How AI Finally Makes Asset Management Work 

This article follows on from part one of our blog series, "Why Most Organisations Still Cannot Tell You What They Have" 

On a hundred skills, three asset classes, and why the discipline is about to start running itself. 

The buildings looked like nothing else in the city. Six structures of white concrete and glass at the southern edge of Valencia's old riverbed, designed by an architect who grew up here. The afternoon sun was on the curves. The reflecting pools were doing what reflecting pools do. Ray Del Pino had brought me here at the end of a long Sunday walk. He sat me down at the edge of one of the pools, and that was the first thing he said. 

Ray: You stop asking humans to do the reconciliation.

We had been talking about asset management for most of the day. The discipline of knowing what your organisation has, where it lives, what depends on it, how all of it changes over time. It is one of the oldest topics in IT and one of the most consistently broken. Most organisations of any size cannot answer the simplest question their CFO can ask: what do we actually have? Three weeks of work, three systems, two spreadsheets, one hedged answer. The same conversation in every boardroom. 

Ray's answer to that question, and the reason we had walked six miles to sit by these strange white buildings, was about what changes now. 

Keyvan: Automation has been the answer for twenty years. RPA was the answer. Machine learning was the answer. Why is this different? 

Ray: What changes is how many specialised pieces you have, and how they compose. Small skills, agents if you prefer, each one knowing one thing and doing it well. One objective, its own inputs, a clear sense of when its work is finished, and a human for the edge cases. A team of specialists, each running continuously in its own narrow domain. 

Keyvan: Walk me through one. 

Ray: Pick something painful. Shadow AI. Most organisations have no idea how many of their people are paying for ChatGPT or Claude or Gemini personally and using them at work. They do not know what is running through browser plugins or what their developers are doing inside their IDEs. There is a skill that does nothing but find that. It reads SSO logs, expense data, browser extension inventories, network traffic patterns. It produces a list, vendor by vendor, person by person. That is one skill. It knows one thing. 

Keyvan: And another. 

Ray: Sensitive data discovery. A skill that scans every place data lives, from databases and file shares to S3 buckets, SharePoint, OneDrive, Slack and Teams, looking for anything that falls under regulation. Personal data, payment card data, health records, classified content. It produces an inventory across the whole estate of where regulated data sits, what category it falls under, and how much of it there is. That is another skill. 

Keyvan: Go on. 

Ray: Take vulnerability. Every morning the security team gets a list of several hundred new issues, ranked by severity score. They work from the top. The skill ranks differently. It asks two questions the score does not. Is anyone actually exploiting this in the wild? And does it touch a system that matters to the business? A critical-rated issue on an internal tool nobody can reach drops down the list. A medium-rated one on the customer-facing portal, with an active exploit doing the rounds, moves to the top. The security lead works through twelve findings, not seven hundred. That is another skill. There are plenty more. One that reconciles cloud assets with the on-premise estate. One that maps vulnerabilities to the actual business services they touch, so security stops prioritising by raw severity and starts prioritising by what would actually hurt. One that watches AI vendor spend and flags the orphaned API keys that account for thirty percent of most organisations' bills. One that detects unauthorised assets in the network. One that tracks the lifecycle of every model deployed against the EU AI Act risk tiers. 

Keyvan: How many of these are there? 

Ray: Around a hundred and thirteen at the last count. These are skills we have identified and are building, not an industry taxonomy. We are still adding. 

A bird flew low across the pool, made a precise arc, and disappeared somewhere behind the building. The sun had moved. The shadow on the white concrete had moved with it. Ray was still looking at the surface of the water. 

Keyvan: And they all sit on top of the CMDB. 

Ray: That is where it gets interesting. The CMDB was built for the traditional estate, hardware and software and applications, and it does that well. The world has since added two new asset classes around it. AI is one: models, endpoints, agents, datasets, GPU compute, each with lifecycles measured in weeks and compliance obligations that did not exist five years ago. Data is the other: regulated information held in places the organisation does not always control and governed by frameworks most IT teams are still learning. The original schema was not designed for either. The model needs extending properly, treating each as a first-class asset with its own discovery, its own lifecycle, and its own governance requirements. 

Keyvan: Three asset classes. 

Ray: Three. That is the redrawing. For twenty years asset management has assumed one estate. Now there are three. The traditional estate, the one the CMDB was built for. AI. Data. Each managed by its own family of skills. All of them feeding upward into Service, the layer where the business actually feels the value. A modern business service is composed of all three. The agents that take an order on a website are running on infrastructure, calling AI models, processing personal data. If any of the three goes wrong, the service goes wrong. The discipline has to span all of them. 

Keyvan: This is where the honeycomb comes in. 

