Customer Zero Debt: Go First, But Read the Bill First

When I put the GoPilots stakeholder deck together, the easy version wrote itself. For three years, the IT organization I run for a 3,000-person SaaS company had been running GoTo’s own products internally as Customer Zero, and the wins were on the board: 233 feature requests and bug reports into the ticketing track, 46% of them integrated into the shipped product; a separate asset-management track at 68 submissions and 57% integrated. A retired tool here, a defect caught before a customer ever saw it there. That deck would have landed fine.

I added a second column anyway. I titled a slide Challenges — what prevents us from flying higher? and underneath it I listed, in writing, in front of the product and identity teams whose work I was about to critique, what running our own product at enterprise scale was actually costing us.

That column is the one this piece is about. The credibility case for going Customer Zero is well covered — I have written it myself, and I stand behind every word. What gets skipped, every time, is the bill. Call it Customer Zero Debt: the identity, access, and prioritization liabilities you take on by running your own product first. Three columns, all of which I had to write down:

• Identity debt — internal access governed by nested groups whose workings nobody fully understands.
• Access debt — licenses provisioned in the backend, creating issues your paying customers never face.
• Prioritization debt — your own use-cases deprioritized against revenue work, with no formal escalation path and no SLA to fall back on.

And in 2026, with most of the industry rushing to run its own AI internally and call that a strategy, that ledger is the part worth reading out loud.

The identity debt: nested groups nobody fully understands

Here is the exact sentence I put in front of stakeholders, about our own device-management setup:

Read that again as the person who runs the identity stack. SailPoint is our governance layer — joiner, mover, leaver; access reviews; certifications. It is supposed to be the part of the estate I can explain on demand. And in the slide, I told the room that a nested group structure underneath our own product’s device management was something whose workings weren’t well understood — because we were the reason it was about to exist. That clause is not a confession of incompetence; it is the honest physics of being first.

When your IT team is the earliest enterprise-scale user of a maturing product, you inherit its rough edges before anyone has filed them down — and you inherit them on production, against real accounts, including the internal ones with real privilege. The granularity you’d want in a mature IAM product isn’t there yet, precisely because you’re the customer who is about to force it into existence. Nobody outside the building sees that exposure. You do. And you’re the one carrying it.

The teaching point: Customer Zero status converts product immaturity into your security risk. Not the vendor’s — yours, because for the duration you are both the vendor’s lab and your own enterprise. If you don’t name that on a slide, it doesn’t go away. It just goes unmanaged.

The access debt: issues your customers don’t face

When you run your own product internally, you don’t go through your own front door. So in the deck I wrote down what came in the back one:

That last clause is the whole article in eleven words. Issues that our customers don’t face.

Backend provisioning feels like a perk and behaves like a liability. You end up operating a configuration that no paying customer would ever be sold, which means the bugs you hit are bugs nobody else can reproduce, the support paths are paths nobody else has to walk, and the fixes compete against a roadmap built for everyone but you.

So in the What do we need to continue? section, I wrote the ask plainly: fix license provisioning — make our internal customers have the same experience as our external ones. The fix for backend-provisioning debt is to stop being a special case. You eat off the same menu you hand the customer, or you are not actually dogfooding — you are running a private build and calling it proof.

The prioritization debt: deprioritized, with no clean way to escalate

The third debt is the quietest and, over time, the most expensive. From the same deck, the ask I wrote for it:

When IT is the internal customer, IT’s tickets are internal tickets — and internal tickets lose to revenue tickets. That is not malice; it is gravity. Product teams answer to paying accounts, and your use-cases get deprioritized against them with no formal queue and no service-level commitment to fall back on. The escalation path becomes tribal knowledge: you don’t file a ticket, you find a person.

That gap is why I wrote, on the same slide, the line I’d defend hardest — that as IT moves toward an outsourced, MSP-style model, reliance on first-response and resolution SLAs has become essential rather than optional. The informal goodwill that makes the early dogfooding fun is the exact thing that fails you at scale. Goodwill is not a service level. It does not survive the reorg that moves your favorite product manager three teams away.

The one position I’ll actually defend

Here is the line a generalist can’t sign, because it cuts against the grain of every Customer Zero success story — including the two I’ve published:

The cost column is the credibility. The wins slide buys you a nod. The challenges slide buys you a partner.

