<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[Philippe's Substack]]></title><description><![CDATA[My personal Substack]]></description><link>https://thinkinginloops.substack.com</link><image><url>https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png</url><title>Philippe&apos;s Substack</title><link>https://thinkinginloops.substack.com</link></image><generator>Substack</generator><lastBuildDate>Fri, 03 Jul 2026 06:30:05 GMT</lastBuildDate><atom:link href="https://thinkinginloops.substack.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[Philippe]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[thinkinginloops@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[thinkinginloops@substack.com]]></itunes:email><itunes:name><![CDATA[Philippe Xanthopoulos]]></itunes:name></itunes:owner><itunes:author><![CDATA[Philippe Xanthopoulos]]></itunes:author><googleplay:owner><![CDATA[thinkinginloops@substack.com]]></googleplay:owner><googleplay:email><![CDATA[thinkinginloops@substack.com]]></googleplay:email><googleplay:author><![CDATA[Philippe Xanthopoulos]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[The AI Company Is a Utility Company. The Enterprise Moat Is Knowing When Not to Use the Hairdryer.]]></title><description><![CDATA[Why the next phase of enterprise AI competition will be won through token discipline, model plurality, cognitive routing architecture, and business-owned workflow recipes.]]></description><link>https://thinkinginloops.substack.com/p/the-ai-company-is-a-utility-company</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/the-ai-company-is-a-utility-company</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Wed, 10 Jun 2026 16:01:05 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Put 1,000 executives in a room and ask them what an AI company is.</p><p>Most will say it is a software company.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Some will say it is a research lab.</p><p>Others will say it is a platform company, a SaaS company, a data company, or a model company.</p><p>Almost nobody will say the obvious thing:</p><p><strong>An AI company is a utility company. &#8594; It converts electricity into tokens. &#8594;And tokens are converted into cognitive work.</strong></p><p>Once you see that, the enterprise AI conversation changes completely.</p><p>The product surface may look like a chatbot. The economic engine is compute. The industrial input is energy. The metered output is tokens. The business value is not the token itself, but what the token can do: compress time, uncertainty, expertise, coordination, and decision latency.</p><p>This is why many enterprise AI strategies start in the wrong place.</p><p>They start with the vendor.</p><p>Should we use OpenAI? Anthropic? Google? Meta? Mistral? DeepSeek? Should we build our own model? Should we invest in private infrastructure? Should we secure GPUs? Should we create a corporate AI platform?</p><p>These are not irrelevant questions. But they are not the strategic starting point.</p><p>The starting point is this:</p><p><strong>AI is becoming an industrial utility for producing cognitive work.</strong></p><p>That means the strategic question is not which vendor looks most impressive today.</p><p>The strategic question is:</p><p><strong>How do we convert the fewest necessary tokens into the highest-value decisions, actions, and capabilities?</strong></p><p>That requires a very different discipline from the one most organizations are currently practicing.</p><p>It requires token discipline.</p><p>It requires model plurality.</p><p>It requires architecture.</p><p>It requires business-owned workflow recipes.</p><p>And most importantly, it requires knowing when not to use the most powerful model available.</p><h2>The Trillion-Dollar Reason This Matters</h2><p>This is not a small productivity story.</p><p>A 10&#8211;20% compression of white-collar cognitive labor is not a rounding error. At the scale of the U.S. and European economies, it represents a theoretical opportunity measured in trillions of dollars.</p><p>That is the shock.</p><p>Not every dollar is capturable. Not every workflow is automatable. Not every productivity gain becomes margin. But even partial capture of that opportunity is large enough to change competitive positions, operating models, vendor economics, labor markets, and capital allocation.</p><p>This is why the AI race is not just a technology race.</p><p>It is a capitalization race.</p><p>The enterprise that converts tokenized cognition into lower cost, faster cycle time, better risk control, and expanded strategic options captures value.</p><p>The enterprise that merely buys tools and runs pilots creates digital exhaust.</p><p>For a CTO, this shows up as architecture: model routing, data access, latency, observability, security, governance, and integration.</p><p>For a VP of Finance, it shows up differently.</p><p>It shows up as the question: where does cognitive compression become measurable economic release?</p><p>Can FP&amp;A shorten forecast cycles from weeks to days? Can variance analysis move from manual explanation to AI-assisted root-cause analysis? Can procurement identify leakage faster? Can invoice exceptions be resolved with less manual effort? Can budget owners receive earlier signals on cost drift? Can capital requests be compared using better evidence, not just better narratives?</p><p>That is how tokens become finance-relevant.</p><p>Not because AI sounds strategic, but because it can change the economics of planning, control, forecasting, compliance, and capital allocation.</p><h2>Tokens Are Not the Value</h2><p>A token is not the value.</p><p>A token is the metered unit of cognitive production.</p><p>This distinction matters.</p><p>Enterprises do not adopt AI because tokens are intrinsically valuable. They adopt AI because tokenized cognition can compress the decision cycle.</p><p>The useful economic chain looks like this:</p><p><strong>Tokenized cognition &#8594; compressed decision cycle &#8594; lower operating friction + better capital allocation + expanded option space &#8594; enterprise value.</strong></p><p>That is why AI matters.</p><p>Not because it writes plausible text. Not because it can summarize meetings. Not because it produces impressive demos.</p><p>AI matters when it converts cognitive compression into measurable improvements in cost, speed, quality, risk, revenue, or strategic optionality.</p><p>If it does not do that, it is not transformation.</p><p>It is expensive cognitive theater.</p><h2>The Two Big Value Vectors</h2><p>At the enterprise level, AI improves economics through two primary vectors.</p><p>The first is <strong>trade-space expansion</strong>.</p><p>AI allows the enterprise to develop and harness capabilities that were previously too slow, too expensive, too expertise-constrained, or too coordination-heavy to execute at scale.</p><p>A company can examine more acquisition targets. A bank can test more product and rail scenarios. A pharmaceutical company can synthesize more scientific and regulatory evidence. A technology organization can analyze more architecture options. A CFO can compare more capital allocation scenarios. A CEO can move with more strategic maneuverability.</p><p>This is not simply doing the same work faster.</p><p>This is making new moves feasible.</p><p>The second vector is <strong>white-collar cognitive labor compression</strong>.</p><p>A reasonable planning assumption for many suitable domains is that AI may create a 10&#8211;20% productivity or cost opportunity in targeted cognitive workflows, provided those workflows are redesigned and governed properly.</p><p>That caveat is essential.</p><p>The enterprise does not capture the productivity opportunity simply by buying access to models. It captures it by redesigning workflows, decision rights, controls, incentives, and operating models around tokenized cognition.</p><p>Otherwise, AI increases output volume without reducing cost or improving decisions.</p><p>More drafts. More summaries. More meetings. More review burden. Same operating model.</p><p>That is not value capture.</p><p>That is digital exhaust.</p><h2>The First Rule: Do Not Waste Tokens</h2><p>The most important enterprise AI lesson may sound like household advice.</p><p>Do not waste hot water.</p><p>Do not use the hairdryer unless you need it.</p><p>Turn off the light when you are done.</p><p>Translated into AI strategy:</p><p><strong>Do not waste tokens.</strong></p><p><strong>Do not run expensive models where cheap models are sufficient.</strong></p><p><strong>Do not leave agents, workflows, retrieval, and inference loops burning compute without measurable value.</strong></p><p>This is not about being cheap. It is about protecting the economics of AI capitalization.</p><p>It also matters beyond the individual enterprise.</p><p>At industry scale, disciplined model use weakens unnecessary demand for premium tokens. If more workloads are routed to the cheapest sufficient model, aggregate token consumption becomes more efficient. That can lower the effective cost of useful cognition, reduce pressure on compute supply, and moderate the energy draw associated with wasteful inference.</p><p>This gives token discipline an environmental dimension as well as an economic one. Every unnecessary agent loop, retrieval call, oversized model invocation, and low-value inference request consumes compute, electricity, cooling, and infrastructure capacity. Efficiency is not just a CFO issue. It is also an energy and sustainability issue.</p><p>There is a caveat: Jevons paradox.</p><p>Efficiency can create rebound demand. If AI becomes cheaper and easier to use, enterprises may consume more of it, not less. Lower inference costs may encourage more agents, more retrieval loops, more automated workflows, more experimentation, and more always-on cognitive processes.</p><p>That is why discipline matters. The objective is not simply cheaper tokens. The objective is fewer wasted tokens per useful decision.</p><p>Without that discipline, model efficiency may reduce unit cost while increasing total consumption.</p><p>The enterprise saves on the showerhead, then leaves the hot water running all day.</p><h2>The Wrong Moat and the Right Moat</h2><p>There is a seductive idea that the enterprise AI moat comes from ownership.</p><p>Own the GPUs.</p><p>Own the model.</p><p>Own the data center.</p><p>Own the stack.