Category Archives: AI

Governance Is Not a Committee. It Is a Decision Architecture

Posted on by

A technology programme was delivered on time. The steering committee signed it off. The system went live on schedule and within budget. Twelve months later, usage across the organisation sat at eleven percent. The project had been a success by every measure the governance structure tracked. It had failed by the only measure that mattered.

Nobody was accountable for the eleven percent. The named owner had moved to a different role. The steering committee was dissolved at go-live. The vendor had fulfilled its contract. The organisation had built something that worked perfectly and was used by almost nobody, and no single person in the building could explain why.

That is not a delivery failure. It is a governance failure. And it is far more common than any organisation publicly admits.

 

What Governance Actually Is

Governance is one of those words that everyone uses and nobody defines. In most organisations, it has come to mean a structure: a committee, a framework document, an approval process, a risk register. Something you have rather than something you do. You have a governance framework. The governance is in place. The committee meets quarterly.

This version of governance is useless.

Governance is not a structure. It is a decision architecture. It is the infrastructure that determines how decisions are made, who makes them, what they are accountable for, and how fast the organisation can act when circumstances change.

Every organisation has a governance architecture, whether it has designed one or not. The informal version is still a governance architecture: decisions made by whoever is most senior in the room, accountability absorbed by whoever is most junior when something goes wrong, escalation triggered whenever someone is uncomfortable. It is simply a poor one. The difference between organisations that move well and organisations that stall is rarely capability. It is usually the quality of the decision infrastructure underneath the capability.

 

Governance Theatre

The most dangerous governance is the kind that looks correct from the outside.

Most large organisations have built governance that performs the appearance of oversight without the function. The risk register is meticulously maintained and never acted upon. The steering committee meets monthly and has not once paused a programme. The policy required six weeks of approval and is read by nobody after signing. The assurance review always concludes the project is on track.

This is more harmful than no governance, for one reason: it generates confidence without protection. The board believes the oversight is in place. The programme team believes the risks are managed. The organisation proceeds as if the architecture exists, while operating without it. When the failure arrives, it arrives at scale, having been invisible to every structure designed to catch it.

The question is not whether your organisation has governance. The question is whether your governance is real.

 

What Good Governance Looks Like

Good governance has five characteristics that distinguish it from the committee-and-checkpoint version most organisations have built.

The first is named ownership. Every material decision, every significant deployment, every consequential process has a single individual accountable for the outcome. Not a committee. Not a function. A person. The committee can advise. The function can review. One name sits against each thing that matters, and that person knows it and accepts it.

The second is authority that matches accountability. The most common governance failure is asking someone to be accountable for an outcome they cannot influence. If the named owner cannot pause a deployment, redirect a budget, or override a recommendation, their accountability is nominal. If you cannot identify what the accountable person can stop, you have not given them accountability. You have given them exposure.

The third is pre-agreed frameworks. Good governance does not require full escalation for every decision. It requires that boundaries are agreed in advance, so decisions within those boundaries can be made quickly, and decisions outside them trigger a defined path. The approval gate model creates queues. The framework model reserves escalation for the decisions that genuinely need it. Speed and governance are not a trade-off. They are a design choice.

The fourth is transparency of reasoning. Material decisions need a record. Not for audit purposes, but because the organisations that navigate change well are the ones where future leaders can understand not just what was decided, but why, what alternatives were considered, and what conditions would prompt a different outcome. This is not bureaucracy. It is institutional memory, and its absence is one of the most expensive losses any organisation experiences.

The fifth is a culture that supports use. The best governance architecture fails if the organisation punishes the people who use it correctly. The programme manager who escalates a risk that delays a milestone. The engineer who flags a model limitation that complicates a launch. The analyst who says the data is not fit for purpose. If those people are sidelined or not listened to, the framework is decorative. Governance is architecture and behaviour. Building the architecture without addressing the behaviour is half the work.

 

Governance Debt

There is a cost to governance failure that does not appear on any balance sheet until it is too late to address cheaply.

Every decision made without proper governance accumulates what might be called governance debt. The decision is made, the programme moves forward, the system is deployed. The cost is not visible immediately. It appears two years later, when the person who made the original choice has moved on, when nobody can explain why the architecture was designed the way it was, when the organisation needs to change a system it no longer fully understands and cannot safely modify.

Like financial debt, governance debt compounds. Small omissions early in a programme create disproportionately large costs at the point of change. The organisations that experience the most expensive transformations are rarely those that started with the hardest problems. They are those that accumulated governance debt in the early stages and discovered the interest charge when conditions changed.

 

The Speed Paradox

The dominant assumption about governance is that it slows things down. The evidence says otherwise.

Financial services is among the most heavily governed sectors in the world. It is also, by measurable data, among the fastest at moving AI from experimentation to production. Databricks’ analysis of enterprise AI adoption found that financial services improved its experimental-to-production ratio from 29:1 to 10:1 in under eighteen months, the sharpest improvement of any sector measured. The governance culture that financial services built under regulatory compulsion became, in practice, a deployment accelerant.

The reason is straightforward. When governance is architecture rather than checkpoint, when boundaries are pre-agreed and ownership is named, decisions within the framework do not require escalation. The work that in a poorly governed organisation requires a committee review happens at team level, within agreed parameters, without delay. The governance does not add a stage to the process. It is the process.

The organisations that move slowly under governance are the ones with checkpoints. The ones that move fast under governance are the ones with architecture.

 

Why AI Makes This Urgent

AI does not create governance problems. It amplifies the ones that already exist.

Every organisation deploying AI is making decisions at scale and at speed in ways that are not always visible to the people accountable for outcomes. When a model influences hiring, lending, clinical treatment, or procurement, the decision architecture governing that model matters as much as the architecture governing any senior leader. In some respects more.

Three risks are specific to AI. The first is accountability diffusion. When a decision is made by a model, who is accountable is rarely defined in practice. The model carries no accountability. The vendor carries it within narrow contractual limits. The organisation must deliberately assign it or it defaults to nobody, which is where most organisations currently sit.

The second is scale of error. A human decision-maker with a blind spot makes that error incrementally. A model with the same blind spot can make it thousands of times before the pattern is identified. The governance that catches a human error at ten instances must catch a model error at ten thousand. Most governance frameworks were not designed for that volume.

