Everyone keeps asking where generative AI and agentic AI fit into ITIL 4. The honest answer: not as a new box on the diagram. Inside the six value chain activities you already run.
The ITIL 4 service value chain — Plan, Improve, Engage, Design and Transition, Obtain/Build, and Deliver and Support — is a sound model. It doesn't need replacing for AI. What it needs is for the manual glue between the activities — gathering evidence, correlating three systems, drafting the report, routing the ticket — to move faster without losing control.
That connective work is exactly what a governed AI Coworker does. It audits the CMDB against real sources of truth and surfaces the drift. It reasons over the actual request instead of a 200-rule routing tree. It scores a change's blast radius before the CAB, and refuses to ship a fix without human approval. It runs the first ten minutes of an incident before a human is even online.
Generative AI drafts and summarizes. Agentic AI takes multi-step action across systems. In every case, the rule is the same: automation up to the line, a human at the line. The value chain stays the same. The time-to-value gets shorter.
TL;DR: The ITIL 4 service value chain has six activities: Plan, Improve, Engage, Design and Transition, Obtain/Build, and Deliver and Support. They combine into value streams that turn demand into value. The model is sound; the manual glue between the activities is the bottleneck. Generative AI and agentic AI, running as a governed, read-only AI Coworker, can do that connective work inside each activity — gather evidence, correlate systems, draft the report, route the ticket — under human control, while a person keeps the decisions. This post walks through the six activities and maps each to a real run.
If you run IT with ITIL 4, you already think in terms of the service value chain. It's the operating model at the center of the service value system: six activities that take demand and opportunity in, and produce value out. The activities are flexible on purpose — you combine them into value streams for different kinds of work, from a new laptop request to a major incident.
The framework isn't the bottleneck. The bottleneck is that the glue between the activities is manual. Someone has to pull the data, reconcile three systems, write the summary, and move the ticket forward. That's exactly the work a governed AI Coworker is good at: read the evidence, reason over it, draft the output, and stop at the point where a human should decide. ITIL 4 even names the instinct in its guiding principles: optimize and automate, and collaborate and promote visibility.
Below, each of the six activities, in plain terms, and what it looks like when a Coworker does the connective work. For a fuller primer on the framework itself, see Atomicwork's ITIL 4 guide.
Worth being precise about the term before going further, because it isn't a rebrand of "AI agent." An agent completes a task and exits — reset a password, triage a ticket, classify a request. A Coworker, in the sense Atomicwork's AI Workforce uses the term, owns a role end to end: it has an identity, a defined scope, a set of skills, a budget, and a human manager — the same primitives you'd use to stand up a new hire. It escalates when it hits the edge of its scope, hands off to other Coworkers the way colleagues hand off work, and gets evaluated on outcomes rather than tasks completed.

That distinction matters for the value chain specifically because value streams cut across activities. A single request — provision a laptop, investigate an incident, review access — touches Engage, Obtain/Build, and Deliver and Support in sequence. A task-scoped agent finishes its piece and closes the ticket; a Coworker with a persistent role can carry context across that whole stream, the same way a person would.
Plan is about direction — strategy, policies, and the portfolio, keeping everything pointed at business value. In practice, planning stalls because the numbers are scattered and a week out of date by the time someone assembles them.
A Coworker turns "I need a view" into a view. Instead of a six-week BI project, it reads live service-desk data and assembles the dashboard a leader actually asked for, flagging the numbers it can't verify rather than faking them — the same job Atom, Atomicwork's Universal AI Coworker, does when a CIO asks for a view of the portfolio instead of a slide deck built from three exports. Planning a change is a decision too, and change intelligence scores blast radius from the CMDB before the CAB meeting, so the plan is informed rather than guessed.
Improve is continual improvement across every service, practice, and piece of data. It depends on knowing the current state honestly, which is where most improvement efforts quietly fail: the CMDB is wrong, the knowledge base is stale, and nobody measures the right thing.
A read-only Coworker is well suited to surfacing decay. It audits the CMDB against the real sources of truth and shows the drift instead of trusting the record. It explains why knowledge bases rot and why employees ignore the chatbot even at a healthy deflection rate. And because a Coworker is measured like any other team member — on resolution rate, accuracy, escalation rate, cost per outcome — improvement isn't a one-off audit. It shows up as a running scorecard, the same evals-and-feedback loop Atomicwork applies to every Coworker in the workforce, and as measurable outcomes like the first ten minutes of an incident handled before a human joins.
Engage is every interaction with users, customers, and stakeholders — understanding demand, taking requests, setting expectations. It's where experience is won or lost, and where rule-based automation tends to break.