</p><p>Sometimes that is true. Hyperscalers, frontier labs, sovereign AI providers, national security workloads, and unusually large-scale enterprises with predictable utilization may have a rational case for dedicated infrastructure.</p><p>But for most enterprises, building dedicated GPU data centers is not a moat.</p><p>It is often capital drag.</p><p>Infrastructure ownership can become expensive, rigid, underutilized, and obsolete before the depreciation schedule ends. Worse, it can create the illusion of strategic control while reducing architectural flexibility.</p><p>The deeper issue is that static infrastructure moats are often wasteful.</p><p>Dynamic capability moats matter.</p><p>The enterprise moat is not owning the furnace.</p><p>The enterprise moat is knowing which furnace to use, when, why, and at what cost per useful output.</p><p>The strategic asset is not vendor lock-in.</p><p>It is maneuverability across vendors, models, architectures, data boundaries, and business workflows.</p><p>In simpler terms:</p><p><strong>Do not build a moat around a model. Build maneuverability across models.</strong></p><h2>The LLM That Wins</h2><p>The winning LLM will not necessarily be the one with the lowest token price.</p><p>Cheap bad tokens are not cheap. They create rework, hallucination risk, review burden, control failures, and decision noise.</p><p>The better metric is:</p><p><strong>Lowest cost per useful unit of cognition.</strong></p><p>That means quality-adjusted cognitive output per dollar.</p><p>The total cost is not just model pricing. It includes latency, retry rates, failure rates, orchestration overhead, retrieval cost, human review cost, compliance cost, integration burden, and operational risk.</p><p>So the right question is not:</p><p>&#8220;Which model is best?&#8221;</p><p>The right question is:</p><p>&#8220;Which model is cheapest sufficient for this task, under this quality, risk, latency, sovereignty, and control constraint?&#8221;</p><p>That question changes everything.</p><h2>The Enterprise Moat Is Model-Routing Intelligence</h2><p>There will not be one model to rule them all inside the enterprise.</p><p>Some work should go to frontier reasoning models.</p><p>Some work should go to smaller generative models.</p><p>Some work should go to domain-specialized models.</p><p>Some work should go to embedding models, rerankers, classifiers, or older encoder-based language models such as BERT and RoBERTa.</p><p>Some work should remain in traditional machine learning.</p><p>Some work should stay with humans.</p><p>And some work should not be automated at all.</p><p>This is where many enterprise AI strategies are immature. They treat model selection as procurement.</p><p>It is not procurement.</p><p>It is architecture.</p><p>A company can have enterprise licenses with every leading AI provider and still have no AI strategy.</p><p>Access is not architecture.</p><p>Consumption is not capitalization.</p><p>The strategic asset is not OpenAI, Anthropic, Google, Meta, Mistral, DeepSeek, or any other provider.</p><p>The strategic asset is the enterprise&#8217;s ability to route cognitive work across a plurality of models and tools at the lowest acceptable cost and risk.</p><p>That requires a cognitive routing architecture.</p><p>Such an architecture needs model gateways, routing policies, benchmarking harnesses, cost controls, quality thresholds, latency thresholds, fallback logic, prompt and version governance, retrieval governance, human escalation paths, audit logs, kill switches, data-access controls, and continuous performance measurement.</p><p>The architecture must make model switching normal, not heroic.</p><p>A company trapped inside one vendor stack is not agile.</p><p>It is dependent.</p><p>A company that can route, benchmark, substitute, and govern multiple models has strategic maneuverability.</p><h2>Business Leaders Must Own the Recipe, Not the Code</h2><p>Technology cannot own the whole AI decision system.</p><p>It can own the platform. It can own the integration patterns. It can own the control environment. It can own the model gateway and execution architecture.</p><p>But the business must own the recipe for the work it is accountable for.</p><p>This is especially obvious in Finance.</p><p>If Finance owns the forecast model for the strategic plan, Finance cannot treat the underlying AI engine as a black box owned somewhere else. The forecast owner needs to know which model is being used, what that model is good at, where it fails, what assumptions it introduces, and when a more complex forecast requires breaking from the default model and routing the workload elsewhere.</p><p>This does not mean every VP of Finance must become a machine-learning engineer.</p><p>It does mean the role must evolve from financial model owner to AI-enabled decision-system owner.</p><p>Some financial forecasts are not single-model tasks at all.</p><p>A strategic forecast may draw data from multiple entities, geographies, product lines, channels, currencies, cost centers, supply-chain assumptions, pricing scenarios, and macroeconomic inputs. That workload may need to be decomposed into sub-tasks, routed to different models or analytical methods, reassembled into a coherent forecast package, and then passed to a frontier model for interpretation, narrative synthesis, executive explanation, or scenario comparison.</p><p>This is where the VP of Finance needs more than passive AI literacy.</p><p>They do not need to code the pipeline.</p><p>But they do need to know the recipe.</p><p>They need to be able to specify which parts of the forecast are structured modeling, which parts are classification or extraction, which parts require scenario generation, which parts require sensitivity analysis, which parts require human review, and which final outputs are safe to synthesize through a frontier model for interpretability.</p><p>In other words, the finance leader becomes the owner of the AI-enabled financial workflow specification, while Technology provides the architecture, integration, controls, and execution environment.</p><p>That ownership matters because accountability does not disappear when AI enters the workflow.</p><p>If Finance owns the financial model, Finance owns the recipe behind the model. The finance leader is ultimately responsible for the outputs, the assumptions, the controls, and the decisions that follow. A wrong forecast, a distorted margin view, or a poorly interpreted scenario can destroy millions in value. In that moment, the CFO cannot credibly tell the board that the loss was &#8220;the AI engineers&#8217; fault.&#8221;</p><p>Technology can own the platform. Data teams can own pipelines. AI engineers can own implementation patterns. But Finance owns the financial judgment embedded in the workflow and the consequences of using that workflow to guide decisions.</p><p>That is why AI-enabled finance requires explicit recipe ownership: decomposition logic, model-routing logic, evidence standards, confidence thresholds, human review gates, exception handling, and final sign-off authority.</p><p>A VP of Finance does not need to say:</p><p>&#8220;Fine-tune RoBERTa with this tokenizer.&#8221;</p><p>But they should be able to say:</p><p>&#8220;This is not a generative reasoning problem. This is classification or extraction. Why are we using an expensive frontier LLM?&#8221;</p><p>Or:</p><p>&#8220;This forecast scenario has moved from standard variance commentary into strategic sensitivity analysis. Do we need a stronger reasoning model, a simulation model, or a human review gate?&#8221;</p><p>Or:</p><p>&#8220;This output affects the strategic plan. What model produced it, what assumptions were embedded, what evidence supports the recommendation, and what is the fallback if confidence is low?&#8221;</p><p>That is the difference between AI awareness and AI-enabled financial stewardship.</p><h2>Finance Is Not Just Automating the Spreadsheet</h2><p>In FP&amp;A, AI is not valuable because it drafts a variance commentary.</p><p>It is valuable if it reduces the monthly close and forecast cycle, improves variance detection, gives budget owners earlier intervention signals, and frees analysts from manual reconciliation toward decision support.</p><p>But the larger opportunity is not just faster FP&amp;A.</p><p>It is better modeling.</p><p>AI can help Finance model questions that were too slow, too fragmented, or too high-dimensional for traditional spreadsheet-centric planning. In a consumer packaged goods business, for example, Finance could move beyond static product-line reporting toward richer scenario analysis across product mix, channel profitability, promotional spend, pricing elasticity, supply-chain constraints, retailer terms, region, customer segment, and margin contribution.</p><p>That changes the finance conversation from &#8220;what happened?&#8221; to &#8220;which mix of products, channels, customers, and investments improves profitability under these constraints?&#8221;</p><p>This is where AI becomes strategically relevant to Finance.</p><p>It does not merely automate the spreadsheet.</p><p>It expands the financial decision space that Finance can model, challenge, and govern.</p><h2>People Are the Durable Asset</h2><p>The next strategic asset is not technical at all.</p><p>It is people.</p><p>But this point must be translated carefully.</p><p>To a technology leader, the people question may sound like model literacy, prompt engineering, evaluation design, architecture, governance, and operational control.</p><p>To a finance leader, the people question is different:</p><p><strong>Who knows how to convert AI-enabled productivity into actual economic release, and who knows when the AI engine being used is no longer fit for the financial decision being made?</strong></p><p>That is not automatic.</p><p>A team may become 15% faster and still produce no financial benefit if the saved capacity is not redeployed, external spend is not reduced, cycle time is not shortened, or decision quality is not improved.</p><p>This is where finance becomes central.</p><p>In the near term, enterprises will not have hundreds of AI engineers embedded across every function, with five finance-literate AI specialists permanently assigned to FP&amp;A. That may emerge over time, but it is not today&#8217;s operating reality.</p><p>So the capability has to develop inside Finance as well as inside Technology.