Ray: Each cell of the honeycomb is filled by the CMDB and the skills together. The CMDB holds the record. The skills feed it, validate it, and tell it where it is wrong. The structure does not change. What changes is who does the work behind each cell. 

Keyvan: And the skills work together. 

Ray: Each one feeds the next. The skill that finds shadow AI feeds the skill that classifies AI use cases against the EU AI Act. The skill that discovers sensitive data feeds the skill that builds a record for GDPR Article 30. The skill that reconciles cloud assets feeds the skill that allocates cloud spend back to business units. Build one well and the next becomes faster, because half its inputs are already there. Build six and you start to compound. Build twenty and you have something no organisation can replicate by hand. 

Keyvan: This sounds like a lot of new tooling on top of an estate that is already drowning in tools. 

Ray: It does sound like that. None of the skills I have described is a new system you have to install. They read what you already have. The shadow AI skill reads your SSO logs and your expense data, both of which exist somewhere in your business already. The data discovery skill reads your existing data stores. The cloud reconciler reads your AWS or Azure or GCP exports. They are running on top of the estate, not adding to it. 

Keyvan: So nothing replaces the CMDB. 

Ray: Nothing replaces the CMDB. The CMDB is the canonical record. The skills extend it, feed it, validate it, tell it where it is wrong. The old obsession with finding the one true source, building one giant system that contains everything, was the wrong target. The skills do not need that. They read across what you have. The question stops being where is the truth, and becomes do the skills agree on what is true. 

Keyvan: And when they disagree? 

Ray: A human looks at it. Two skills disagree on whether two SaaS entries are the same product because the vendor renamed it mid-contract. One skill flags a critical vulnerability that another rates business-trivial because the service it touches is being decommissioned in three weeks. Those are the calls. That is what the human is for. The judgment, not the reconciliation. 

The buildings were starting to feel less alien now. The reflecting pool was doing fine work with the sky. 

Keyvan: How much of this is actually running? 

Ray: Some of these skills are running in our labs. Not all of them, not at the scale of every estate. We are looking for customers who want to develop this with us as design partners. Build the discipline together, rather than buy a finished product. 

Keyvan: Honest answer! 

Ray: Honest is the only useful answer. Anyone telling you they have a complete agent-based asset management product running in production today is selling something that does not exist. What does exist is a small number of skills, working well, in the labs of people who have been doing this discipline for thirty years and are watching it change underneath them. 

Ray paused for a moment. 

Ray: And they go wrong. Skills drift when their inputs change. Permissions sprawl, because every new skill wants read access to a new system. Disagreement queues grow faster than humans can clear them. None of that is hypothetical. We have hit all three in the last six months. The discipline is real. The failure modes are real too. 

I thought about the CFO in London, the new one who had asked the simplest question in the building. Three weeks of work, three systems, two spreadsheets, an answer that came back hedged and got sent back. In a future where the skills run, that question gets answered in minutes. The work that used to take a person all day takes a skill thirty seconds. The CFO never sees the agents. She sees an answer she can sign her name to, faster and with evidence. That is the whole point of the change. 

Keyvan: This is where most CIOs are stuck. They know the discipline. They have been doing the reconciliation by hand for years. Stopping is the hard part. 

Ray: Stopping is the choice. You have to decide that the maintenance is no longer the job. That the skills will do it, with you defining policy, approving the edge cases, getting your time back for the work that actually requires you. Most organisations have never made that choice. They keep paying people to do work that should not be done by people anymore. 

Ray stood up. We walked further around the largest of the science buildings. It was bigger than it had looked from across the pool. The kind of structure that does not seem to obey gravity from any angle. I asked him what someone would have told the architect when he proposed building this on top of a drained riverbed. Probably that it was not possible. Then someone allowed it. Then it was here. 

Keyvan: Same ground. Different century. 

Ray: Same problem. Different answer. The discipline does not change. What changes is what does the work, and at what speed. 

The light was going. The buildings were glowing against a sky that had been turning amber for the last half hour. Ray walked ahead of me with his hands in his pockets, and I followed at a slight distance thinking about what he had said. Same ground. Different century. He had meant the city and the buildings at the end of the riverbed. He was right about the asset discipline too. The foundations are the same ones IT has been working with for thirty years. What is about to change is everything else about how it runs. 

Keyvan Shirnia is Chief Revenue Officer at Fusion GBS. 

Ray Del Pino is a Solution Portfolio Manager and Advisory Solution Consultant based in Ottawa. 

This blog is part of The Six Critical Capabilities series. To find out where your service management foundations actually stand, the Fusion GBS scorecard gives you a benchmarked baseline in five working days. Details can be found here.