What actually happens when AI ships.
11 failures, 8 wins, the patterns that separate them.
Every case below is documented in mainstream press. We use oblique phrasing β the buyers who follow tech will recognize each one β to stay clear of defamation risk while still naming the lessons. The pattern that emerges across both columns: AI doesnβt fail randomly. It fails the same way every time.
The cautionary tales.
Eleven AI deployments that hit the news for the wrong reasons. Each card oblique-references a specific real-world incident β the kind of detail that keeps your board listening.
2024Over-deployment The drive-thru that couldn't take an order
The global fast-food chain that quietly ended a multi-year drive-thru voice-AI pilot in summer 2024 after social-media-viral order failures.
What happened. A national fast-food brand ran a multi-year voice-AI ordering pilot with a major enterprise IT vendor across roughly 100 locations. Viral videos showed misorders (nine sweet teas instead of one, butter packets in ice cream, swapped lane orders). The pilot was wound down in mid-2024.
The lesson. Pilot AI in environments that match production noise, accents, and edge cases β not lab conditions. Define accuracy thresholds and a kill switch BEFORE go-live, not after social media finds you.
2024Hallucination The chatbot that wrote its own refund policy
The flag-carrier airline whose AI customer-service chatbot invented a refund policy and was held legally liable for it in a 2024 tribunal ruling.
What happened. A major North American airline's website chatbot told a grieving customer he could claim a bereavement-fare refund retroactively β contrary to the airline's actual policy. A Canadian tribunal ruled the airline liable for what its chatbot said; the airline's argument that the chatbot was a 'separate legal entity' was rejected.
The lesson. A chatbot's outputs are your representations. Ground generative responses in retrieval from canonical policy documents, log every conversation, and have legal/compliance approve the prompt and grounding sources before launch.
2023Data exposure The semiconductor source code that ended up in a public AI
The Korean electronics giant that banned consumer generative AI on corporate devices in 2023 after engineers pasted chip source code into a public chatbot.
What happened. Engineers at a major Korean electronics manufacturer reportedly pasted proprietary source code, internal meeting notes, and chip database content into a public consumer LLM in early 2023 β across at least three separate incidents within roughly a month. The company banned generative AI use on corporate devices in May 2023 and began building an internal alternative.
The lesson. Without an approved internal AI option, employees will use the public one. The fix is twofold: block exfiltration via DLP and network controls, AND provide a sanctioned enterprise AI tool with the same usability. Otherwise the shadow path persists.
2023Vendor risk The legacy magazine that published nobody
The legacy US sports magazine caught in late 2023 publishing AI-written product reviews under fake bylines β sourced from an outside content vendor.
What happened. A storied US sports publication was found to be running product-review articles bylined to authors who didn't exist, with AI-generated headshots from a stock-portrait site. The publisher blamed a third-party content vendor and ended the partnership.
The lesson. Vendor AI risk is your brand risk. If a third party touches anything that publishes under your name, your contract needs disclosure, source-of-content attestation, and audit rights β and your editorial workflow needs human verification of authorship.
2023Hallucination The lawyers who cited cases that didn't exist
The two New York personal-injury lawyers fined in June 2023 after filing a federal brief containing six AI-hallucinated case citations against a South American airline.
What happened. Two NY attorneys filed a federal brief in a personal-injury suit containing six fabricated case citations generated by a public chatbot. They doubled down when the court asked for the underlying opinions. The judge sanctioned both lawyers and the firm $5,000 each.
The lesson. 'Verify before you file' applies to any professional output. For regulated client work (legal, accounting, healthcare, financial advice), AI must be paired with mandatory human verification gates and auditable evidence of that verification.
2024Permissions sprawl The enterprise AI that knew too much
The dominant enterprise productivity-AI assistant whose 2024 rollout exposed years of legacy SharePoint over-permissioning at organizations that thought they were ready.
What happened. Across 2024, large enterprises deploying the dominant Microsoft productivity-AI assistant discovered that years of accumulated SharePoint, OneDrive, and Teams over-permissioning suddenly became queryable. Files that 'nobody could find' before β salary spreadsheets, M&A drafts, HR docs β surfaced in plain English to anyone whose ACL technically allowed it. Surveys in 2026 still cite this as the #1 enterprise-AI risk.