</p><p>This is the same institutional-learning problem enterprises faced with business analysis, data analysis, agile delivery, cloud architecture, and product ownership. These capabilities did not arrive in steady state overnight. They took years, often more than a decade, to become embedded roles, methods, and operating routines. AI will compress that timeline, but it will not eliminate the learning curve.</p><p>Enterprises will need people who understand model behavior, workflow economics, evaluation design, domain constraints, data quality, failure modes, risk thresholds, auditability, and business value translation.</p><p>They will need people who can tell when a frontier model is necessary and when it is wasteful.</p><p>They will need people who can spot hallucination risk, identify automation traps, design escalation paths, evaluate output quality, and connect AI activity to business Figures of Merit.</p><p>Over time, the enterprise builds institutional knowledge:</p><p>Which model works for which task?</p><p>Where does a small model outperform a large one economically?</p><p>Where does retrieval help, and where does it add noise?</p><p>Where is human review essential?</p><p>Where does automation create downstream work?</p><p>Where does AI actually move the decision cycle?</p><p>This accumulated learning becomes more valuable than any single model contract.</p><h2>A Simple AI Capitalization Model</h2><p>The operating model is not complicated to state, but it is hard to execute:</p><p><strong>Token supply &#8594; token discipline &#8594; model routing &#8594; workflow redesign &#8594; decision compression &#8594; Figure of Merit movement &#8594; trade-space expansion.</strong></p><p>Each step matters.</p><p>Token supply gives the enterprise access to cognitive production.</p><p>Token discipline protects the economics.</p><p>Model routing ensures the enterprise does not use frontier cognition for commodity work.</p><p>Workflow redesign converts AI output into actual operating change.</p><p>Decision compression reduces time, uncertainty, expertise burden, coordination cost, and decision latency.</p><p>Figure of Merit movement proves that the work improved cost, speed, quality, risk, revenue, resilience, or strategic optionality.</p><p>Trade-space expansion is the final prize.</p><p>If any step is missing, the AI strategy weakens.</p><p>Tokens without discipline create waste.</p><p>Models without routing create cost inflation.</p><p>Routing without workflow redesign creates isolated productivity.</p><p>Workflow redesign without decision compression creates process theater.</p><p>Decision compression without Figure of Merit movement creates narrative value but not enterprise value.</p><h2>The Real Board-Level Question</h2><p>At the board and executive level, the question is not:</p><p>&#8220;Do we have an AI strategy?&#8221;</p><p>The better question is:</p><p>&#8220;How does AI change our feasible trade space?&#8221;</p><p>Can we now serve customers differently?</p><p>Can we enter markets faster?</p><p>Can we reduce cost without weakening control?</p><p>Can we improve capital allocation?</p><p>Can we monitor risk continuously?</p><p>Can we integrate acquisitions faster?</p><p>Can we compress product cycles?</p><p>Can we make strategic moves competitors cannot yet make?</p><p>This is where AI becomes more than productivity.</p><p>It becomes maneuverability.</p><p>But only if the enterprise can convert tokens into useful cognition, useful cognition into better decisions, and better decisions into measurable movement in cost, speed, quality, risk, revenue, or strategic optionality.</p><h2>The Discipline Ahead</h2><p>The next phase of enterprise AI will not be won by model worship.</p><p>It will not be won by indiscriminate access to frontier models.</p><p>It will not be won by buying expensive infrastructure without a clear utilization and routing thesis.</p><p>It will be won by firms that understand AI as an economic control system.</p><p>They will secure token supply at the lowest sustainable cost.</p><p>They will avoid wasteful consumption.</p><p>They will route work to the cheapest sufficient model.</p><p>They will govern agents as load-generating systems.</p><p>They will measure useful output, not token volume.</p><p>They will build institutional knowledge around model-task fit.</p><p>They will connect AI activity to trade-space movement.</p><p>The enterprise AI moat is not vendor lock-in.</p><p>It is not owning the largest GPU cluster.</p><p>It is not using the most powerful model for every problem.</p><p>The enterprise AI moat is model-routing intelligence, architectural optionality, disciplined token economics, business-owned workflow recipes, and the accumulated organizational learning required to turn commodity tokens into proprietary advantage.</p><p>In simpler terms:</p><p><strong>Do not build a moat around a model. Build maneuverability across models.</strong></p><p>The winners will not be the enterprises that consume the most AI.</p><p>They will be the enterprises that convert the fewest necessary tokens into the highest-value decisions, with the discipline to know when not to use the hairdryer.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[When the Frontier Moves Faster Than You Can Build]]></title><description><![CDATA[M&A in the age of AI]]></description><link>https://thinkinginloops.substack.com/p/when-the-frontier-moves-faster-than</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/when-the-frontier-moves-faster-than</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Wed, 03 Jun 2026 16:01:30 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>Why AI-era M&amp;A should be judged by whether it expands the enterprise trade space, moves the Pareto frontier, and creates an absorbable innovation pipeline, not merely by whether it buys a quick fix, a revenue stream, or another product.</em></p><h3>Working Thesis</h3><p>This article is not about all M&amp;A.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>It is about capability-led acquisitions where innovation is the engine for changing the enterprise trajectory.</p><p>The central question is:</p><p><strong>Can M&amp;A acquire and absorb an innovation engine fast enough to extend the enterprise trade space, move the Pareto frontier, and create feasible strategic options the firm could not reach through internal development alone within the required window?</strong></p><p>The target is not valuable because it is innovative in isolation. It is valuable if its innovation capacity changes what the combined enterprise can now build, launch, scale, and monetize.</p><div><hr></div><h3>1. The Frontier Problem</h3><p>A mature enterprise may still have a profitable core. But its current product and service portfolio is approaching the flattening part of the S-curve. Growth becomes harder. Margins tighten. The basis of differentiation erodes. In many sectors, Western enterprises face competitors, China being the obvious case, operating with faster, tighter, and more economical innovation-production loops.</p><p>The strategic question is not whether things are slowing. Most leaders already feel it. The question is: how does the enterprise reach the next S-curve before the current one becomes margin compression, and with economics strong enough to sustain the new trade space against faster innovation hubs?</p><p>Leadership should not jump immediately into an M&amp;A mindset. First, it needs to define what is actually degrading.</p><p>An enterprise is a system of systems, a set of entities and relationships whose functionality is greater than the sum of the individual parts (Maier &amp; Rechtin). What appears downstream as share loss or margin pressure may originate upstream in the way those entities and relationships no longer produce the required function. The first question is not &#8220;what revenue is at risk?&#8221; It is &#8220;what system function is degrading?&#8221;</p><p>That question needs disambiguation. Sometimes the required function is not wrong, the enterprise may still know what it must do. The problem may sit in the operand, the operator, or the conversion mechanism:</p><p><strong>Is the operand wrong or insufficient?</strong> The inputs, product concept, data asset, IP, platform, talent, are not strong enough.</p><p><strong>Is the operator weak?</strong> The enterprise has the right target function and promising inputs, but lacks the process, talent, governance, or decision rights to convert them into value.</p><p><strong>Is the conversion path broken?</strong> The enterprise can generate ideas but cannot productize, industrialize, or scale them economically.</p><p><strong>Is the timing mismatch fatal?</strong> The firm may be capable of building internally, but not within the strategic window imposed by competitors, customers, or technology cycles.</p><p>This matters because not every gap points to M&amp;A.</p><p>If the missing issue is operationalization or execution discipline, transformation may be the better answer. Internal AI-enabled innovation may now be more viable than before, AI lowers the cost and cycle time of research, design, software delivery, and customer insight. But AI also accelerates competitors: it lowers their innovation costs, shortens their product cycles, and compresses the period during which any advantage remains differentiated.</p><p>If the operand itself is missing, a proprietary data asset, platform capability, IP base, specialized talent, or repeatable innovation engine, and cannot be built or partnered for within the strategic window, then M&amp;A becomes relevant.</p><p>Partnership and co-development occupy the middle ground. They can provide speed, optionality, and technical reach without full ownership risk. But external access is not internal capability. The enterprise may gain exposure without absorbing the learning system that produced it. The hard question is whether external access provides enough control, learning transfer, and economic upside to change the enterprise trajectory, or whether the enterprise needs to own the capability system.</p><p>Only after that diagnosis does the capital allocation choice become meaningful.</p><div><hr></div><h3>2. Buying a Fix vs. Buying a Capability System</h3><p>This is the article&#8217;s key distinction.</p><p><strong>A fix</strong> solves a near-term portfolio gap. It may bring a product, a revenue stream, a customer segment, a channel, or a geographic foothold. That can be valuable. A fix can extend revenue, defend market share, or neutralize a competitor.</p><p>The problem is not buying a fix. The problem is confusing a fix with a capability system.