Does agentic IT replace ITSM?

No. ITSM and agentic IT solve different problems. ITSM is the system of record — it tracks, routes, escalates, and audits IT work. Agentic IT eliminates the ticket before it reaches the queue by performing routine work end-to-end under policy. Most healthy IT organizations run both: agentic IT handles the 80% of routine requests autonomously; ITSM handles the 20% that need human judgment plus the historical record of everything.

How is agentic IT different from an ITSM with AI features?

ITSM vendors are adding AI features — copilots that draft ticket responses, AI categorization, knowledge-base search. These improve the ITSM experience but don't change the fundamental loop: a ticket still gets routed, a human still resolves it. Agentic IT closes the loop. It performs the change against the real system (Microsoft 365, Entra ID, etc.) under explicit policy, and the ITSM never sees a ticket because there isn't one. Different category, different value.

If we already have ServiceNow / Jira / SysAid, do we still need agentic IT?

Yes, and your existing ITSM gets better when you add it. ITSM measures itself by how efficiently it processes tickets — average resolution time, first-touch rate, escalation depth. Agentic IT eliminates the tickets that would have been the easiest to process, so your ITSM is suddenly handling a smaller, harder, more interesting queue. The two work well together — agentic IT for the routine 80%, ITSM as the system of record for what's left.

Which should we adopt first — modernize the ITSM or add agentic IT?

Depends on the starting condition. If your ITSM is broken (slow, unconfigured, unloved), fix that first — agentic IT generates audit records and escalations that need to land somewhere reliable. If your ITSM is functional but your team is buried in Tier 1 work, add agentic IT first — the volume reduction will free up the team to do anything else, including ITSM hygiene. Most IT leaders need both, but the order matters.

What's the right model for running agentic IT alongside an ITSM?

The agentic IT system handles inbound requests first — it investigates, checks policy, and either executes the change or escalates. Cases that escalate land in the ITSM as tickets with full context attached (what the agent tried, why it stopped, the policy that blocked it). The ITSM remains the system of record for resolution, audit trail, SLA tracking, and reporting. The agent reads from the ITSM for context on prior tickets; the ITSM reads from the agent's activity log for the work that closed without a ticket.

ITSM is a router. Agentic IT does the work. Here's when you need which.

The "AI for IT" market has flattened two very different categories into one pitch, and it's making the buying decision harder than it needs to be. ITSM and agentic IT solve different problems. Most IT leaders need both. But the order matters — and so does the framing you walk into vendor meetings with.

This is the working framework for separating them.

What ITSM is for

ITSM — ServiceNow, SysAid, Jira Service Management, Halo, Atlassian's broader stack — is a system of record for IT work. Its core jobs:

Record. Every IT request, every incident, every change request becomes a ticket. The ticket persists as the canonical artifact even after the work is done.
Route. Tickets get assigned — to a team, to an individual, to a queue based on category, priority, SLA. Routing is the ITSM's most visible function and the one most vendors built their UI around.
Escalate. When a ticket isn't resolving at one tier, it moves up. The ITSM tracks the escalation path, surfaces what's been tried, and enforces handoff rules.
Audit. Every action on the ticket is logged — who touched it, what they did, when. For SOC 2, ISO 27001, HIPAA, GDPR, the audit trail is the deliverable.
Report. The aggregated history — volume, SLA performance, repeat issues, top categories — becomes the input to capacity planning and process improvement.

ITSM is excellent at all five jobs. It's been refined for two decades. What it doesn't do — what no ITSM does — is the actual IT work. The ticket is the work product. The resolution is somewhere outside the ITSM, in someone's head or another system.

What agentic IT is for

Agentic IT — the category Dex is building toward — has one job: do the work itself. An agentic IT system handles a task end-to-end. It investigates the request, plans the action, executes it under explicit policy, produces an audit trail, and closes the loop without a human in it.