The third is the deployment and use gap. AI systems are deployed for a defined purpose in a defined context. They are then used in contexts their designers did not anticipate, by people not trained on their limitations, for decisions the governance framework never considered. Governance must follow the system into use, not stop at the deployment gate.

One additional risk is specific to the current moment. In most organisations, AI governance covers the official deployments. It has no visibility of, and no authority over, the AI already in use through personal accounts, consumer tools, and unapproved models. The governance gap that will produce the first visible failures is not in the formal AI programme. It is in the tools already running beneath the governance architecture’s line of sight.

For boards, this is a specific accountability question. Most are receiving AI updates without the frameworks to evaluate them. The question is not whether the organisation has an AI strategy. It is whether the board can answer four things: who is accountable for each material AI deployment, what authority they hold, what the escalation path looks like when something goes wrong, and whether the governance covers the AI that is actually in use rather than only the AI that was formally approved.

 

Three Questions That Will Tell You More Than Any Framework Audit

Name the person accountable for your most significant AI deployment. Not the team. Not the function. One person. If you cannot name them in under ten seconds, you do not have governance. You have the appearance of it.

When did your governance last stop something? Not delay it, not document a risk against it. Stop it. If the answer is never, your governance is not functioning as risk infrastructure. It is functioning as a record-keeping exercise.

If the three people who made your most significant programme decisions in the last two years left tomorrow, what would the organisation know about why those decisions were made? If the answer is not much, you are accumulating governance debt at a rate your future leaders will pay.

Governance is not a committee. It is not a document. It is the infrastructure through which an organisation makes consequential decisions, learns from them, and remains able to change course when it needs to.

Most organisations have not built that infrastructure. AI has not created that problem. It has simply made the cost of not solving it impossible to ignore.

What Regulated Industries Know About Speed That Everyone Else Is Learning the Hard Way

Posted on by

There is a common assumption in business that regulation slows you down. That the organisations operating fastest are the ones least constrained by oversight. That compliance is a tax on progress.

The organisations now paying the heaviest price for AI governance failures are the ones that operated for years on exactly that assumption.

IBM’s 2025 Cost of a Data Breach Report found that 63% of organisations experiencing a material breach either had no AI governance policy or were still developing one. Shadow AI alone added an average of $670,000 to individual breach costs. The Stanford HAI AI Index recorded 233 documented harmful AI incidents in 2024, a 56% year-on-year increase. These are not primarily failures in regulated sectors. They are failures concentrated in organisations that never had to build governance infrastructure because, until recently, they never had to.

Financial services, healthcare, and government have something that fast-moving technology companies are now being forced to acquire under duress: the institutional knowledge of how to move at pace while the governance is on.

 

The Misconception About Constraint

Leaders who have spent most of their careers in lightly regulated environments tend to read compliance as friction. Something that adds time to a decision, introduces review cycles, and requires additional sign-off. In that framing, less compliance means faster execution.

What this framing misses is the distinction between compliance as architecture and compliance as checkpoint. A checkpoint is friction. It exists at the end of a process, adds a review stage, and slows the pipeline. Architecture is different. When governance is built into how a system is designed and how decisions are made, it does not add a stage to the process. It is the process.

The organisations in financial services and healthcare that move fastest on AI deployment are not the ones that find clever ways around their regulatory obligations. They are the ones that have built governance into their operating model, their system design, their approval authorities, and their risk frameworks so thoroughly that compliance is not a separate consideration. It is already done by the time a decision reaches an approval point.

 

Thirty Years of Governance Muscle

This is not an accident. Regulated industries have had decades of pressure to solve exactly this problem. A bank that cannot move fast cannot compete. A hospital that cannot adopt new clinical technology falls behind in patient outcomes and staff capability. A government department that does not modernise its systems loses efficiency and public confidence.

The answer these sectors arrived at, not by choice but by necessity, is embedded governance. Named senior owners for material deployments. Cross-functional oversight bodies with actual authority to pause or redirect, not just to advise. Pre-approved frameworks that allow decisions to be made quickly within defined boundaries, rather than requiring full escalation every time.

The results are measurable. Healthcare AI adoption in outpatient and ambulatory care doubled in two years, from 4.6% of firms in 2023 to 8.7% in 2025, within one of the most tightly regulated environments in the world, according to research published in PMC drawing on US Census Bureau Business Trends and Outlook Survey data. That pace of change did not happen despite the regulation. It happened because enough organisations in that sector had built the infrastructure to move quickly and safely at the same time. Overall healthcare AI adoption still lags sectors such as information services and professional services, where adoption exceeds 20%. The doubling reflects a strong rate of growth, not yet sector leadership in absolute terms.

 

What the Unregulated Sector Is Now Facing

The regulatory picture for AI is more complex than it appeared eighteen months ago, and understanding that complexity matters.

The EU AI Act has been materially reshaped. Prohibitions on unacceptable AI practices came into force in February 2025. Obligations for general-purpose AI models followed in August 2025. But an AI Omnibus legislative package, agreed in May 2026, delayed the Act’s most commercially significant provisions, those covering employment, biometrics, critical infrastructure, and education, until December 2027 at the earliest. The timeline has extended. The direction has not changed.

In the United States, the trajectory is different. The current federal administration has moved toward a consolidated national framework, explicitly designed to preempt the patchwork of state-level regulation that was developing. Colorado’s original AI Act, among the most comprehensive state-level frameworks, was replaced in May 2026 by a narrower successor focused on disclosure obligations rather than risk management requirements. The patchwork has changed shape. Any organisation planning its governance around a specific jurisdiction’s requirements may be planning around a moving target.

AuditBoard’s 2025 research found that only one in four organisations has a fully implemented AI governance programme. Among organisations with only partial AI governance guidelines, just 25% feel confident in their AI posture. Among those with mature, embedded governance frameworks, that figure rises to 48%, according to research from the Cloud Security Alliance and Google Cloud. Governance maturity is the strongest predictor of AI readiness, above deployment volume, tool selection, or the pace of regulatory change in any given jurisdiction.

The leaders with an advantage right now are not necessarily the ones tracking the latest regulatory guidance. They are the ones who understand that IBM’s breach cost data is accumulating well ahead of any enforcement regime. The external pressure may have shifted its timeline. The operational risk has not.