</p><p><strong>A capability system</strong> is the machinery that repeatedly senses market needs, generates ideas, uses data, tests offerings, makes product decisions, launches, adapts, and scales new offerings over time. The strategic value is not the product acquired, it is whether the acquisition gives the enterprise a repeatable engine for creating the next product, the next margin pool, and the next strategic option.</p><p>The distinction is visible in hindsight. When Yahoo acquired Tumblr for $1.1 billion, it bought a popular product with a large user base, a fix for Yahoo&#8217;s declining relevance. It did not acquire, and could not absorb, the innovation system that made Tumblr culturally resonant. The capability decayed under integration. Yahoo wrote down the entire investment. Contrast this with Meta&#8217;s acquisition of Instagram: the target was preserved as a largely autonomous unit, its innovation rhythm was protected, and the capability system, not just the app, continued to generate value for over a decade.</p><p>The pattern repeats. When Microsoft acquired Nokia&#8217;s devices division, it bought a product line and manufacturing capacity, a fix for its mobile gap. What it could not absorb was the capability system required to compete in a smartphone ecosystem dominated by platform dynamics. The target&#8217;s value was destroyed not by bad technology but by a systems mismatch between the acquirer&#8217;s operating form and the function required to compete. In Maier and Rechtin&#8217;s terms, the form no longer fit the purpose.</p><p>Executives often talk as though they are buying capability when they are really buying a point solution. In AI-era competition, that distinction matters because a point solution may be copied, underpriced, or commoditized. A capability system can keep generating options.</p><p>But buying a capability system introduces a second problem: <strong>buyer readiness.</strong></p><p>The acquirer may need to transform before it can absorb what it is buying. That transformation may require changes to decision rights, governance, data access, product funding, architecture, incentives, and operating cadence.</p><p>A capability-led acquisition is not only a target-readiness question. It is a buyer-readiness question.</p><div><hr></div><h3>3. M&amp;A Is Not Vector Addition</h3><p>The old board-deck arithmetic is too simple:</p><p><strong>Acquirer capability + target capability = synergy</strong></p><p>That is not how systems work.</p><p>A company is not a bag of assets. It is a system of relationships: people, processes, products, data, applications, customers, incentives, decision rights, technology, culture, and capital allocation routines. When two systems combine, emergent properties appear, some valuable, some destructive. New relationships form. Old relationships break. Decision paths lengthen. Interfaces multiply. Data definitions collide.</p><p>The target may add capability, but integration creates friction. The acquirer may gain technology but lose speed. The target may gain scale but lose its innovation rhythm. The combined enterprise may have more assets and less maneuverability.</p><p>A better framing:</p><p><strong>Realized deal value = potential frontier expansion &#8722; integration drag &#8722; transformation debt &#8722; strategic-window decay</strong></p><p>This is not a precise formula. It is a forcing function for dynamic thinking.</p><p><strong>Potential frontier expansion</strong> is the upside: new offerings, faster innovation, better product mix, or new strategic options.</p><p><strong>Integration drag</strong> is the temporary friction created by combining systems, teams, data, roadmaps, and governance.</p><p><strong>Transformation debt</strong> is what accumulates when temporary workarounds, duplicated systems, and unresolved dependencies become structural. (More on this below.)</p><p><strong>Strategic-window decay</strong> is the loss of value that occurs when competitors move, imitate, or reprice before the buyer can exploit the acquired capability.</p><p>A deal can be strategically sound at signing and economically weaker 18 months later if the capability takes too long to absorb, if the target&#8217;s advantage decays, or if the integration destroys the innovation system that justified the acquisition.</p><p>M&amp;A is not vector addition. It is trajectory management under friction.</p><div><hr></div><h3>4. The Integration Dip and Transformation Debt</h3><p>Every meaningful acquisition creates a dip. Decision speed slows. Governance expands. Systems collide. Roadmaps are resequenced. Talent becomes uncertain.</p><p>This dip is not automatically a failure. It may be the unavoidable cost of combining two systems. But leadership must distinguish between a <strong>transient integration dip</strong> and the beginning of <strong>structural degradation</strong>.</p><p>A transient dip is expected. It has a reason, a duration, a recovery path, and a management owner.</p><p>Structural degradation is different. It occurs when the organization normalizes the drag: temporary workarounds become permanent, duplicate systems stay alive indefinitely, decision rights remain unclear, data conflicts are never resolved, and the target&#8217;s innovation rhythm slows without a compensating enterprise gain.</p><p>This is where transformation debt enters the argument, not as a separate thesis, but as the failure mode.</p><p>Transformation debt is the hidden liability created when integration choices defer hard decisions about systems, data, processes, roles, controls, and governance. At first it looks harmless: a manual reconciliation here, a temporary interface there, a duplicated process kept alive for one more quarter. But these fragments compound into cycle-time expansion, exception-rate growth, control breaks, and permanent workarounds.</p><p><strong>POLDAT</strong> &#8212; Process, Organization, Location, Data, Applications, and Technology, provides a structured way to assess where the acquisition creates change pressure across six domains. For each domain, the question is: what must change, at what scale, with what risk, and with what implications for integration approach, sequencing, and cost?</p><p><strong>Process:</strong> Do workflows need to converge, coexist, or be redesigned? At what organizational level? <strong>Organization:</strong> Do decision rights, roles, incentives, and governance need to change to support the new capability model? <strong>Location:</strong> Do jurisdiction, regulatory, labor, or operating constraints affect the integration path? <strong>Data:</strong> Can definitions, ownership, quality, lineage, and access be harmonized and governed? <strong>Applications:</strong> Do systems need to integrate, expose APIs, retire, coexist, or remain isolated? <strong>Technology:</strong> Can the architecture, infrastructure, security, and observability support the target capability economically?</p><p>The assessment across these six domains produces a risk-informed view of the transformation required, which then determines whether the acquisition should be fully integrated, selectively integrated, federated, ring-fenced, or left autonomous, and how the transformation should be priced, staged, and governed.</p><p>Where these domains are not properly assessed, transformation debt accumulates, the hidden liability created when integration choices defer hard decisions. If customer personalization depends on clean data reuse, then an unresolved Data domain is not a technical issue, it is a value-realization risk. If product velocity depends on faster decision rights, then an unresolved Organization domain is not an HR issue, it is an innovation risk.</p><p>The integration posture must match the deal thesis. Full integration may maximize synergies but creates the largest dip. Federation may allow shared governance without premature consolidation. Ring-fencing may protect the innovation engine while the buyer prepares its own operating model. IBM&#8217;s acquisition of Red Hat illustrates the ring-fencing approach: the target was preserved with significant autonomy precisely because the innovation value would have been destroyed by full integration into IBM&#8217;s operating model.</p><p>There is no universal answer. The right posture depends on what value the deal is supposed to create, where the buyer is ready, where the target is fragile, and which systems must connect for the trade-space expansion to become real.</p><p>A deal is only strategic if it expands the trade space. It is only valuable if the operating model can hold the expansion.</p><div><hr></div><h3>5. AI&#8217;s Strategic Role: Assumption Visibility, Not Analytical Acceleration</h3><p>AI does not make M&amp;A easy. The useful claim is narrower: AI changes what can be modeled, monitored, and governed, and its highest-value contribution is making the assumptions behind the deal thesis visible.</p><p>Most M&amp;A analytical failures are not a single problem. They are at least four.</p><p>First, <strong>tooling and dimensionality.</strong> The complexity and dimensionality of capability-led M&amp;A exceeded what the available tools could model. Excel and PowerPoint became the universal instruments, and there are only so many pivot tables you can build before the model collapses into a flattened caricature of a multidimensional problem. The analysis was not merely incomplete. It was structurally incapable of representing the system it was supposed to evaluate.</p><p>Second, <strong>skills and expertise.</strong> The right subject matter experts were often not at the table. The CIO was typically involved; the CTO, where the role existed in any substantive form, was often too shallow to interrogate the target&#8217;s innovation system, technology roadmap maturity, or architectural absorption requirements. Financial and legal diligence proceeded without the technical judgment needed to assess whether the capability system would survive integration.</p><p>Third, <strong>assumptions never surfaced.</strong> Even where the intent was sound, critical assumptions about integration speed, target innovation durability, buyer readiness, and strategic-window duration were embedded in the deal model without being made visible or testable.</p><p>Fourth, <strong>incentives.</strong> In some cases, the modeling was not inadequate by accident. Political dynamics, deal momentum, and financial incentives actively prevented proper analysis. When the priority is closing the deal, rigorous modeling becomes an obstacle, not an asset. Ethics and due diligence got in the way of making a fast buck, so they were quietly sidelined.