The honest version of engagement is resolving the request, not just deflecting it. Rule-based triage turns every helpdesk into a workflow-automation black hole; a Coworker reasons over the actual ticket instead. This is Atom, Atomicwork's Universal AI Coworker, working the front door across Slack, Microsoft Teams, email, and a portal, in chat, voice, or vision, so the "front door" isn't a form that routes on keyword matches. And engagement can flow straight into fulfillment: an engineer asks in Slack for a cloud server, and a guardrailed Coworker takes it from request to provisioned, inside policy — the same handoff a real service desk makes when a request stops being a conversation and becomes a job for a specialist.
Design and transition covers designing new or changed services and moving them into live use safely — change enablement, release, the parts where good intentions cause outages.
This is where guardrails matter most, because the risky step is changing what ships. Approved changes still cause outages when risk is guessed rather than analyzed, and generative AI reading the CMDB can score that risk before approval. When a Coworker debugs a broken build, it can find the exact line and write the fix, then refuse to merge it without human approval. Access is a transition too, and this is exactly the lane an Access Manager Coworker owns in Atomicwork's AI Workforce lineup: handling provisioning and de-provisioning requests across SaaS and internal apps within policy, never outside it. And to model the new things a service needs — contracts, certificates, vendors — custom objects give the Coworker something real to reason over.
Obtain/build is acquiring or building the components a service needs — procurement, provisioning, development, licensing.
A Coworker helps here by executing within policy, never holding the keys itself. Guardrailed cloud VM provisioning runs the build through a credentialed gateway with every step logged as ticket evidence — the job a Cloud Ops Engineer Coworker owns in Atomicwork's AI Workforce, monitoring and managing compute, storage, networking, and Kubernetes clusters inside its own scope and budget, not a standing set of admin credentials. Obtaining also means obtaining within budget, which is why a FinOps Coworker that catches a cloud bill jumping overnight belongs here: it traces the spend to the resource that changed and proposes the fix without touching the account.
Deliver and support is ongoing delivery and the support that keeps services running — incidents, requests, access, operations. It's the busiest part of the value chain and where a Coworker earns its place fastest.
Incidents are the clearest case: agentic major incident management, an on-call AI buddy that opens a triaged war room before the engineer is online, and a disaster-recovery flow from alert to war room in under a minute. Support also means governance work that never gets done — quarterly access reviews, endpoint compliance audits, certificate expiry monitoring, and shadow AI detection across the workspace. Under all of it sits an accurate, self-updating asset inventory, because delivery and support quietly ride on knowing what you have.
This is also the activity where it stops making sense to talk about "a Coworker" in the singular, because Deliver and Support is where most value streams actually run, and a value stream usually needs more than one role. Atomicwork's AI Workforce ships a roster built for exactly this: a Device Ops Engineer for hardware failures and MDM diagnostics, a Network Ops Engineer for VPN, DNS, and firewall issues, an Incident Manager for third-party SaaS outages, a SecOps Engineer for phishing reports, an Access Manager for provisioning, and an HR Ops Specialist for the onboarding and policy questions that land in the same queue. They hand off to each other the way colleagues do — the Device Ops Engineer pulls in the Network Ops Engineer when a device looks healthy but won't connect; the Incident Manager pulls in the Access Manager when a sign-in failure turns out to be an access problem. That's a value stream, running the way ITIL 4 always said it should: several activities, several roles, one outcome, without a person manually relaying context from one queue to the next.
ITIL 4 wraps the value chain in a service value system that includes governance for a reason. If you're going to let software act inside your value chain, the governance has to be explicit, and it's the same pattern in every example above: the Coworker is read-only by default, it does the work that carries no downside (read, correlate, draft, recommend), and it stops at the step that needs a human — changing production, revoking access, merging code. Autonomy up to the line, a hard stop at the line, and every step logged as evidence. That's not a limitation on the automation; it's what makes it safe to put inside a value chain that real services depend on.
Concretely, that means every Coworker named above is governed on the same dimensions IT already uses to govern people: an identity and an agent ID, a job role with a defined scope and a manager, access controls under SSO and least privilege, a lifecycle it can be deployed and deprovisioned through, a budget it operates inside, and performance measured through evals rather than annual reviews. Atomicwork's own shorthand for this is Know, Manage, Update — a directory for identity, access governance for permissions, and change management for scope changes — which is the same infrastructure IT already runs for human employees, extended to cover a second kind of worker. Nothing about the value chain has to change to accommodate that; the governance model just has to be applied consistently to whoever, or whatever, is doing the work.