The four jobs ITSM tools never claimed:

Investigate. Gather the context required to resolve the request. Who is the user, what permissions do they have, what does the underlying system actually allow, what's the relevant policy. This is the part a Tier 1 engineer does in their head; an agentic IT system does it programmatically.
Plan. Decide what action to take. Conditional on what the investigation surfaced. With fallbacks for the cases where the first plan fails.
Execute. Perform the change. Against the real backend system — Microsoft 365, Entra ID, Okta, whatever's connected. With delegated permissions, not a shared service account. With the action logged in both the underlying system's audit and the agent's own activity log.
Escalate cleanly. For the cases that genuinely need a human — novel issues, policy edge cases, security incidents — file a ticket with full context attached, so the engineer who picks it up isn't starting from zero.

When the agent can't or shouldn't resolve a request itself — novel issues, policy edge cases, anything that genuinely needs human judgment — it escalates into the ITSM with the full reasoning chain attached. The two systems pass the same request across the boundary cleanly: agentic IT handles the routine work, ITSM owns the harder, higher-leverage cases that follow.

That handoff is also why agentic IT raises the importance of having a good ITSM, not the opposite. Once the routine 80% disappears, every ticket the ITSM does handle is a meaningful one — escalated with context, often involving multiple teams, almost always audit-relevant. The investment a mature IT org makes in SysAid or whichever ITSM they run becomes more valuable as the noise drops away from it.

A side-by-side comparison of the two flows. Left: the ITSM flow — request becomes a ticket, gets routed to a queue, assigned to an engineer, who performs the resolution outside the ITSM, then logs the outcome back. Right: the agentic IT flow — request goes to the agent, which investigates, checks policy, executes the change, and produces an audit record. Below both flows, a shared band shows where they overlap — the agent escalates the 10% of cases that need humans into the ITSM as tickets with full context attached.

Why the "AI for ITSM" pitch confuses the issue

Every major ITSM vendor now ships an AI feature set. The framing usually sounds like one of these:

"AI-powered ticket resolution"
"Intelligent routing"
"Generative ticket summarization"
"AI agent for the service desk"

These features are real and they make the ITSM experience nicer. They do not change the fundamental loop. A ticket still gets created. A human still resolves it. The AI helps the human work faster on the ticket.

That's a copilot. It's useful. It's not agentic IT.

The way to test whether a vendor is actually doing agentic IT or just shipping AI features inside an ITSM: ask what their resolution rate is without a human touching the ticket. The honest agentic IT answer is "we don't open tickets for the work we resolve — we just execute the change and log it." The honest ITSM-with-AI answer is "our AI helps engineers close tickets 30% faster." Both are real. They're not the same product.

For the deeper definition of what counts as agentic IT — and the eight questions to ask any vendor claiming to be one — see What is agentic IT?.

Where the two overlap

Three places where the boundary blurs in practice. Worth being explicit about each, because vendors will use the overlap to claim parity with the category they don't belong to.

Self-service portals. ITSMs have shipped self-service for years. A user opens the portal, picks a category, fills a form, gets routed to either a knowledge-base article or an engineer. This looks like deflection but it's not — it's just a faster intake path. The work still gets done by a human or doesn't get done at all. Agentic IT operates a layer below: when the user describes the problem in natural language, the agent investigates and acts. No portal.

Workflow automation. ITSMs support workflow rules — "if ticket category = password reset and user is in Finance, auto-assign to engineer X." These rules route. They don't resolve. Agentic IT runs the same conditional logic but ends with an action, not an assignment.

AI-suggested actions. Some ITSMs surface "the AI suggests you take this action" inside the engineer's ticket view. This is a copilot move. The human still has to click. Agentic IT skips the suggestion and performs the action under policy, then logs what it did. The "review the actions" step happens after, in the audit log, not before, in the queue.

Where they actively complement each other

Two specific places where the combination is strictly better than either tool alone.