 

Governance as Competitive Advantage

The organisations that will move fastest through the current period of regulatory evolution are not the ones trying to stay ahead of each new requirement as it emerges. They are the ones building governance architecture now that will not need to be retrofitted later, whatever form external pressure eventually takes.

That means a named owner for every material AI deployment, not a committee, a person. It means oversight that has genuine authority to pause a deployment, not just to note concerns. It means pre-approved tooling and decision boundaries that allow teams to move without full escalation while still operating within defined risk tolerances.

This is not new governance theory. It is the operating model that financial services and healthcare organisations were forced to develop, iteration by iteration, under regulatory pressure. The knowledge exists. The question is whether leadership teams outside those sectors are willing to learn from it before the external pressure forces the same hard lessons.

The evidence that governance accelerates rather than inhibits deployment is not theoretical. Databricks’ State of AI Enterprise Adoption report found that financial services leads across industries in moving AI from experimental to production, and were up to 3x more efficient. The governance-first culture that financial services built under regulatory compulsion has become, in practice, a deployment accelerant.

Speed and compliance are not opposites. In the organisations that have figured this out, they are not even in tension. Governance is the infrastructure that makes speed sustainable.

The industries that built that infrastructure under duress are now, inadvertently, the ones best positioned to show everyone else how it works.

The Problem With Your AI Strategy Is Not the AI

Posted on by

The boardroom conversation has shifted. Not to whether AI matters. That debate is over.

The new question is what to actually do with it. And the 2025 data suggests most organisations are answering it badly.

BCG’s research found that 60% of companies globally are generating no material value from AI despite significant investment. McKinsey’s 2025 State of AI survey found that nearly 80% of organisations are regularly using generative AI in at least one function, yet only around 5% are seeing substantial financial returns. The gap between AI as a boardroom announcement and AI as a functioning operational capability is the defining management challenge.

 

The pressure is real. The direction is not.

Executives are asking about AI. Vendors are selling it. Competitors are announcing it. Boards are expecting it.

And in the middle of all that noise, organisations are launching AI initiatives without defining what success looks like. That is not ambition. It is drift with a budget.

The fear of being left behind is understandable. But speed without clarity produces activity, not results. And activity without outcomes is expensive.

RAND Corporation’s 2025 research into AI project failure found that 80.3% of initiatives failed to deliver their intended business value. A third were abandoned before reaching production. A further 28% reached completion and still failed to deliver. The problem is not a lack of investment or effort. It is a lack of clarity about what the investment is actually for.

 

Most organisations are starting in the wrong place

The most common mistake in AI adoption is starting with the tool rather than the problem.

The conversation usually begins with: “What AI platform should we procure?” It should begin with: “What is broken and where?”

AI is not a business objective. It is a capability. And capabilities only create value when they are pointed at something real.

BCG’s research found something that cuts against the instinct of most organisations. The organisations generating real value from AI average 3.5 use cases. Those generating no value average 6.1. More is producing less.

The organisations getting results are not asking which platform to buy. They are asking where their people are losing time to work that should not exist. Where good decisions are being slowed down by fragmented information. Where a process that should take hours takes weeks because nobody has questioned whether it needed to be that way.

That is the right starting point. Not a procurement conversation. A diagnostic one.

 

AI exposes what you were already avoiding

Many leaders believe AI will fix their inefficiency problem. It will not. It will make it harder to ignore.

Unclear processes do not get fixed by AI. They get amplified by it. Poor data quality does not improve because a model has been deployed on top of it. Weak governance does not disappear. Siloed departments do not start collaborating because there is an AI tool in the mix.

The evidence on data readiness is striking. Cloudera and Harvard Business Review Analytic Services, surveying enterprise organisations in early 2026, found that only 7% said their data was completely ready for AI. More than a quarter said it was not ready at all. Gartner estimates that 60% of AI projects unsupported by AI-ready data will be abandoned through 2026.

The obstacle in most AI projects is not the technology. It is the organisation the technology is being asked to work inside. Not the model. Not the platform. Not the vendor. The organisation itself.

 

Fewer tools. More focus. Better results.

Buying advanced technology does not automatically create change. It creates the expectation of it.

Many organisations are deploying AI on top of environments defined by disconnected systems, inconsistent processes and poor data. They are not implementing AI. They are automating the same dysfunction at scale, with a larger budget attached to it.

The organisations getting real value are not the ones running the most pilots. They have chosen a small number of problems that matter, built the right foundations to address them, and stayed focused long enough to see results. They do not announce it. They build it.

They also understand something most organisations have not yet accepted. AI should work in service of a clear business direction. If that direction is unclear, AI will not provide it.

 

Stop performing AI and start implementing it

A significant portion of what organisations call an AI strategy is AI theatre. Presentations. Innovation labs. Pilot programmes. Strategy papers. Announcements. And very little operational change.

IDC’s 2025 research found that for every 33 AI proofs of concept an enterprise starts, only four reach production. A March 2026 survey of 650 enterprise technology leaders found that 78% of enterprises have AI agent pilots running but fewer than 15% have reached production deployment. The pilots do not fail because the technology is immature. They fail because the hard work of creating the conditions for success was never done.

That hard work is not glamorous. It is redesigning how work flows. Making difficult calls about what to stop doing. Getting data into a state a model can actually use. Bringing people along rather than announcing change at them. None of it photographs well for a board update.

But that is what transformation actually looks like. The rest is performance.

If your AI strategy looks like a series of well-designed slides with no corresponding change in how work gets done, you do not have an AI strategy. You have a communication exercise.

 

The question every organisation eventually has to answer

Every organisation reaches the same moment. The excitement fades. The pressure increases. The questions get harder. And someone in that room finally asks: “What exactly is this improving?”

The organisations with a clear answer will accelerate. The ones without one will keep funding a future they never properly defined.

The question is not whether your organisation is using AI. Most are. The question is whether you can name, in a single sentence, the operational problem your AI investment is solving, and how you will know when it is solved.

If you cannot, the technology is not the problem.

Already Building: Epic Agent Factory and the Governance Gap

Posted on by

The pre-mortem on Epic Agent Factory asked who would answer when a health-system-built agent made a clinically significant error. It published on 9 June. I have since learned of a Becker’s Hospital Review report from 30 March confirming that one of America’s largest health systems had already been building those agents for weeks before the question was published.

It confirms the pre-mortem’s central argument. Neither the research nor the article surfaced how quickly the sequence had already begun.

 

The Deployment That Was Already In Motion

Advocate Health had already tapped Epic’s Agent Factory, becoming one of the first health systems to build and deploy agents through the platform. Andy Crowder, Advocate Health’s SVP and Chief Digital and AI Officer, described the direction in a LinkedIn post on 26 March: “By combining Epic’s Agent Factory Platform capabilities with Advocate Health’s scale, clinical insight, and commitment to innovation, we’re translating AI from promise into practice.” He pointed to a three-day Epic immersion at The Pearl innovation district in Charlotte, focused on speeding up pharmacy verification for complex medications and cutting infusion chart preparation time for pharmacists and nurses. Four working prototypes emerged, scheduled to go live in July 2026.

Crowder added: “Together, we’re advancing responsible, practical AI that fits naturally into clinical workflows, reduces friction, and gives clinicians back time to focus on what matters most.” It is a considered statement, and the commitment is genuine. But it is not a governance document. And Advocate Health is not unusual here. They are representative. They moved first because the platform enabled it, the commercial pressure to reduce administrative burden was real, and nothing in the regulatory landscape said stop.

This is the sequence the pre-mortem described. Capability arrived. Deployment followed. The governance architecture to surround it had not been ratified.

 

The Workflows That Come Next

Pharmacy verification and infusion chart preparation are not, in themselves, clinical decision-making. They reduce documentation burden and carry genuine operational value. But they are the entry point, not the ceiling.

Epic’s own Penny agent already handles prior authorisation for thousands of health systems. Agent Factory is the platform through which health systems build their own versions of exactly those capabilities. Prior authorisation sits at the intersection of clinical judgment and payer approval. An AI-generated argument that misrepresents a contraindication, omits a relevant diagnosis, or positions a clinical case in a way that leads a payer to deny appropriate care causes harm that is downstream and deniable. The agent did not make the clinical decision. But the agent shaped the argument that influenced it.

The pre-mortem’s central question, who owns the error, was always pointed at this trajectory. The agent is built by the health system, on Epic’s platform, using Curiosity’s foundation models, in a regulatory environment where no one has yet specified how liability is allocated between vendor and deployer. Advocate Health’s prototypes are the first step of a sequence that leads directly to that question.

 

Colorado Tried to Build the Rails

While health systems were building, legislators in Colorado were attempting to create the governance scaffolding that the platform lacks at a federal level. Three separate AI-related healthcare laws had been passed by June 2026, each addressing a different dimension of the problem, and each confirming the same underlying gap.

Colorado’s original AI Act, SB 24-205, was scrapped before it ever took effect. A legal challenge from X.AI in April 2026, supported by federal intervention from the DOJ, led to enforcement being suspended and the legislature repealing the law entirely. Its replacement, SB 26-189, was signed on 14 May. It is a narrower law, retaining consumer notice requirements and the right to meaningful human review following adverse outcomes, but dropping the duty-of-care standard and mandatory impact assessments that had made the original controversial. It takes effect January 1, 2027.

HB 26-1139, signed on 2 June, constrains how payers use AI in coverage determinations. It requires that AI-driven decisions be based on the patient’s individual medical and clinical history rather than group data, and that any denial or delay of coverage based on medical necessity receive review by a licensed clinician. It too takes effect January 1, 2027.

Together, SB 26-189 and HB 26-1139 create obligations on both sides of the prior authorisation workflow. Neither specifies who bears the cost when an agent-generated output leads to the wrong clinical outcome. Three laws confirming the gap exists is not the same as closing it.

 

The Sequence Is Not a Prediction. It Is a Pattern.

On 1 June 2026, eight days before the pre-mortem was published, the Joint Commission launched its first voluntary AI certification programme for healthcare organisations. Built on the initial guidance published with the Coalition for Health AI in September 2025, the certification covers governance, data management, risk and bias reduction, and monitoring. It is a meaningful step forward. But the certification recognises organisations, not individual tools. It does not validate or certify individual AI products. It contains no discussion of liability allocation. It is a framework for responsible intent, not a mechanism for accountability when something goes wrong.

Epic has not published a liability framework specifying what a health system owns when a self-built Agent Factory agent produces a clinical error. No Epic contract language or public terms of service document does so. No federal regulatory body has published guidance specifically addressing liability allocation for agentic AI operating within EHR environments. The FDA has authorised more than 1,400 AI-enabled devices and issued no specific enforcement guidance for agentic AI in EHR environments.

The pre-mortem’s conclusion was that if Epic published a clear liability framework and paired it with a safety review mechanism, Agent Factory could become the defining infrastructure layer of hospital AI over the next decade. That conclusion stands. What the evidence now confirms is that the clock is not running from some future launch date.

It was already running.

Tokens Don’t Run Transformation Programmes

Posted on by

Somewhere right now, a CFO is presenting a slide that frames it as: tokens or headcount. Allocate to AI infrastructure, reduce salary costs, reinvest in capability. The maths is clean. The logic looks compelling. The slide is wrong.

The phrase “tokens or humans” has entered the corporate vocabulary fast. CNBC ran it as a headline in May 2026 and they were right to, because it captures something real: organisations are now making explicit choices between paying for people and paying for AI. But the framing treats it as a resource allocation problem. It isn’t. It’s a transformation governance problem, and most organisations are making the call before they understand what they are trading away.

 

The Numbers Look Better Than They Are

More than 142,000 tech jobs have been cut in 2026 already. Amazon, Meta, Salesforce, Block, Cloudflare. Executives are public about the logic: AI agents handle what humans used to, smaller teams move faster, capital gets redirected to infrastructure. The numbers are real.

So are these: over 80% of companies using AI showed no productivity benefit in a February 2026 study. Uber burned through its entire annual AI coding budget in four months. Microsoft cancelled a large tranche of Claude Code licences after six months. Productivity gains in controlled studies can be significant. In most real-world settings, the gains are a fraction of what those studies suggest, if they materialise at all.

Token prices are falling, yes. Gartner projects a 90% reduction by 2030. But Goldman Sachs projects a 24-fold increase in enterprise token consumption over the same period. The unit cost goes down; the total bill goes up. Companies reporting their AI budgets exhausted in one or two months are not outliers. They are the pattern.

The trade-off that looks like a saving is, in many cases, a substitution of one cost for a more volatile, harder-to-govern one.