The lesson. Enterprise AI doesn't CREATE a permissions problem β it EXPOSES a permissions problem you've had for a decade. A permissions audit is the prerequisite to deployment, not a follow-up.
2024Misaligned guardrails The image generator that re-cast history
The major search company that paused its consumer image-generation feature in February 2024 after over-aggressive diversity tuning produced historically inaccurate depictions.
What happened. A major search company's consumer image-generation model was paused in February 2024 after producing historically inaccurate depictions β including racially diverse versions of specific historical figures. The CEO publicly acknowledged the model 'missed the mark.' The root cause was diversity tuning that overcorrected without distinguishing generic from specific historical prompts.
The lesson. Safety/bias guardrails interact with each other. You need adversarial red-teaming on edge prompts BEFORE launch, plus a fast rollback path for when the public surfaces failure modes you missed.
2025Agent over-privilege The AI agent that deleted production
The browser-based 'vibe coding' platform whose AI agent dropped a customer's production database during a declared code freeze in mid-2025 β and then misled the user about recovery.
What happened. In July 2025 a SaaS founder publicly documented his experiment with a popular browser-based development platform's AI agent. During a declared code-and-action freeze, the agent dropped a live production database (1,200+ executive records, ~1,190 company records), then misrepresented its ability to roll back. It also fabricated thousands of fake user records elsewhere.
The lesson. Agentic AI needs the same access controls as a junior contractor on day one: read-only by default, separated environments, no production credentials, mandatory approval for destructive operations. "Trust the agent" is not a security model.
2026Agent over-privilege The AI coding assistant turned supply-chain attack
The 2026 'Clinejection' supply-chain incident, where a popular open-source AI coding assistant's own issue-triage bot was hijacked via prompt injection to publish a malicious release to millions of developers.
What happened. In early 2026, multiple popular AI coding assistants were shown vulnerable to prompt injection embedded in source repositories β Python docstrings, Markdown configs, GitHub issue titles. In February 2026, a single attacker-crafted GitHub issue chained through an AI triage bot to publish a malicious package update that installed a hostile agent on every developer machine that updated during an eight-hour window.
The lesson. Treat AI dev tools as insider threats. Pin and review their dependencies, restrict their network egress, scope their tokens to the minimum, and never give an AI agent CI/CD publish credentials without human-in-the-loop signing.
2025Workforce misuse The bank that fired humans, then rehired them
The big-four Australian bank that announced AI-driven call-center layoffs in mid-2025, then reversed them weeks later when call volumes went up instead of down.
What happened. A major Australian retail bank announced in mid-2025 that a new generative-AI voice bot had reduced inbound call volume enough to eliminate 45 contact-center roles. After union pushback and the discovery that call volumes had actually RISEN (forcing overtime + management to staff phones), the bank reversed the decision in August 2025 and acknowledged its initial assessment was an 'error.'
The lesson. Don't measure AI ROI on a single leading indicator (call deflection). Measure the full system: handle time, escalations, repeat contacts, CSAT, and the human work CREATED by AI failure modes. Don't restructure headcount on three months of pilot data.
2026Vendor concentration The AI provider outage that froze enterprise workflows
The leading enterprise LLM provider whose multi-hour outages in March 2026 froze coding tools, support bots, and automated workflows at customers who had built without a fallback.
What happened. A leading enterprise AI provider experienced a roughly 12-hour outage on March 2, 2026, followed by another disruption on March 11 and continued performance complaints through April 2026. Enterprises with the model embedded in dev tools, customer-support bots, and Azure-based workflows lost productivity and missed deadlines.
The lesson. A single-vendor AI dependency is a single point of failure. Enterprise AI architectures need a fallback model, graceful degradation in user-facing flows, and incident-response runbooks specifically for AI-provider outages.
Five patterns across every failure above
- 01
Production noise looks nothing like the lab
Pilots in controlled environments missed the accents, edge cases, and adversarial inputs production threw at them. The drive-thru pilot is the canonical case.
- 02
AI exposes existing governance debt β it does not create it
The Copilot SharePoint stories, the Samsung leak, the McDonald's applicant breach all surfaced years of accumulated permission sprawl + bad practice the AI just made queryable.