</p><p>AI&#8217;s role is not to fix only the third problem. It can address all four: higher-dimensional modeling that Excel cannot support, structured integration of technical subject-matter expertise into the deal assessment, forced assumption visibility through scenario comparison, and, if governance is designed correctly, a check on deal momentum by making the assumptions behind the thesis harder to bury.</p><p><strong>AI changes the internal path.</strong> The enterprise may be able to build more than it previously could because AI lowers the cost of research, design, software delivery, and experimentation. This means internal innovation may be more viable than pre-AI assumptions suggest. Before pursuing M&amp;A, leadership should test whether AI-enabled internal development can close the gap without paying an acquisition premium.</p><p><strong>AI changes the external path.</strong> Competitors can use AI to move faster, imitate faster, and reprice sharper. This means the strategic window may close faster than the old M&amp;A model assumes. A capability that looks frontier-shifting today may be table stakes by the time a 24-month integration is complete.</p><p><strong>AI changes the acquisition path.</strong> Before the deal, AI-enabled scenario modeling can compare integration postures, full integration, selective integration, federation, autonomy, and surface the transformation requirements, timing risks, and value-at-risk for each. After the deal, AI can monitor whether the thesis is becoming real: are roadmaps converging or colliding, are duplicate systems temporary or permanent, is the target&#8217;s innovation rhythm being preserved or destroyed, are synergies materializing or being consumed by transformation debt?</p><p>This is where agentic AI may become useful, not as strategy, but as part of the control system. Agents can monitor signals across partially integrated systems, reconcile integration KPIs, detect degradation patterns, and escalate issues before they become financial facts. But agentic AI cannot substitute for clear system boundaries, governed data, defined decision rights, and human accountability.</p><p>Used well, AI becomes part of the M&amp;A value-assurance system. Used poorly, it produces faster narratives around the same old integration blind spots.</p><div><hr></div><h3>6. CEO, CFO, CTO Interlock</h3><p>The CEO owns the competitive trajectory question: <strong>does this acquisition move the enterprise toward a better position in the trade space, and will that position still matter by the time the capability is absorbed?</strong></p><p>That second clause is essential. In an AI-aware competitive landscape, trade-space expansion is not static. Competitors are learning, automating, and launching faster. The CEO is asking whether the expansion is durable enough and fast enough to matter under competitive time compression.</p><p>The CFO translates the CEO&#8217;s trajectory ambition into an economic model, then tests that model against the CTO&#8217;s absorption reality over time. The CFO must own the investment logic across the full value-realization path: acquisition cost, integration cost, transformation cost, duplicate-run cost, delayed synergy capture, timing risk, and the NPV of the investments required to make the acquisition productive.</p><p>The CFO&#8217;s question: <strong>what value must materialize, by when, what must be true for that value to be captured, and does the NPV still hold after integration reality is priced in?</strong></p><p>This forces the CFO to sit at the technology roadmapping table with the CTO. The roadmap is not just a technical sequence. It is the time-phased economic path through which the deal thesis is either realized or disproven. Which technology investments are enabling value capture? Which are merely integration tax? Which systems can be retired? Which must coexist? Which cost reductions would destroy the innovation engine the acquisition was meant to secure?</p><p>The CTO owns the absorption question: <strong>can the architecture, data, applications, controls, and telemetry support the chosen integration posture without destroying the acquired capability&#8217;s velocity or degrading the operating model?</strong></p><p>Absorption should not be confused with full integration. In some deals, maintaining two distinct systems may be the right answer, preserving the target&#8217;s speed and coherence while avoiding premature consolidation. But coexistence has consequences: increased operating cost, duplicated controls, fragmented data, and limited synergy capture.</p><p>In Maier and Rechtin&#8217;s framing, the CTO is the systems architect whose job is to integrate across viewpoints, not to force structural uniformity, but to ensure that the combined system serves its purposes without emergent properties that destroy the value the deal was meant to create. The architect&#8217;s role is to identify which interfaces must connect, which boundaries must be preserved, and where the integration will produce emergent behavior that the deal model did not price.</p><p>If these three questions, trajectory, economics, absorption, are not connected, the deal thesis is incomplete.</p><div><hr></div><h3>7. Final Test: Did the Deal Move the Frontier?</h3><p>The final test is not whether the target was innovative. It is whether the combined enterprise can now make valuable moves it could not make before, and whether those moves remain economically defensible after integration drag, transformation cost, competitive response, and timing risk are priced in.</p><p>Did the deal improve the enterprise&#8217;s ability to generate a repeatable innovation pipeline? Improve product velocity? Strengthen product mix economics? Reuse data across products and markets? Increase platform leverage? Create strategic optionality the enterprise did not have before? Preserve the acquired capability&#8217;s innovation rhythm while scaling it?</p><p>If no Figure of Merit moves, there is no strategic M&amp;A case. Movement does not have to mean growth, it can include defensive movement: protecting market share, preserving option value, reducing risk exposure, or buying time while the enterprise transitions to the next S-curve. But something measurable must move.</p><p>A capability-led acquisition should be judged over time against the enabling KPIs that justified the deal. If the Figure of Merit moves briefly but then degrades under integration drag, the acquisition may have bought a curve and failed to climb it.</p><h3>Where This Framework May Be Wrong</h3><p>Three conditions could undermine this thesis.</p><p>First, some acquisitions succeed precisely because they are fixes, defensive moves that buy time, protect a customer base, or block a competitor, with no pretense of capability-system acquisition. If the deal thesis is honestly narrow and the valuation reflects it, the fix-vs-capability-system distinction is less relevant. The danger is not buying a fix. It is mislabeling a fix as a capability system to justify a higher price.</p><p>Second, in markets where the pace of change is extreme and the S-curve lifecycle is very short, consumer apps, social media, some areas of fintech, the &#8220;repeatable innovation engine&#8221; may not be the right acquisition target. The acquirer may be better served by serial small acquisitions of teams and products, with the explicit expectation that each has a limited shelf life. In that case, the integration architecture should be designed for rapid plug-and-play rather than deep absorption.</p><p>Third, the framework assumes the strategic window is finite and that timing matters. In industries with very long regulatory cycles, high switching costs, or entrenched market structures, utilities, defense, some areas of healthcare, the strategic window may be measured in decades, not quarters. In those cases, internal build may be feasible even at lower velocity, and the M&amp;A urgency argument weakens.</p><p>The framework is strongest where the enterprise faces genuine competitive time compression, where the missing capability is systemic rather than product-specific, and where the buyer is honest about its own readiness to absorb what it is acquiring.</p><div><hr></div><h3>Closing</h3><p>The innovation value of M&amp;A is not simply the capability acquired. It is the new option space the combined enterprise can exploit, if the operating model can absorb the capability, preserve its velocity, and sustain the economics of the new frontier.</p><p>Or, more bluntly:</p><p><strong>You can buy the curve and still fail to climb it.</strong></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Architecture of AI Maturity, Part D]]></title><description><![CDATA[What the AI-Mature Enterprise Actually Builds]]></description><link>https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part-d7a</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part-d7a</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Mon, 25 May 2026 16:02:49 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>This is where architecture has to stop sounding abstract.</p><p>An enterprise architecture for AI maturity should support concrete use cases such as:</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h2><strong>Prioritizing Frontier Bets</strong></h2><p>Which recombinations truly extend the trade space? Which remain exploratory? Which deserve staged capital now versus observation only?</p><h2><strong>Branching Roadmaps by Market</strong></h2><p>Which geographies or customer segments are ready for discontinuous movement? Which require marginal improvement instead? Which roadmap branches should accelerate, and which should wait?</p><h2><strong>Moving from Experiment to Scale</strong></h2><p>Which capabilities have crossed from technical novelty into productizable leverage? Where should resources shift from frontier exploration to industrialization and market capture?</p><h2><strong>Learning from the Field in Near Real Time</strong></h2><p>Which product or service signals indicate underperformance, marginal improvement opportunities, or deeper redesign needs? Where are MTBF and MTTR patterns becoming economically material? What should post-sales support teams escalate back into design and capital planning?</p><h2><strong>Governing Failure Without Freezing Innovation</strong></h2><p>Which thresholds trigger pause, recapitalization, or kill decisions? How are contingencies activated before weak bets destabilize the wider enterprise?