 

You’re Cutting the Wrong People

Here is the part executives are not discussing on those slides.

When organisations reduce headcount to fund AI infrastructure, they do not cut at random. They cut operational staff, programme delivery roles, change management functions, middle management layers. These are the roles that look like friction. In a spreadsheet, they are the easiest cost to justify removing.

In a transformation, they are the load-bearing walls.

The tacit knowledge that keeps a complex programme on track does not live in a document or a prompt. It lives in the people who have navigated the politics three times before, who know which stakeholders will quietly block a decision, who understand why the last attempt failed. AI does not have that context. More importantly, it cannot build it. It can only work with what you give it.

When transformation programmes stall, which they do with regularity, the most common cause is not a lack of technology. It is a lack of people who know how to move organisations through change. Cutting those people to fund AI tools that have not yet delivered consistent productivity returns is not a strategy. It is a bet. And it is a bet being made with institutional knowledge that cannot be easily rebuilt.

 

The Governance Question Nobody Is Asking

Most boardroom conversations about tokens versus humans are efficiency conversations. They should be risk conversations.

Specifically: what is the reversibility of this decision? Hiring back experienced programme delivery professionals, change managers, and technology integrators in a tighter labour market is slow and expensive. The talent you let go walks straight into competitor organisations or into consulting. You do not get it back on demand.

Meanwhile, the AI infrastructure you are funding with those savings is subject to vendor pricing changes, model deprecation cycles, and adoption curves that are far less predictable than a salary line. The White House’s own March 2026 AI governance framework acknowledged the workforce transition risk. State lawmakers introduced hundreds of AI-related bills in 2025. Political and regulatory pressure is accelerating.

Boards approving headcount reductions to fund AI should be asking: what is our recovery plan if the productivity gains do not arrive on the timeline assumed? Few are.

 

What Good Decision-Making Looks Like Here

The organisations getting this right are not choosing between tokens and humans. They are sequencing the decisions differently.

They are deploying AI where the productivity case is proven and measurable: customer-facing automation, code assistance, data analysis, routine administrative work. And they are preserving the human capability needed to execute the transformation that makes AI integration actually work.

They are building governance frameworks around AI spend with the same discipline applied to capital programmes: defined outcomes, stage gates, budget controls, and exit criteria if results do not materialise. They are not treating AI infrastructure as a guaranteed return.

They are also being honest internally about what is driving the headcount decisions. If cost pressure is the real driver and AI adoption is the justification, that is worth naming clearly. Obscuring the actual motivation behind a technology narrative creates cultural damage that outlasts the short-term saving.

 

The Slide Does Not Run the Programme

The “tokens or humans” framing will stick around because it captures something real about the economics of 2026. But it is a simplification that is costing organisations more than they realise.

The numbers are not the decision. The decision is how you get from where you are to where you need to be. That still requires people who know what they are doing.

Your AI Isn’t the Problem. Your Organisation Is.

Posted on by

The technology isn’t the problem. It never was.

CEOs have finally said what transformation leaders have known for years. According to CIO.com‘s 2026 digital transformation analysis, a growing view at board level is this: AI adoption is failing because of workforce dysfunction and management failure, not because the tools aren’t good enough. The tools are excellent. The organisations deploying them are not ready.

That sounds like progress. It is not, entirely. Because the honest follow-on question, the one almost nobody is asking out loud, is this: what does it actually cost to fix an organisation that isn’t ready? And more to the point, who is being straight about that number?

 

The Comfortable Diagnosis

Acknowledging a workforce problem is easier than solving one. I have seen this pattern many times. The conversation shifts, the language changes, and suddenly the organisation is talking about upskilling programmes, change management workshops, and appointing a Chief AI Officer. Comfortable. Budgeted. Deliverable. Launch event confirmed.

Also insufficient.

What CEOs are actually describing is a change architecture challenge. Not a training programme. Not a comms plan. How do you get a workforce to reconfigure around fundamentally different ways of working, without losing the institutional knowledge and relationships that make the business worth anything? That takes years. In my experience, the failure rate is high, and rarely discussed honestly before the programme starts. And it requires a very different kind of leadership than deploying technology does.

 

What Boards Have Not Priced In

Technology investment decisions follow a familiar pattern. The vendor presents the business case. The pilots show strong results. The board approves the budget. The programme launches.

What nobody puts on that slide is the organisational cost of change. Not the cost of the technology. The cost of the human system that has to absorb it. The management bandwidth consumed. The productivity drop during transition. The cultural resistance that does not show up in workshops but absolutely shows up in usage data six months after go-live. The governance rework needed before AI-assisted decisions can actually be trusted.

Boards have been pricing in technology risk. They have not been pricing in change architecture risk. Those are different categories, and conflating them is precisely how organisations end up with expensive tools and thin results. The numbers bear it out. CIO.com‘s analysis of AI misconceptions found that 42% of companies abandoned most AI initiatives in the past year, up from 17% the year before. That is not a technology failure rate. That is an organisational one.

 

The Consultancy Pivot Is Real, and Worth Watching

The market is starting to notice. As Florian Douetteau, CEO of Dataiku, put it: “Instead of selling cloud migrations and data platforms, consultants will start selling organisational rewiring to prepare for AI-run operations.”

He is right. And executives need to tell the difference between genuine expertise and repackaged change management with AI branding.

The signal is specificity. Anyone selling organisational rewiring should be able to answer three questions: What does the post-rewired organisation look like, and how is it materially different from today? How do you measure progress at the midpoint, not just the end? And what happens when it does not go to plan?

Vague answers are a warning sign. If the firm cannot describe the failure modes honestly, they are probably not equipped to help you navigate them.

 

The Transformation Leader’s New Mandate

The transformation leader’s remit has shifted. It is no longer primarily about technology deployment. It is about change architecture: the sequencing, the governance, the capability-building, the stakeholder management that lets an organisation absorb new ways of working without destabilising what already works.

Harder to sell on a slide. Harder to put an end date on. Harder to celebrate in a press release. But it is the actual work, and anyone who has run a transformation programme at scale knows it.

The practical implication: if you are accountable for AI adoption and spending more time managing technology vendors than managing your leadership team’s readiness to change, you are working on the wrong problem.

