process, with humans still verifying every output, has not moved toward autonomy. It has added cost without adding scale.
What Governance Built In Actually Means
Governance built into the execution layer looks nothing like a compliance review. Three properties define it.
- Policy is embedded, not applied. The agent operates within a defined policy envelope. It does not decide and then check against policy. Policy is the constraint inside which the decision occurs. The difference between “decided within policy” and “decided, then reviewed against policy” is the architectural distance between Stage 3 and Stage 4.
- Audit is native, not retrospective. Every agent action generates a traceable record at the point of execution, not as a downstream reporting step. The organization does not reconstruct what happened. It reads what was logged as the system ran.
- Escalation is by design, not by exception. Stage 3 systems surface exceptions when something breaks. Governed autonomous systems escalate to human judgment when the situation genuinely requires it, by design, not by failure. The human is inside the architecture, not waiting outside it for alerts.
You cannot install trust by adding features to a system not built to earn it. These are properties of a different architecture.
The Re-Verification Problem
The Foundry research quantifies the trust deficit precisely. Only 66% of procurement leaders say stakeholders trust AI outputs enough to act on them without re-verifying. More than a third are manually re-checking every AI output before acting on it.
That re-verification loop is what governance-as-overlay looks like at runtime. The AI reduced the time to generate the output. Human re-verification added the time back. The organization has not closed its governance gap. It has automated the first step while leaving the bottleneck intact.
Closing the gap does not require more capable AI. It requires the architecture this blog has described: governance built into the execution layer so that outputs are already verified, actions already within policy, and escalation already by design. A system built that way does not need re-verification. It has already earned the right to act.
The Cost of the Wrong Diagnosis
McKinsey’s research on agentic AI at scale found that fewer than 10% of enterprises that have experimented with AI agents have scaled them to deliver tangible value. Gartner’s analysis of what separates successful AI initiatives from unsuccessful ones found that organizations getting AI right invest up to four times more in governance foundations than those experiencing poor outcomes.
The procurement implication is direct. An organization spending the next 24 months adding explainability layers and approval workflows to a Stage 3 stack is not closing the security and trust barriers. It is building a more elaborate Stage 3 at increasing cost. The cohort the Foundry data shows committing to genuine autonomy over the same 24-month window is not adding governance to their AI. It is building AI inside governance.
Two paths are diverging: adding governance to AI, or building AI inside governance. The first finances a more elaborate version of what it already has. The second builds the conditions under which scale becomes possible.
The Architecture That Earns Trust
The architectural answer follows from the diagnosis. Policy embedded, audit native, escalation by design: these are the three commitments. Not overlays. Not checkpoints. The execution layer where governance lives, the audit posture that proves it, and the escalation architecture that makes it real.
The architecture that governs AI from first request to final outcome, without losing accountability at any handoff, is what these three commitments build toward.
Organizations that build for all three earn what the 34% cannot yet claim: a procurement AI that stakeholders trust enough to act on, without re-verifying first.
The Diagnosis Was the Easier Part
Naming security and trust as the barriers does not close them. The Foundry research names the specific architecture that closes both, the cohort that has already built it, and what changed when they did.
Read the full research
Most Procurement AI Investments Are Stalling. Here Is Why, and What to Do.
A global study of 240 senior procurement leaders. Research conducted by Foundry (IDG) for CIO Market Pulse. Sponsored by Zycus.
Previous blog in the series: Automation Isn’t Autonomy: Here’s why 71% of Procurement Teams Are Stuck One Stage Short
Next blog in the series: This Is What Procurement AI Leadership Actually Looks Like
Related Reads:
