AI moved from pilot to execution in 2025 but fragile data, shadow AI, and weak third-party oversight exposed structural gaps supply chain leaders must fix before scaling agentic AI in 2026
AI dominated supply chain conversations in 2025. Predictions pointed to it being the year of Agentic AI, faster decisions, and more resilient operations driven by automation. But as adoption accelerated, so did talk of an AI bubble — skepticism that the technology was overhyped and underdelivering. In practice, the biggest challenges proved less about AI’s maturity and more about organizational readiness.
Many forecasts focused on what AI could automate but paid less attention to what it would expose: fragile data foundations, unclear accountability, and a lack of oversight for vendors embedded deep within supply chain workflows. That disconnect now shapes what’s realistic for organizations seeking deeper insight into supply chain risk to expect from AI in 2026, and how they should prepare for the next wave of AI innovation.
In several important ways, last year’s AI predictions did materialize. AI started moving from experimentation into execution, showing up where organizations could clearly define problems and manage risk. Common use cases included document review, data classification, anomaly detection, and continuous monitoring.
In third-party risk management, the impact was especially clear. AI began scanning large supplier populations for signals no human team could track at scale, such as ownership changes, sanctions exposure, geographic risk, subcontractor relationships, and adverse events across global networks. These deployments weren’t flashy, but they worked, extending visibility across complex supplier ecosystems while reducing manual effort.
As confidence grew in supervised, task-specific AI, attention began shifting away from chatbots and image generators toward agentic systems capable of coordinating across workflows. Rather than replacing human judgment, these approaches point toward AI that continuously monitors conditions, adapts to change, and surfaces prioritized actions across interconnected supply chain and third-party risk environments. Early pilots began to emerge, with McKinsey finding 62% of organizations were at least experimenting with AI agents, and KPMG finding that 33% were already deploying them.
In third-party risk management, AI agents are now being used to extract and structure key information from supplier-submitted materials, pre-populate assessments, and highlight areas that may require follow-up or remediation. This approach reduces manual effort, improves consistency, and helps risk teams focus where attention matters most.
Another prediction that proved accurate was that governance would trail adoption. In the absence of a comprehensive U.S. federal framework, organizations relied on internal policies, state-level guidance, and global regulations such as the EU AI Act. Governance was fragmented, and third-party ecosystems, which often span multiple geographies and regions, didn’t have a clear path forward for compliance.
Many thought 2025 would be the year of the AI reckoning where it would finally prove ROI for companies’ investments. Yet, across industries, many generative AI initiatives still struggled to move beyond pilots. Estimates suggested that 95% of GenAI projects were failing to deliver sustained value, often before agentic AI was even part of the mix.
In supply chains and risk management, the limiting factor was rarely model performance. It was data readiness. Critical information remained fragmented across spreadsheets, siloed systems, and undocumented processes dependent on institutional knowledge. These gaps were manageable in manual workflows, but became structural blockers once automation entered the picture.
While many hoped data security and observability would become AI’s foundation, AI adoption still outpaced visibility, oversight, and accountability.
In many cases, organizations struggled to track their own internal AI usage as capabilities were introduced through product updates or new vendor relationships, a phenomenon known as Shadow AI.
That challenge multiplied across supply chains. Visibility into how vendors were using AI, including data sources, training practices, and automated decision logic, remained limited or nonexistent. For some companies, AI still wasn’t formally treated as a risk domain, despite its growing influence on sourcing, logistics, compliance, and supplier decision-making.
In 2025, supply chain and risk leaders saw the potential for AI advancements ranging from GenAI to early agentic use cases, but many also realized they weren’t prepared to act on them. Without new processes, strategies, and safeguards, those same challenges will continue into 2026.
Agentic use cases are expected to become more widespread, more specialized, and increasingly coordinated through multi-agent systems addressing everything from supply chain optimization to risk management. But the tech’s sophistication alone won’t determine success. The real stress test will be disciplined data practices, clear program ownership, and sustained third-party oversight.
Those who see the most value from AI in 2026 will be those who are less focused on speed and more focused on structure. Here’s what that looks like in practice:
If 2025 was about discovering what AI could do, 2026 will be about deciding where and how it should be trusted across increasingly interconnected supply chains so businesses can achieve the most value. Start small, experiment often, and keep pilots controlled. Organizations that invest early in visibility, governance, and third-party risk oversight will be better positioned to scale responsibly. Those that don’t will continue learning a harder lesson: AI doesn’t eliminate complexity. It exposes it.