 

Three Things Worth Doing Now

Start with an honest capability audit, not of your technology stack, but of your management layer. Which leaders have the resilience to sustain adoption pressure? Which ones will quietly resist in ways that never surface in a steering group but absolutely show up in usage data? You need to know before you scale.

Re-examine your success metrics. If the primary measures are deployment milestones and licence utilisation, you are measuring the technology, not the adoption. Add behavioural indicators: how are decisions being made differently, how has workflow changed, what are managers doing that they were not doing before?

And build the longer timeline into the plan, not as a caveat but as a structural reality. If your board believes this is an eighteen-month programme and you privately know it is a four-year change effort, that gap will surface. Better now, through a direct conversation, than in a programme review where the numbers no longer make sense.

 

The Gap Is the Risk

The AI is ready. Most organisations are not. The risk is not the gap. The risk is the pretence that it is smaller than it is, approving investment on that basis, and finding out the real cost when there is no runway left to correct it.

Honesty about the gap is not pessimism. It is the foundation of a credible plan.

AI Deployment Without Governance Is Not Transformation

Posted on by

AI deployment without governance is not transformation. It is expensive experimentation.

Most organisations know this. And most organisations are doing it anyway.

The pressure to deploy is real. Boards are asking about it. Competitors are announcing it. Technology vendors are selling it with a conviction that borders on evangelical. And so CIOs, CTOs, and transformation directors are buying, piloting, integrating, and announcing. The pace of activity is impressive. The demonstrable results, when you look past the press releases and the internal communications, are considerably less so.

The problem is not the technology. The tools are genuinely capable, some remarkably so. The problem is what has been skipped in the rush to deploy: the governance infrastructure that determines whether AI investment creates accountable, measurable, sustainable value, or simply generates activity that resembles transformation while the underlying risks accumulate, unmanaged and unmeasured.

 

What Ungoverned AI Actually Looks Like

Every organisation that has rushed deployment without the infrastructure to support it shows the same patterns.

Proliferation without accountability. AI tools appear across departments, purchased by individual teams, integrated into workflows, processing sensitive data, producing outputs that influence decisions. Nobody owns it. Nobody monitors it. Nobody is accountable when something goes wrong. And something will go wrong.

Measurement without meaning. Leaders can tell you how many tools have been deployed, how many users are active, how many hours have been saved. What they cannot tell you is whether those savings translate to outcomes that matter, or whether the metrics being tracked were chosen because they were easy to collect rather than because they were meaningful. The reporting looks credible. The underlying picture is opaque.

Risk without recognition. AI systems inherit the biases in the data they are trained on. They produce errors in ways that are not always visible. They embed themselves in decision-making processes in ways that are difficult to unpick. Without governance structures that surface and manage these risks, organisations are running exposures they have not modelled and cannot quantify. This matters in every sector. In healthcare and financial services, it is potentially catastrophic.

Adoption without sustainability. Most AI deployments stall not because the technology fails, but because the human system around it was never properly designed. People use the tool when it is mandated. They stop when the mandate loosens. The promised transformation does not materialise because the operational disciplines required to embed new ways of working were never built. The pilot looked like a success. The programme was not.

 

Why Governance Gets Skipped

Because it is slower than deployment. Because it requires difficult conversations about accountability that nobody wants to have in a climate of enthusiasm and competitive anxiety. Because governance sounds like bureaucracy to people who have come to associate progress with pace.

The irony is that skipping governance does not make things faster. It makes the eventual reckoning slower, more expensive, and considerably more painful. An AI system embedded across an organisation’s core processes without proper oversight is not an asset. It is a liability with a very good PR strategy.

The organisations that have moved most decisively into AI without governance infrastructure are not ahead. They are exposed. They have made commitments they cannot sustain, taken risks they cannot quantify, and created dependencies they cannot easily exit. That is not a position of strength. It is a position of fragility that has not yet been tested.

 

What AI Governance Actually Means

Not a committee. Not a policy document on an intranet page that nobody reads. Not a risk register reviewed quarterly and then filed. Those are the bureaucratic imitations of governance. The real thing is different.

Real AI governance means someone is accountable for every deployed AI system, with a clear mandate, clear authority, and clear consequences when standards are not met. It means data quality is a precondition for deployment, not an afterthought. It means risk frameworks are designed before tools go live, not retrofitted after something fails. It means adoption is planned around outcomes, not headcount or activity metrics.

It also means the organisation has an honest view of its own readiness. Not every process is ready for AI. Not every dataset is clean enough. Not every team has the change capability to absorb a significant operational shift. Good governance makes that assessment before investment is committed. Not after.

There is also a strategic dimension that is frequently missed. AI governance is not just a risk management function. It is a value protection function. Organisations that govern well can identify what is working, scale it deliberately, and stop what is not working before it becomes costly. Organisations that do not govern well discover problems at the worst possible time: through failures that are visible, expensive, and in the current regulatory environment, increasingly public.

 

Three Questions Worth Asking Before the Next Deployment

Who is accountable for the outcomes of this AI system, defined by the results it produces, not the tool it deploys?

How will we know if this is working, measured by the things that actually matter, not the metrics that are easy to count?

What are the risks we have not fully modelled, and who owns them?

If the answers are unclear, the organisation is not ready to deploy. It is ready to experiment. And experimentation, at the scale and pace of current AI investment, is not a cost most organisations have properly accounted for.

The organisations that will extract durable value from AI are not the ones moving fastest. They are the ones that have built the infrastructure to know what is working, why it is working, what the risks are, and what to do when things go wrong.

That infrastructure is governance. And without it, transformation is not what you are doing.

AI Is Eating Theory. Companies Are Firing the People With Judgement.

Posted on by

 

AI is replacing the work that used to define the first decade of a career. At the same moment, organisations are quietly thinning out the people whose work AI cannot do.

That pairing sits somewhere between obvious and uncomfortable, depending on which part of the workforce you sit in. The data behind it is no longer disputed. The talent decision being made in response to it is almost universally backwards.

 

What AI is actually replacing

The popular framing of AI in the workplace is that it threatens knowledge workers broadly. The 2025 data tells a sharper story.

Stanford’s Digital Economy Lab released a study in November 2025 with the deliberately unsettling title Canaries in the Coal Mine. It tracked employment in occupations highly exposed to AI from late 2022 onwards. Workers aged 22 to 25 in those roles saw employment fall by roughly 13%. Workers in their forties, fifties and sixties in the same occupations continued to grow.

