Martin Thompson, founder of the ITAM Forum, recently described the current AI landscape as resembling the "Wild West", uncharted territory full of challenges but brimming with opportunity. According to Thompson, businesses are diving headfirst into AI without fully grasping the short and long-term impact of it, and ITAM teams are left scrambling to figure out how to track, govern, and control this new breed of asset. After reflecting on his insights and my own experiences in the field, I'm convinced that ITAM principles offer the map we need to navigate this frontier.
Where ITAM Meets AI
IT Asset Management has traditionally focused on tracking hardware, managing software licenses, and optimizing technology spending. But AI introduces a new dimension to asset management that many ITAM programs aren't equipped to handle, especially in SMBs and also in enterprises where AI is not heavily adopted.
AI isn’t hardware you can tag or software with a clear license agreement. It’s a mix of algorithms, training data, compute power, and cloud resources. And yet, it comes with the same headaches as traditional IT assets (hidden costs, security risks, compliance challenges, and, of course, shadow IT).
Think about it: Right now, marketing teams are using generative AI tools to help generate ideas for content creation. HR is experimenting with AI-driven recruitment analytics. Operations teams are trying predictive AI to optimize workflows. And IT? IT is often left in the dark, and often has no clear visibility into what’s running, where, or at what cost.
This is exactly how cloud sprawl happened. 
If ITAM doesn’t step in soon enough, we’ll end up with AI sprawl; which will result in AI being untracked, unmanaged, and costing businesses way more than they expected. The sprawl of AI experiments happening across enterprises today mirrors the early days of cloud adoption; promising technology deployed with minimal governance and unclear ROI.
The ITAM Challenges of the AI Era
From my perspective in the ITAM trenches, several key challenges stand out in terms of the AI era:
1. Asset visibility is fragmenting: Unlike traditional software that IT departments purchase and deploy, AI tools often enter organizations through individual department subscriptions or even personal accounts.
I’ve witnessed employees connecting company data to over 10 different AI platforms and none being registered in their ITAM system(!). This gray AI phenomenon creates serious security and compliance risks. Imagine the consequences when an employee feeds sensitive customer data into a public platform like ChatGPT without permission, potential lawsuits and regulatory violations just around the corner.
2. Licensing models are evolving: AI systems often use consumption-based pricing tied to tokens, API calls, or computing resources rather than traditional per-user licensing. These models require new monitoring approaches for cost management (to which ITAM can be helpful by overseeing and optimizing usage patterns. The cost structure of AI differs fundamentally from traditional software.
AI involves licensing fees as well as infrastructure costs, energy consumption, and data storage expenses that; which are often a blind spot to an average organization. Without cohesive tracking of these interdependent costs, budgets are likely to spiral out of control, quickly.
3. Compliance risks are multiplying: ITAM has always managed software compliance, but AI introduces new regulatory dimensions like data privacy, bias monitoring, and industry-specific requirements. The EU AI Act, coming into force in September 2026, will require comprehensive risk assessment and management practices that ITAM teams are ideally positioned to support.
Though primarily designed for Europe, it has global implications that multinational companies can (and should) use across borders. No crystal ball in my hands, but I can already foresee that companies will continue burying their heads into the sand and will struggle to demonstrate compliance when regulators come calling if they do not have robust AI asset management at hand.
4.Trust and transparency present new challenges: Organizations have unanswered questions on AI’s approach to data quality, security, and privacy; mainly to do with where data is stored, how it is used, and who can access it.
These concerns directly impact asset management practices. ITAM professionals must eventually develop new approaches to documenting and communicating how AI assets handle data.
5. Asset lifecycle management is more complex: AI models aren't static assets. They evolve through training and fine-tuning; therefore tracking these changes and understanding their implications for cost, performance, and compliance presents new ITAM challenges.
Expertise gaps hinder effective management. We can’t ignore the fact that there is still an AI knowledge and expertise gap that companies are trying to fill. This shortage extends to asset management, because few ITAM professionals have the specialized knowledge needed to effectively manage AI assets. Building this cross-functional expertise will be essential for effective AI asset management.