</p><h2><strong>Supporting the CEO&#8211;CTO&#8211;CFO Decision Rhythm</strong></h2><p>What does each leader need to see to act responsibly? What must be paced, funded, accelerated, or slowed? Where does the architecture help convert frontier ambition into survivable commitment?</p><p>These are not software use cases alone.</p><p>They are enterprise use cases.</p><h2><strong>The Architecture Also Reveals Failure Modes</strong></h2><p>A good architecture does not only support success. It reveals where failure becomes likely.</p><p>For example:</p><ul><li><p>signals become fragmented and lose lineage</p></li><li><p>roadmap branches multiply faster than the firm can sequence them</p></li><li><p>capital is staged against enthusiasm rather than progression logic</p></li><li><p>market absorptive capacity is treated as uniform when it is not</p></li><li><p>execution outpaces quality and service readiness</p></li><li><p>Finance AI creates pseudo-precision rather than adaptive discipline</p></li><li><p>governance reacts too late because threshold logic is weak</p></li></ul><p>This matters because enterprises do not usually fail from lack of intelligence alone.</p><p>They fail from poorly metabolized intelligence.</p><p>Architecture makes that visible.</p><h2><strong>What Good Looks Like</strong></h2><p>A mature enterprise architecture for AI should not feel like an AI showcase.</p><p>It should feel like a system that can move, learn, and govern itself under pressure.</p><p>That means:</p><ul><li><p>frontier movement is sensed early</p></li><li><p>options are framed through architecture rather than excitement alone</p></li><li><p>roadmaps branch intelligently</p></li><li><p>capital is staged with discipline</p></li><li><p>maturity propagates across the value chain</p></li><li><p>winners scale faster</p></li><li><p>weak bets are contained earlier</p></li><li><p>market absorption reshapes the roadmap</p></li><li><p>post-sales learning feeds design and investment</p></li><li><p>governance remains active without becoming paralyzing</p></li></ul><p>That is what symbiotic AI looks like at the architectural level.</p><p>Not more models.</p><p>Not more dashboards.</p><p>But a better enterprise metabolism.</p><h2><strong>What Comes Next</strong></h2><p>If Part I diagnosed the macro shift, Part II redesigned the enterprise innovation system, and Part III showed why innovation becomes a capital allocation problem, then Part IV makes the next point clear.</p><p>None of that becomes real without architecture.</p><p>Not architecture as a box diagram.</p><p>Architecture as the codification of operating loops into vision, principles, governed building blocks, and adaptive transition logic &#8212; all shaped by frontier-aware roadmapping.</p><p>That is now the real implementation challenge.</p><p>The real goal is not simply to add AI into the enterprise.</p><p>It is to build an enterprise architecture in which AI becomes symbiotic rather than chronic, productive rather than corrosive, and durable rather than destabilizing.</p><p><em>My thinking on frontier movement and trade-space expansion has been shaped in part by my time at MIT, including the technology roadmapping work of Professor Olivier de Weck.</em></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Architecture of AI Maturity, Part C]]></title><description><![CDATA[Learning, Governing, and Reallocating in Motion]]></description><link>https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part-ab2</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part-ab2</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Thu, 21 May 2026 16:03:08 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>C begins at first contact with reality. A frontier move does not become real merely because it has been launched. It becomes real when the enterprise can read what happens next, interpret those signals correctly, and reallocate effort, capital, and architectural attention fast enough to stay aligned with the trade space.</p><p>That is the purpose of this loop.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This is where the enterprise learns whether a move is economically real or merely technically elegant. It is where the market stops being a forecast and starts becoming evidence. It is also where the field exposes what design, simulation, testing, and release could not fully settle in advance: adoption friction, segment-specific uptake, support burden, reliability patterns, switching resistance, operational surprises, and the gap between expected and realized value.</p><p>In an AI-mature enterprise, this loop cannot sit on top of a static, document-centric substrate. It increasingly needs a model-centric one. If architecture is expected to evolve continuously, then the enterprise needs more than reports, slide decks, and fragmented records. It needs digital representations of the system that support simulation, traceability, comparison, and disciplined change. In practice, that means moving toward a more model-based architecture substrate, ultimately with digital-twin-like representations where the enterprise can compare what it expected, what it built, what is happening now, and what changes should follow.</p><p>AI is only strategic if the enterprise owns enough of the underlying capability stack to govern it, challenge it, adapt it, and reuse it across cycles. That does not mean every firm must train foundation models from scratch. But it does mean the enterprise must possess real capability to select and evaluate pre-trained models, fine-tune or otherwise adapt them where appropriate, integrate generative AI into workflows, orchestrate models with retrieval and enterprise knowledge, and govern drift, recalibration, traceability, rollback, and auditability over time. This is not the kind of capability an enterprise can afford to outsource in any fundamental way. Consultants may assist, accelerate, mentor, or transfer knowledge, but the enterprise itself has to own the institutional competence. Otherwise AI remains something done to the firm, not something the firm can truly shape, challenge, or industrialize for itself. The issue is not whether executives can derive the math. It is whether the enterprise can absorb the science. That is why architecture cannot sit above AI as a passive review layer. It has to help shape the capability base the enterprise will need not only for today&#8217;s models, but for the next wave of methods, tools, and agentic systems.</p><p>That also means hiring the right AI engineers. Not simply people who can call an API, and not necessarily only PhDs, but seasoned engineers who possess the underlying technical depth and remain current as the field evolves. The enterprise needs people who can understand new methods as they emerge, judge which advances matter, and translate relevant research into governed architectural capability. The enterprise does not just need AI engineers who are employable today. It needs AI engineers who are staying relevant to where the field is going next. That kind of relevance does not sustain itself automatically. It requires supporting technical staff beyond the immediate delivery backlog, including time and space to stay engaged with the broader research frontier, whether through publications, open-source work, conferences, or other forms of serious technical contribution. There is real strategic value in having engineers whose work earns recognition outside the firm, because it is often a sign that the enterprise is not merely consuming AI second-hand, but participating in the evolution of the field with credibility of its own. That support still has to sit inside clear guardrails for intellectual property, confidentiality, and strategic advantage.</p><p>The market is not external to the architecture. It is one of the forces that shapes it. This loop therefore has to capture not only adoption, churn, renewal, product performance, MTBF and MTTR, channel feedback, and forecast variance, but also the conditions that govern diffusion itself. Market absorptive capacity is not uniform. It varies by geography, segment, infrastructure, regulation, trust, switching friction, channel structure, and technological interdependence. That means the same frontier move may be highly absorbable in one market, marginally viable in another, and economically premature in a third. The enterprise is often choosing not just the bet, but the bet-market pairing.</p><p>This is where AI becomes indispensable in a different way from Part B. Earlier, it helped shape execution. Here, it becomes the interpretive layer over reality itself. It can ingest telemetry, support data, product usage, incident patterns, partner feedback, commercial performance, and financial variance, then help distinguish normal noise from structural signal, local issues from systemic drift, temporary friction from deeper architectural weakness, and maturing opportunity from early decay. It can also monitor the diffusion conditions around the move: relative advantage, scale effects, infrastructure dependence, network effects, and interdependence with adjacent technologies. That allows the enterprise to see not only whether the move is technically working, but whether it is gaining legitimacy, stalling, commoditizing, or remaining trapped behind ecosystem barriers.</p><p>But interpretation alone is not enough. The learning has to land somewhere durable. One of the reasons many enterprises fail to improve is that field learning remains trapped in tickets, decks, emails, and local memory. It does not materially change the enterprise substrate. A mature architecture cannot allow that. Lessons learned, revised assumptions, new constraints, updated patterns, validated practices, and support insights have to be absorbed into governed knowledge assets and architecture building blocks rather than left as disposable operational residue.</p><p>This is where knowledge management becomes architectural rather than administrative. Knowledge is not just documentation. It is a strategic asset. But that only holds if it is governed, current enough to matter, searchable with low latency, and explicit about lifecycle state. Otherwise it decays into an expensive archive of ambiguous residue. AI can help collapse the distance between dispersed knowledge and usable judgment, but only if the knowledge substrate itself is disciplined. That means repositories, subject-matter expertise, design memory, standards, lessons learned, and support evidence have to be structured, indexed, versioned, and governed well enough for AI to work over them as an interpretive layer instead of merely accelerating stale ambiguity.