The agent provides context, the ITSM provides continuity. When an agentic IT system escalates a case (the 10% it doesn't resolve), the engineer who picks up the ticket gets the full reasoning chain — what the agent investigated, what policy it consulted, what it tried, where it stopped. The escalating engineer reads a paragraph instead of re-interviewing the user. Continuity wins.

The ITSM provides the long memory, the agent provides the short. The ITSM's ticket history is the authoritative record of every IT decision the org has made — auditors love it, security teams need it, compliance depends on it. The agent's memory layer is shorter-term and more granular — what each user prefers, what each integration's quirks are, what worked the last time a similar request came in. Both kinds of memory are useful; they're not redundant.

When to lead with each

If you're an IT leader deciding what to invest in next, the order matters more than the choice.

Lead with ITSM modernization when:

Your current ITSM is broken — tickets fall through the cracks, SLA reporting is unreliable, escalation paths aren't enforced, audit trails are incomplete
Compliance is the immediate pressure (SOC 2 audit imminent, HIPAA gap analysis, GDPR data-subject requests)
The team is small and the volume is low — agentic IT's leverage doesn't compound until you have enough Tier 1 work to deflect

Lead with agentic IT when:

Your ITSM is functional but the team is buried in Tier 1 — password resets, group access, license requests, basic device issues
You can quantify the volume — "we close 2,000 routine tickets a year" is enough to justify the investment in two weeks
You're trying to scale headcount more slowly than the company is growing — agentic IT lets the same team handle more volume

You probably need both within the next 18 months. The question isn't which to adopt, it's which to adopt first. For most mid-market and enterprise IT organizations the answer is agentic IT first — because the volume reduction immediately frees up the time needed to do everything else, including the ITSM hygiene that's been deferred for years.

What this means for vendor evaluation

Three concrete tests when a vendor pitches you "AI for IT" and you can't tell which category they're in.

1. Where does the resolution happen? Ask: "When the AI resolves a request, does a ticket exist?" If yes, it's an ITSM copilot — useful, but bounded by what a human does after. If no, it's agentic IT.

2. What does the audit trail look like? Ask: "Show me what gets logged when the AI takes an action." If the answer is a transcript of a conversation, it's a chatbot. If the answer is a structured record with the policy that authorized the action, the user it acted on behalf of, the system the action ran against, and the result, it's agentic IT.

3. What's the failure mode? Ask: "What happens when the AI can't resolve a request?" If the answer is "the AI hands off to an engineer with a ticket pre-filled," that's good copilot behavior. If the answer is the same but the ticket includes the reasoning chain and what was attempted, that's good agentic IT behavior. If the answer is "the AI says 'I'm not sure, please contact the help desk,'" walk out.

For the eight-question version of this — the full buyer checklist for agentic IT — see the section in What is agentic IT?. The short answer for ITSM evaluation is: don't ask "does it have AI?" Ask "what does AI change about the work?"

The model in practice

Once both tools are in place, the operating model looks roughly like this:

A user messages Dex in Teams or Slack: "I can't access the Finance SharePoint."
Dex investigates — user identity, recent sign-ins, the Finance access policy, prior tickets in the ITSM for the same user
If the policy allows it: Dex grants access, logs the action in Entra ID's audit, logs the reasoning + policy in its own activity log. No ticket exists.
If the policy requires approval: Dex routes to the approver via the ITSM ticket flow — the ticket includes the investigation chain, so the approver decides in seconds, not hours
If the policy denies it (Finance access requires specific role): Dex explains the denial to the user, logs the attempt, and offers the path to request the role properly

The ITSM still sees tickets — just not the 80% of tickets it used to see. The 20% it does see are higher-leverage, better-contextualized, and closer to what an IT engineer should actually be spending their day on.

For Dex's specific implementation of this model — the policy engine, the delegated permissions, the dual-logging audit — see how the technology works. For a walkthrough against your environment, book a working session — we'll trace a real request through the loop.

ITSM and agentic IT aren't competitors. They're a system of record and an engineering team. You need both, in that combined model, for the IT organization of the next decade to make sense.