Read our previous article: What is Agentic AI? And why does it matter in IT service management and ITAM?
Evolving ITAM for the AI Age
Based on my ITAM experience, here are my recommendations for finding a happy middle - using traditional asset management principles while addressing AI's unique characteristics.
1. Expand your inventory approach. Traditional ITAM inventories focus on hardware and software. For AI, we need to add data assets, model versions, and computational resources. Identify every AI-powered tool, model, or service in use across the organization.
If ITAM can’t track it, it can’t be managed. Make sure that you’re also checking in with department heads on a regular basis to be 100% sure of what AI tools they are using. Identifying every AI tool and assessing risk levels is the first step towards effective management.
While doing that, it is a good practice to implement AI-specific classification frameworks. Develop a tiered classification system that considers factors like data sensitivity, business criticality, regulatory implications, and resource consumption.
2. Redefine ownership and responsibility. Clear ownership has always been an ITAM cornerstone, but AI requires a more nuanced approach. For each AI system, identify both technical owners (responsible for the system itself) and data stewards (responsible for the information it processes). Create an AI governance committee that includes ITAM representation.
Here, I’d like to underline the importance of assigning ownership - particularly for high-risk AI systems, and establishing clear guidelines for use. This ownership model should extend beyond technical responsibility to include business outcomes and compliance oversight.
3. Develop AI-specific financial controls. Traditional software ROI models don't capture AI's unique cost structure. Work with finance to create specific cost tracking categories for AI development, training, and operation. One common oversight for many businesses is the lack of defined budgets as a major barrier to AI adoption.
Many AI projects start as experiments without clear financial parameters. ITAM can help organizations understand both the costs and returns of their AI investments with implementing proactive financial controls.
4. Integrate risk management. The most mature ITAM programs are expanding to incorporate AI risk assessment, working closely with security, privacy, and compliance teams.
This collaborative approach ensures that risk mitigation strategies are built into asset management processes from the start. You need to factor in risk areas like security, privacy violations, runaway costs, or regulatory penalties. Effective ITAM practices should be able to help mitigate all of these.
5. Establish governance frameworks with balanced controls. Governance shouldn't stifle innovation, rather, it should enable it by providing clear guidelines and removing uncertainty. Effective AI governance frameworks establish decision rights, approval processes, and operational guidelines while allowing for experimentation and learning.
I observe that the most successful AI-proficient organizations have created tiered governance models where oversight intensity corresponds to risk level, which allows to low-risk innovations to proceed quickly while ensuring high-risk applications receive appropriate scrutiny.
6. Build organizational readiness. Organizational readiness and buy-in are crucial for AI adoption, as well as the success of it. ITAM has a vital role in preparing data, processes, and people for AI integration.
This includes advocating for data standardization, process documentation, and change management practices that help the organization absorb new AI capabilities. Address employee fears and foster a culture of acceptance, and create space for experimenting with AI in a safe and compliant manner.
Key Takeaways: ITAM as Strategic AI Partner
I strongly believe that ITAM has an opportunity to evolve from a primarily tactical function to a strategic partner in AI adoption. AI-ready companies have already been gaining competitive advantage and are managing it effectively as a strategic asset.
Now, we're also seeing specialized tools emerge to help ITAM professionals manage assets, from platforms that monitor API usage and costs to governance tools that track model lineage and data provenance. These tools are becoming essential components of the modern ITAM toolkit. For every AI misuse, someone is developing a solution. The meta-trend of AI tools managing other AI systems creates new opportunities for ITAM automation and oversight.
Organizations that learn from past technology adoption cycles will have an advantage in managing AI assets. The cloud computing wave taught us valuable lessons about shadow IT, consumption-based pricing, and the importance of clear governance frameworks.
Are you ready to discover the power of ALVAO IT Asset Management? Ask for free trial!
I hope that these lessons and suggestions will help your ITAM team avoid repeating costly mistakes. One note that I’d stress is to keep fostering a culture of innovation within defined guardrails, and create a balance between experimentation and control.