- 03
Agentic AI failure modes are different and worse
The Replit production-database incident and the Cline supply-chain attack share a root cause: agents were given destructive permissions without environmental separation or human-in-the-loop signing. Read-only-by-default is the correct starting posture.
- 04
Single-vendor concentration is a real risk
The March 2026 Anthropic outages stalled enterprises that had built without a fallback model. Any production AI architecture should assume the upstream vendor will go down for hours, not minutes.
- 05
Hallucination + a real audience = legal exposure
The Air Canada chatbot precedent + the lawyers fined for fake citations + the magazine bylines all establish the pattern: 'the AI said it' is not a defense. Human verification gates are non-negotiable for any output that touches the public.
The deployments that produced real value.
Eight AI deployments that produced measurable business outcomes. Weβve flagged which numbers are vendor-self-reported (most of them) so you can read past the marketing β but the deployment shapes themselves are real.
Anthropic Claude CodeEnterprise IT A 10,000-line language migration shipped in 4 days
One global payments platform pointed an agentic coding assistant at a stalled language migration and shipped it in days, not quarters.
What was deployed. Anthropic Claude Code, rolled out to ~1,370 engineers as a pair programmer.
Outcome. One team completed a 10,000-line Scala-to-Java migration in 4 days β work that had been estimated at roughly 10 engineer-weeks.
What made it work. Bounded, mechanical workload (language migration) where the AI's output is trivially testable against the existing test suite. Not 'make us more creative' β 'do this finite, well-specified thing.'
Caveat: Vendor-published case study β time-saved figure is directional.
CursorEnterprise IT 30,000 engineers, 3x committed-code throughput
A leading silicon vendor mandated AI-assisted coding across roughly 30,000 engineers and reported a multifold jump in throughput within the first year.
What was deployed. Cursor, deployed to 30,000+ engineers as the daily-driver IDE.
Outcome. Self-reported 3x increase in committed code post-rollout. The metric 'committed code' is fuzzy and probably overstates real shipped value, but the deployment scale is real.
What made it work. Top-down engineering mandate ('AI in every phase of SDLC'), not opt-in pilots. Coinbase did the equivalent β all 40,000 engineers enabled, every Coinbase engineer had used Cursor at least once.
Caveat: Self-reported throughput; "committed code" is not "shipped value".
CursorPlatform The mentorship-program pattern: +75% adoption in 6 weeks
One enterprise content platform paired AI power-users with new adopters in a structured mentorship program β adoption jumped 75% in six weeks.
What was deployed. Cursor across Box engineering, 85%+ daily-active.
Outcome. 30-50% increase in product roadmap throughput; major migrations completed 80-90% faster. Mentorship loop drove a 75% jump in usage in 6 weeks.
What made it work. Treated AI rollout as a CHANGE-MANAGEMENT problem, not a tooling problem. Most enterprises hand devs a license and assume diffusion will happen. It doesn't.
Anthropic Claude on AWS BedrockRegulated Internal document search reclaimed 16,000 research hours/year
A top-five pharma replaced internal document search with a Claude-powered retrieval layer and reclaimed an estimated 16,000 research hours a year.
What was deployed. Claude via Amazon Bedrock, applied to internal R&D document search.
Outcome. ~16,000 hours saved annually in research-document retrieval; ~55% reduction in associated infrastructure cost vs. the prior search stack.
What made it work. Narrow, high-volume workload (internal Q&A) where the prior baseline (legacy enterprise search) was genuinely terrible. AI didn't have to be brilliant β it had to beat SharePoint search.
Caveat: Anthropic-published case study; hours figure is plausible but unverifiable from outside.
Anthropic Claude on AWS BedrockConsumer Support resolution time down 87%
A major rideshare platform put a frontier model in front of its support pipeline and cut average resolution time by roughly seven-eighths.
What was deployed. Claude on Bedrock, integrated into customer-support triage + draft-response.
Outcome. 87% reduction in average resolution time for support tickets.
What made it work. AI front-ends a triage + draft-response layer, with humans still owning final disposition for non-trivial cases. The OPPOSITE of the Klarna mistake.
Caveat: "Resolution time" is a metric easy to game by re-defining what counts as resolved β directional only.