</p><p>This also means the enterprise has to think more carefully about where knowledge should live. Some of the most important knowledge assets should not remain trapped in detached documents alone. They should increasingly be embedded in governed architecture building blocks (ABBs) and solution building blocks (SBBs), where the architectural object and the knowledge required to use, adapt, and maintain it evolve together. When an ABB is updated, the associated architectural knowledge should be updated with it. When an ABB is retired or superseded, the associated knowledge should be retired or superseded as well. That keeps architecture, execution, and learning from drifting apart. It also creates a far stronger substrate for AI-assisted retrieval, reasoning, and comparison than a pile of unmaintained legacy documents ever could.</p><p>This is where the EA re-enters the picture forcefully. The EA is not only involved before commitment. The EA is also a central feedback loop after launch. Market and service evidence should feed back into architecture vision, architecture principles, standards, ABBs, SBBs, dependency assumptions, modular boundaries, security posture, maintainability expectations, observability patterns, and recovery design. Some of the resulting changes will be direct responses to visible problems. Others will be quieter architectural innovations that reduce complexity, lower future integration burden, shorten outage windows, and increase the enterprise&#8217;s overall capacity to move again.</p><p>That architectural update cannot be casual. It has to be done through disciplined AI, not loose model improvisation. That means AI operating over governed artifacts, lifecycle-aware knowledge assets, contradiction checks, traceable evidence, and explicit change logic. In other words, AI should not merely summarize what happened. It should help the EA determine what must now change in the architecture, why it must change, and what downstream consequences that change will have.</p><p>That matters because some architectural innovations do not move the trade space directly. But they still deserve funding because they unlock or amplify the value of more visible frontier bets. This is where technology value connectivity becomes useful in practice. The enterprise should not think only in terms of isolated innovations, but in terms of connected investments whose value emerges in combination. A modularity improvement, a security hardening move, a maintainability uplift, or a debt-reduction sequence may not be the visible frontier bet. But it may materially increase the value, speed, or survivability of the bet that is. AI can help identify these enabling moves and compare their indirect value to more visible alternatives.</p><p>Finance belongs in this loop as well, but not as a passive reporting function. Finance can no longer run in parallel to the roadmap. It has to metabolize reality as it arrives. This is where Finance AI becomes strategically relevant: updating scenario ranges, comparing actuals to prior assumptions, identifying where margin erosion is beginning, showing where support burden is becoming economically material, and distinguishing between conditions that justify acceleration and conditions that require containment. At this stage, the CFO is not merely asking whether the move was financeable at inception. The CFO is asking whether it remains worth funding now, under real operating conditions.</p><p>This also creates another responsibility for the CFO. It is not enough to use Finance AI to assess the current move. The CFO also has to ensure that the financial intelligence layer itself remains relevant for the next innovation cycle. That means keeping it calibrated against real operating outcomes, updated cost and margin realities, changing market-window conditions, substitution effects across the portfolio, and the evolving architectural context in which the next bets will be made. Otherwise Finance AI risks becoming a lagging instrument optimized for yesterday&#8217;s profit logic rather than tomorrow&#8217;s frontier choices. In that sense, Finance AI is not just part of the allocation loop. It is itself an asset that must be maintained, refreshed, and governed so the enterprise can trust it again in the next cycle.</p><p>That question should be answered probabilistically, not deterministically. A mature enterprise should not force every decision into a false binary of continue or stop. It should evaluate expected value against uncertainty bands and decide whether to accelerate, refine, branch, preserve as an option, pause, harvest, or retire a move. The kill switch therefore has to remain live after launch, not just before it. Some paths will strengthen and deserve faster commitment. Some will prove viable only in narrower segments or different geographies. Some should be preserved in a ready-use locker because conditions are not right yet but may become favorable later. And some will need to be killed because the economics, operational burden, or ecosystem conditions no longer justify continued drag on the system.</p><p>This is where diversity and optionality matter. The enterprise should not only know when to stop a path. It should know when to preserve it as a contingent option while allocating capital elsewhere. AI can support this by continuously comparing expected value, uncertainty, and current evidence across live paths and dormant options, helping leadership decide which ones deserve scale, which ones deserve observation, and which ones should be retired cleanly.</p><p>This is also where product evolution becomes visible as a disciplined process rather than a vague aspiration. Product evolution should not be understood only as an attempt to stretch the current S-curve technically. It is also about adapting profit extraction. Enterprises learn this quickly in supplier-driven markets, where new features are often introduced not because they materially expand the trade space, but because they extend the current profit pool, deepen lock-in, and delay substitution. A mature architecture therefore has to distinguish between value-creating evolution and value-extracting evolution. The real question is not simply whether the feature is attractive, but whether it improves the enterprise&#8217;s position or merely increases dependence on the supplier&#8217;s margin logic.</p><p>At a mature stage in the product lifecycle, the current product often becomes a major profit pool that helps fund the next wave of innovation. The strategic question is therefore not simply how to improve the product, but how long to keep extracting value from it without becoming trapped by it. In product mixes where substitution is fluid, the enterprise has to manage controlled migration across the portfolio, avoiding both premature cannibalization and overharvesting the current curve until a competitor resets the market and forces discounting on worse terms.</p><p>AI can help here by modeling switching costs, substitution risk, lock-in dynamics, upgrade cadence, support dependence, margin migration, and competitor moves across the product mix. That allows the enterprise to see whether a proposed evolution is genuinely improving its trade-space position or merely extending someone else&#8217;s profit extraction window. It also helps determine how long the current profit pool can fund the next innovation before delay turns into strategic drag.</p><p>And this is the closure that makes the whole architecture loop work: the outputs of this section are not just observations. They are inputs to the next cycle. Updated architecture vision and principles, revised ABBs and SBBs, new standards, changed modular boundaries, refreshed guardrails, re-ranked enabling investments, refined market-window hypotheses, revised defensibility budgets, updated uncertainty bands, calibrated Finance AI, preserved options in the ready-use locker, and sharper judgments about which paths deserve scale, observation, harvest, migration, or retirement should all flow back into the next sensing, framing, and commitment cycle.</p><p>Part C is not the end of the story. It is the mechanism by which the enterprise manufactures the starting conditions for the next one.</p><p>Without this loop, the enterprise becomes an island: technically ambitious, internally coherent, and financially staged, but weak at metabolizing reality. It may still launch impressive capabilities. But it will learn too slowly, govern too loosely, and reallocate too late. That is how promising frontier moves turn chronic instead of symbiotic.</p><p>What good looks like is different. The enterprise reads reality quickly. AI helps interpret the signal without pretending that all noise is meaning. The EA updates architecture with discipline rather than intuition. The CFO reallocates under live evidence rather than static forecasts. Product teams evolve what is strengthening, branch what fits better elsewhere, preserve what may become viable later, harvest current profit pools intelligently, and retire what no longer deserves drag, capital, or attention.</p><p>That is the adaptive control loop of the AI-mature enterprise.</p><p><em>In the final part, I will pull these loops together into concrete use cases, failure modes, and what the AI-mature enterprise actually builds.</em></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Architecture of AI Maturity, Part B]]></title><description><![CDATA[Building, Integrating, and Propagating Frontier Moves]]></description><link>https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part-46e</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part-46e</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Mon, 18 May 2026 06:01:59 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>B begins where A ends. Once the enterprise has framed and committed to a governed path, the challenge is no longer whether the move is attractive in principle. The challenge is whether it can be built, integrated, propagated, and absorbed without collapsing under the realities of execution.</p><p>Ideas do not create value. Industrialized capability does.