The mechanism is not redundancy. It is non-replacement. Entry-level vacancies are quietly not being backfilled. The career ladder is losing its bottom rungs.

The Stanford authors are unusually direct about why. AI is replacing codified knowledge, the part of expertise that can be written down, while complementing the experiential wisdom that only comes from years on the job. Other 2025 work in customer support and software development tells the same story. AI lifts the bottom of the distribution faster than the top. Two-month-experience workers using AI now match six-month-experience workers without it. The work AI does best is the kind of standardised, learn-from-a-book task that used to define the first few rungs of a career.

 

The thing AI cannot replicate

There is a second half to this story that gets less coverage.

Boston Consulting Group ran a study with Harvard Business School using 758 of its own consultants and GPT-4. On standard tasks, AI users completed 12% more work, 25% faster, with 40% better quality. The finding that rarely makes the press summary: when the same study tested tasks designed to fall outside the model’s actual capability, consultants using AI were 19 percentage points less likely to produce correct solutions. AI made experts wrong more often when the problem required judgement AI lacked.

The capability to know when to trust an AI answer and when to override it is itself a function of experience. It is built from a personal library of cases, situations and outcomes that no model has been trained on.

Decades of research in naturalistic decision-making, the field Gary Klein founded by watching firefighters and military commanders make calls under uncertainty, describes the same mechanism. Experts under pressure do not deliberate between options. They pattern-match against situations they have seen before. The library is built by exposure, not by reading frameworks.

This is what is meant by judgement. It is the residual human advantage in the AI era, and it has a clear demographic profile.

 

The talent decision being made backwards

Put the two findings beside each other.

AI is removing the codified, junior-level work fastest. The cohort whose work AI is actually complementing is the experienced one. The economic logic of an organisation in 2026 should be to lean into that experienced layer, because it is the part of the workforce AI cannot reproduce and which increasingly determines the quality of any AI-augmented output.

What organisations are doing instead is the exact opposite. The over-50 cohort is being quietly thinned through restructures, voluntary exit programmes, redundancy schemes, and the slow erosion of roles experienced workers tend to hold. It is rarely a stated policy. It is almost everywhere a pattern.

The talent decision is being made backwards. The cohort being pushed out is the one most worth keeping. The cohort being squeezed at the bottom is the one whose work AI is already doing. The organisation ends up with no future and no memory.

 

The cost of forgetting

There is an institutional dimension to this that gets ignored because it does not show up in the next quarterly report.

Roughly 42% of an organisation’s working knowledge sits in the heads of individual employees and nowhere else. Industry estimates put the cost of knowledge loss from rapid organisational change at tens of billions of dollars a year across Fortune 500 firms. The direction is consistent even where the precise figure varies. Restructures remove people, and the people take the unwritten knowledge with them. A newly arrived CEO who clears out the over-50 cohort does not just lose those individuals. They lose the only group who remembers why the last three transformations failed and what is different about this one.

That is not a fairness argument. It is a structural one. The organisation is paying a real cost. It will appear on the books eighteen months later, in the form of mistakes the experienced layer would have caught.

 

What we are not calling it

Age discrimination is unlawful in most major jurisdictions. It is also one of the most reliably under-reported categories of workplace harm, because it is rarely framed as discrimination by the people doing it.

ProPublica’s multi-year investigation into IBM found the company eliminated more than 20,000 workers aged 40 and over from 2013 onwards. The US Equal Employment Opportunity Commission concluded in 2020 that the layoffs had a clear adverse impact on older workers. More than 85% of those targeted for layoff in that period were older workers, even when rated as high performers. In 2023, former IBM HR professionals filed suit alleging termination linked to age and explicit plans to replace them with AI.

Almost no one running these processes describes them as age discrimination. They are called “right-sizing,” “talent refresh,” “succession planning,” “rebalancing the pyramid.” The language and the outcome have been routinely diverging for at least a decade. What is new in 2025 is that AI has made the underlying decision economically illiterate as well as legally exposed.

 

Where this leaves you

If you run an organisation that has quietly pushed out the experienced cohort, you have spent real money to remove the layer of your workforce AI cannot replicate, while leaving in place the layer whose work AI is doing without you noticing.

The question is not whether you can afford to keep experienced staff. It is whether you can afford to lose them at exactly the moment they became the most valuable people on your payroll.

Smarter, Faster, More Dangerous: How Hackers Are Using AI to Target You

Posted on by

Cyberattacks used to take time.
A convincing phishing email required effort. A fake website needed a designer. Voice impersonation meant hours of editing.

Not anymore.

Thanks to generative AI and widely available tools, today’s hackers can launch highly convincing, targeted attacks at scale, and they’re getting much better by the day.
The days of poorly written scam emails and generic threats are long gone. What we’re now seeing is a new era of intelligent, adaptive, and believable cybercrime.

And all that isn’t the scary part.
It’s not just corporations being targeted. It’s you.

What’s Changed?
AI has lowered the barrier to entry for cybercriminals.
What once required technical skills can now be done with simple prompts, pre-built tools, and large language models. Hackers no longer need to be code-savvy, they just need to know what to ask AI to do.

Some of the most common and dangerous tactics include:

1. AI-Enhanced Phishing Emails
You know the old tell-tale signs of a scam email, bad grammar, odd formatting, suspicious links.

But now?
AI models can craft flawless, natural-sounding messages that mimic corporate tone, structure, and urgency. Some are even personalised using information scraped from social media or public platforms.
A Harvard Business Review article warns that AI is not only increasing the volume of phishing scams, it’s making them dramatically more believable, eroding the traditional red flags people rely on.

Examples:

  • “Your HR document has been flagged for review.”
  • “Unusual login activity detected. Please confirm access.”

These messages look like they came from your IT department. They’re often convincing enough to trick even experienced professionals.

2. Instantly Generated Fake Websites
Previously, creating a fake login page or payment portal took time. Now, AI can generate realistic website templates in seconds, complete with company logos, branding, and believable copy.

According to Axios, a security firm found that attackers used generative AI to spin up over 130 phishing sites mimicking Okta’s login pages in under 30 seconds, faster than most organisations can detect them.

Hackers use these sites to:

  • Steal login credentials
  • Collect payment details
  • Harvest personal information

And with AI image tools, they can even generate realistic “employee photos” and fake testimonials to make it all look legitimate.