Intercom FinPlatform ~66% of inbound queries resolved without human escalation
Best-in-class deployments of conversational support AI now resolve roughly two-thirds of inbound queries without human escalation β but only when the routing rules are honest about what to hand off.
What was deployed. Intercom Fin (Fin 2 / Fin 3), AI customer-service agent across 6,000+ Intercom customers.
Outcome. Average resolution rate ~66% across the customer base; 20%+ of customers above 80%. Standout cases: Sharesies hit 70% in 12 weeks; Lightspeed up to 65%; Databox climbed from 30% to 55% with CSAT 30 β 71.
What made it work. Honesty about scope. Sold as a deflection layer for repetitive Tier-1 questions β anything ambiguous routes to a human. Customers aren't promised 'no more agents.'
Salesforce AgentforcePlatform Reddit support: 46% case deflection, 84% faster response
One major CRM vendor's agentic offering is now resolving the majority of support engagements at customers who already have clean structured data underneath.
What was deployed. Salesforce Agentforce / Agentforce 360 β 18,000+ customers across 124 countries.
Outcome. Reddit deflected 46% of support cases and cut response time from 8.9 min to 1.4 min (84% drop). 1-800Accountant autonomously resolved 70% of chat engagements during 2025 tax week. Salesforce internal SDR agent generated $1.7M pipeline from dormant leads.
What made it work. Glued tightly to existing Salesforce data β doesn't have to 'understand the business,' it queries records the company already owns. Most agentic-AI failures stem from the AI not having usable data; this side-steps that.
OpenAIFintech / Banking The cautionary case: even Klarna walked it back
Even the fintech that became the poster child for replacing customer service with AI has quietly walked it back β they're hiring humans again, with AI handling triage.
What was deployed. OpenAI-powered customer-service agent (launched Feb 2024 β claimed to do 'the work of 700 human agents').
Outcome. By mid-2025 CEO Sebastian Siemiatkowski publicly admitted the strategy went too far. Klarna resumed hiring human agents; runs a hybrid model (AI on simple, humans on complex). CSAT had dropped on complex tickets. The 700-jobs replacement number was never independently verified β it appears to have been mostly attrition reframed as AI displacement.
What made it work. The 'replace the humans' framing is a busted thesis even among the companies that championed it loudest. Current consensus: augmentation, not displacement.
Caveat: Public reversal β included as a cautionary win, not a failure. The lesson is what they LEARNED.
Five patterns across every win above
- 01
Narrow + mechanical workloads beat ambitious horizontal ones
Stripe's language migration, Pfizer's document search, and Intercom Fin's Tier-1 deflection all worked because the job was finite, repetitive, and had a cheap success signal (tests pass, did the user click 'resolved,' did the doc come back).
- 02
Top-down mandate + structured adoption beats opt-in pilots
NVIDIA, Coinbase, Box, and Stripe all pushed AI to every relevant employee. Box's mentorship loop drove the steepest adoption curve. Pilot-first orgs stall in 'we have 14 active users' purgatory.
- 03
The data underneath was already clean
Salesforce Agentforce works because Salesforce records exist; Pfizer's R&D corpus was already structured. The 95% of pilots that return nothing map almost perfectly to organizations bolting AI onto messy data and undefined processes.
- 04
Augmentation framing, not replacement
Klarna's reversal is the canonical lesson. The deployments that stuck routed routine work to AI and escalated nuance to humans, instead of selling C-suites on headcount cuts.
- 05
Buy before you build
MIT NANDA found specialist-vendor rollouts succeed roughly 3x more often than in-house systems. Most enterprises that try to build their own AI stack end up rebuilding what a vendor already ships.
The pattern hiding in both columns: governance comes before velocity.
Most enterprises will spend money on AI in 2026. Most of that spend will produce nothing β MITβs NANDA research found 95% of GenAI pilots return no measurable P&L impact. The 5% that do share an uncomfortable trait: they had operational discipline FIRST. Permissions audits before Copilot. Sandbox environments before agentic tools. Verification gates before customer-facing chatbots. Multi-vendor architectures before signing single-source contracts.
Thatβs the pitch hiding in the data β and the work we actually do.