The moment I listed our nested-group risk, our backend-provisioning problem, and our deprioritization in front of the product and identity teams, two things happened that a wins-only deck cannot produce. First, every claim of partnership in the room became falsifiable — and therefore believable. A stakeholder who watches you name your own exposure stops auditing your good news. Second, the debts became shared work instead of my private liability. You cannot ask a product team to fix license provisioning, build you an escalation workflow, and commit to SLAs if you’ve never admitted on the record that those were broken. The honest column is what converts a feedback loop into a contract.

That is the inversion most Customer Zero programs get backwards. They treat the cost ledger as the part to keep off the executive deck, when the cost ledger is the part that earns the deck its weight. A win you self-report is a claim. A cost you self-report is evidence — that you understand the system well enough to see where it bleeds, and that you can be trusted with the parts of it that aren’t on a slide yet.

Why this lands harder in 2026 than it did in 2022

Swap “Resolve” for the AI system you stand up on your own data, and the entire ledger ports, line for line.

Run your own AI internally and you will provision its access the fast way — and you’ll be operating a privilege configuration no customer would be sold. Its agents and service accounts will land in your own identity plumbing — for me that is Workday into SailPoint into Entra ID — inheriting group structures whose blast radius is, to borrow my own slide, not well understood. Your internal AI use-cases will get deprioritized against whatever the product org is shipping for revenue, and you’ll find yourself chasing four channels to get one answer. None of that is a reason not to go first. Going first is still the edge — that argument I’ve made in full elsewhere, and the deeper point that this is an operating model rather than a feature stands. It is only a reason to keep the books honestly while you do.

The discipline is small, unglamorous, and non-optional. It is also a format you can clone — the deck’s own two slide titles are the template: a wins ledger and a cost ledger; each problem paired with the ask that fixes it.

• Name the identity debt before you scale the agent. Map the groups your internal AI will inherit, and write down — on the slide — what you don’t yet fully understand. Granularity you can’t explain is exposure you can’t govern.
• Refuse the backend shortcut, or log it as debt. If your internal instance is provisioned differently from the customer’s, you are not the customer. Either close the gap or carry it on the risk register with a review date next to it.
• Demand a service level before you depend on the favor. The week you make an internal system load-bearing — the way an AI assistant like Tech-E became load-bearing on our own Resolve surface — is the week informal support stops being acceptable. Get the SLA and the escalation workflow in writing while everyone still likes each other.

I’ll keep advocating for going Customer Zero. It remains the most honest credential in enterprise IT — you cannot fake having run the thing yourself. But the leadership signal was never the wins column. Anyone can present wins. The signal is whether you had the standing to write the bill next to them, hand it to the people who could see every number, and ask them to help you pay it down.

Go first. Read the bill first.

Common questions

What is Customer Zero Debt?
Customer Zero Debt is the identity, access, and prioritization liabilities an organization takes on by running its own product at enterprise scale before or alongside paying customers. It shows up in three forms: identity debt (internal access governed by group structures whose workings aren’t fully understood), access debt (licenses provisioned in the backend that create issues external customers never face), and prioritization debt (internal use-cases deprioritized against revenue work, with no formal escalation path or SLA). It’s a way Christian Merkel framed the cost side of the GoPilots Customer Zero program — and the leadership move is to name and manage it in writing, not hide it.

What does it mean to go “Customer Zero” with your own product?
Customer Zero means your own IT organization runs the company’s products internally — at real enterprise scale, against real accounts — before or alongside paying customers, feeding operational feedback directly to product development. In the GoPilots program that produced 233 feature submissions to ticketing at 46% integration and a separate 68 to asset management at 57% (both as of August 1, 2025). The credibility is unfakeable: you’ve actually run the thing. The catch is that you inherit the product’s rough edges on production before they’re filed down.

Why publish the downside of an internal program to stakeholders?
Because the cost column is what earns the room. A wins-only deck reads as a claim; naming your own identity, access, and prioritization debt in front of the teams whose work you’re critiquing makes every claim of partnership falsifiable — and therefore believable. It also converts those debts from one leader’s private liability into shared, fundable work. You can’t ask a product team to fix backend provisioning or commit to an SLA if you never put the problem on the record.

How does Customer Zero Debt apply to running your own AI internally in 2026?
The ledger ports line for line. An internally deployed AI system will likely be provisioned the fast way (a privilege configuration no customer would be sold), have its agents and service accounts land in identity plumbing whose blast radius isn’t fully understood, and have its use-cases deprioritized against revenue work. Going first is still the edge — the discipline is to map the identity debt before scaling the agent, refuse the backend shortcut or log it on the risk register with a review date, and secure a service level and escalation workflow before the system becomes load-bearing.