3. Deepfake Audio and Voice Cloning
Voice imitation isn’t science fiction anymore, it’s a real and rising threat.

With just a few seconds of audio (often taken from videos, podcasts, or voice notes), AI can clone someone’s voice and generate new speech that sounds eerily accurate.

This threat has already gone mainstream. The Wall Street Journal reported a rise in deepfake CEO scams, where criminals impersonated executives to trick employees into making large financial transfers. In one case, a UK engineering firm, Arup, lost $25 million to a realistic deepfake video of its CFO during a fraudulent video call.

Scenarios include:

  • A “CEO” calling an employee requesting an urgent wire transfer
  • A loved one’s voice asking for help while travelling
  • A “bank representative” confirming personal details

As AP News points out, even 30 seconds of audio is enough to train a convincing voice clone.

4. AI Chatbots and Social Engineering
Hackers are deploying AI-powered chatbots on fake websites, posing as support agents or HR reps.

These bots:

  • Engage victims in believable conversations
  • Ask probing questions
  • Capture sensitive information over time

And they learn quickly. The more people interact, the better they become at deception.

5. Highly Targeted Attacks (Spear Phishing 2.0)

With access to LinkedIn profiles, public emails, and personal posts, AI can generate customised attacks that feel personal.

You might receive an email from a “colleague” referencing a recent project. Or a text that uses your child’s name.

This hyper-targeted approach increases trust, and increases the chance you’ll click.

Even Government Sites Are Being Faked

Hackers aren’t just targeting companies and individuals, they’re now cloning government websites with alarming accuracy.

A recent TechRadar report revealed that attackers are using AI to build replicas of official government portals, tricking citizens into submitting tax details, bank info, or ID documents.

Why This Should Concern Everyone

Cybercrime is clearly no longer just a corporate risk.

It’s personal, scalable, and increasingly indistinguishable from real communication.

And the tools hackers use are getting faster, cheaper, and smarter.

Even careful individuals are falling for scams that, five years ago, wouldn’t have passed the sniff test.

As the Economist notes, we’re entering an era where AI-enabled cybercrime may outpace traditional digital defences, causing massive financial and societal damage.

So, What Can You Do?

1. Stay Sceptical, Even When It Sounds Right
Don’t trust by default. Even if a message or voice seems legitimate, double-check independently.

 

2. Verify URLs and Sender Addresses
Look closely at email addresses, links, and domain names. AI-generated scams often use domains that look almost right.

 

3. Avoid Clicking, Go Direct Instead

If you receive a message from your bank, employer, or supplier, visit their website directly rather than clicking a link.

4. Use Multi-Factor Authentication
It adds a second layer of protection even if your login details are compromised.

5. Talk About It
The more we educate each other, family, colleagues, employees, the harder it becomes for scams to succeed.

Takeaways That Matter

AI is a powerful tool, but it’s not neutral.
The same technologies that help us write, code, and communicate are being used to deceive, manipulate, and exploit.

This is more to do with awareness rather fear.

Because in a world where anyone can fake anything, critical thinking becomes your first line of defence.

The best protection you have is to stay informed, stay alert, and stay a step ahead.

AI-Powered PMOs: What You Need to Know

Posted on by

The Future of PMOs is Not Just Smarter – It’s Transformational

What if AI could redefine the role of the Project Management Office (PMO) entirely?
For years, PMOs have been the backbone of organisational efficiency, but the rapid evolution of artificial intelligence is not just streamlining project oversight, it is transforming how projects are planned, executed, and evaluated.

AI-powered PMOs are much more than an operational upgrade. Leaders who understand and embrace this shift will drive efficiency, enhance decision-making, and position their organisations ahead of the competition.

 

Why AI is Reshaping PMOs

Traditional PMOs face persistent challenges:

  • Overwhelming Data – Managing multiple projects generates vast amounts of information, making it difficult to extract actionable insights.
  • Inefficiencies in Resource Allocation – Manual planning often leads to overworked teams or underutilised talent.
  • Limited Foresight – Without predictive analytics, PMOs struggle to anticipate risks and proactively address them.

AI is addressing these challenges by automating workflows, improving forecasting, and enabling data-driven decision-making.

 

How AI is Transforming PMO Operations

  1. Data-Driven Decision-MakingAI can analyse vast datasets in seconds, identifying patterns, trends, and risks that would take humans weeks to uncover. Predictive analytics enable teams to make smarter decisions and mitigate challenges before they escalate.
  2. Optimised Resource ManagementAI-powered scheduling and task allocation ensure that the right resources are assigned to the right projects at the right time, maximising efficiency while reducing delays.
  3. Proactive Risk MitigationBy leveraging machine learning, AI tools can predict potential project risks, whether budget overruns, schedule delays, or stakeholder misalignment, allowing teams to take corrective action before issues arise.
  4. Automated Reporting and Real-Time InsightsAI eliminates the need for manual reporting by generating dynamic dashboards with real-time project performance data. Leaders gain instant visibility into project health without waiting for periodic updates.
  5. Process Optimisation and Continuous ImprovementAI-powered insights reveal inefficiencies in workflows, helping PMOs refine processes, eliminate redundancies, and improve project execution over time.

The Impact on Organisational Performance

An AI-powered PMO is not just about automation, it is about delivering measurable business value:

  • Faster project completion with fewer bottlenecks.
  • Improved resource utilisation and workload distribution.
  • Greater alignment between projects and business objectives.
  • More informed decision-making with data-driven insights.

Organisations that integrate AI into their PMO functions will not only enhance operational efficiency but will also gain a competitive edge in an increasingly complex business environment.

 

How to Get Started

To integrate AI into your PMO successfully, consider these steps:

  1. Pilot AI Solutions – Start with a small-scale implementation, such as AI-driven predictive scheduling or automated reporting tools, to assess their impact before wider adoption.
  2. Upskill Your Team – Ensure project managers and PMO staff are trained in AI-driven project management tools to maximise their effectiveness.
  3. Define Clear KPIs – Establish measurable goals, such as reduced project timelines, improved resource utilisation, and enhanced risk mitigation, to track AI’s impact.

Final Thoughts

AI is not replacing the PMO, it is elevating it. Organisations that embrace AI-powered project management will optimise efficiency and also redefine their approach to strategic execution.