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This loop is where selected frontier moves are turned into executable and transferable reality across:</p><ul><li><p>engineering</p></li><li><p>software and model deployment</p></li><li><p>systems integration</p></li><li><p>testing and validation</p></li><li><p>quality</p></li><li><p>production or manufacturing</p></li><li><p>release readiness</p></li><li><p>service readiness</p></li><li><p>productization</p></li></ul><p>This is where many enterprises fail. They can generate a roadmap and fund a bet, but they cannot reliably turn it into scaled execution.</p><p>Engineering has to stay laser-focused on incorporating only those functional capabilities and non-functional attributes that genuinely move the trade space. Sales and marketing signals matter, but they cannot be allowed to override architectural discipline or pull the enterprise into feature inflation, weak priorities, and debt-generating noise. This is where architecture protects engineering from becoming a reactive fulfillment function. Sales and marketing surface demand signals; architecture and engineering decide what deserves realization.</p><p>Software, model, engineering, and production development all sit at the center of this loop because they are often where frontier ambition first becomes materially executable. But they should not be treated as autonomous craft domains detached from architecture. They have to remain tightly governed by the enterprise&#8217;s architecture vision, principles, dependency logic, non-functional requirements, and transition path.</p><p>AI has a critical role here as well. Not merely in testing code or validating a production step, but in assessing whether the behavior being built actually aligns with the intended trade-space movement. It can rapidly generate and simulate use-case conditions that continuously validate whether the capabilities under development still map to the business outcomes and frontier movement the enterprise intended to pursue once they hit system integration, production, release, or market use. That is not the same as testing. It is closer to ongoing validation of whether business requirements, capabilities created, and real-world operating conditions still line up.</p><p>Used well, this creates a live feedback loop into development. Software, model, engineering, and production teams can fine-tune not only for correctness, but for architectural fit, operational realism, manufacturability where relevant, and trade-space relevance before weak alignment becomes expensive at release, in service, or in the market.</p><p>There is another reason this loop matters: technical debt is too often treated as invisible because it does not always appear immediately as a line item, even though its downstream effects can quickly erode profitability.</p><p>For non-technical readers, technical debt is not just a coding issue. It is the accumulated burden of shortcuts, aging systems, brittle integrations, workaround-heavy processes, and unresolved design compromises that make every future change slower, riskier, and more expensive than it should be. It is the hidden tax the enterprise pays for building new capability on top of a substrate that was never fully cleaned up, simplified, or redesigned.</p><p>Left outside the execution logic, it becomes a hidden financial drag on frontier movement, slowing integration, increasing release friction, raising support burden, distorting margin, and quietly reducing the economic value of the innovation itself.</p><p>Worse, technical debt rarely stays still. Each new change made against a fragile foundation can increase complexity further, raising the cost of the next change and quietly compounding disorder across the system.</p><p>This is where AI can add real value. It can help model where technical debt is creating the greatest economic drag, estimate how that drag shows up through mean time between failures (MTBF), mean time to repair (MTTR), release friction, support burden, and coordination overhead, and identify which remediation moves would most improve readiness, reliability, and scaling speed.</p><p>More importantly, AI can help surface side innovations that address debt structurally rather than cosmetically: simplifying brittle interfaces, isolating unstable components, improving observability, redesigning release pathways, or sequencing specialist remediation efforts where accumulated fragility is repeatedly stalling progress.</p><p>But all of this has to remain inside the architecture discipline. Debt reduction must be governed through architecture vision, architecture principles, transition logic, and execution figures of merit, or it will remain visible without becoming actionable.</p><p>This also creates an important leadership interaction. The CFO should not sit outside technical debt as if it were a purely engineering concern. Once debt is made economically legible, the CFO has reason to take an active role in its reduction because the drag shows up in margin, release speed, support cost, and cash-flow resilience. At the same time, the operating owner of debt reduction will vary by enterprise. In some firms it will sit primarily with the chief information officer (CIO). In others, with the chief operating officer (COO), head of manufacturing, or equivalent operational leader. The CTO&#8217;s and EA&#8217;s role is often to frame the side innovations and architectural moves that can reduce the debt structurally rather than cosmetically. The key point is that debt reduction becomes a cross-functional economic and architectural priority, not a back-room technical clean-up.</p><p>A serious CEO can even hardwire accountability by tying part of C-suite incentives to the reduction of debt-driven drag on the business. But that should not be done through one blunt target for everyone. It works better as a shared enterprise metric with role-specific sub-metrics tied to each executive&#8217;s leverage point. Otherwise leaders optimize locally and distort the wider system rather than reducing the drag that actually matters.</p><p>If this is designed well, it does more than reduce technical debt in isolated pockets. It accelerates the enterprise at an aggregate level, making trade-space moves both more efficient and more effective. The enterprise becomes better able to convert frontier possibility into governed progression, with less drag, less wasted motion, and better value realization across the system.</p><p>Once technical debt is made visible as a drag variable, testing and quality become the first serious proof of whether the enterprise is building on a viable substrate or compounding fragility into the next release.</p><p>Testing and quality are therefore not downstream hygiene functions. They are the first disciplined check on whether the capability under construction can survive contact with integration, release, service, and market use. This includes not only correctness, but reliability, repeatability, observability, supportability, and the non-functional conditions that determine whether the move is actually scalable.</p><p>System integration should be continuous and incremental all the way up to final release. It is not a late-stage event to be discovered after development is largely complete. The same logic applies in manufacturing or production environments, where integration, process readiness, quality yield, and repeatability have to be proven continuously rather than assumed at the end. And all of it has to adhere strictly to architectural standards. That should not be confused with bureaucratic rigidity, drag, or needless cost. When the right building blocks are used, standards reduce complexity rather than add to it, protect quality rather than slow it, and prevent downstream technical debt from being silently reintroduced into the system.</p><p>AI has a role here too. It can help model how design, development, and production decisions made early in the cycle are likely to affect integration outcomes, manufacturing or process stability, release quality, support burden, and the final economic result. In that sense, AI helps the enterprise see whether apparently local choices are actually strengthening or weakening the readiness of the whole move long before final release.</p><p>Release itself deserves to be treated as a full readiness regime, not as a simple delivery event. By the time a move reaches release, the enterprise should already be asking whether operational readiness, business readiness, product launch readiness, support readiness, and resilience readiness are all genuinely in place.</p><p>That includes, at a minimum:</p><ul><li><p>operational readiness and run-book clarity</p></li><li><p>release and rollback discipline</p></li><li><p>business process readiness</p></li><li><p>launch coordination across product, sales, marketing, service, and operations</p></li><li><p>hypercare capacity after launch</p></li><li><p>observability and incident response readiness</p></li><li><p>stability, availability, and performance thresholds</p></li><li><p>auditability where required</p></li><li><p>and clear accountability for who owns the move once it is no longer in development but not yet fully absorbed into steady-state operations</p></li></ul><p>If these disciplines are weak, the enterprise confuses deployment with release and release with readiness. That is where apparently successful innovation starts to leak value through instability, service burden, user friction, and margin erosion.</p><p>AI can add substantial value here by modeling and simulating the launch before it occurs. By ingesting readiness and enabling checks across engineering, operations, service, product, business, and control functions, it can surface whether the enterprise is truly prepared to absorb the move. But its value does not stop there. During launch, AI can also ingest real-time telemetry from production systems and act as an interpretive layer over signals as they emerge. That helps the enterprise distinguish normal launch variance from meaningful instability, shorten diagnostic and troubleshooting time, and surface likely sources of degradation before the problem fully propagates. In that sense, AI supports not only go / no-go / defer discipline before launch, but faster operational sense-making while the launch is actually underway.</p><p>This is also where maturity propagation is tested. If a move looks mature in the lab but collapses at integration, release, production, or service, then the enterprise has not achieved real maturity. It has only moved the problem to the next handoff.</p><p>A frontier move is not complete when it is released. It becomes real when it is productized into something the enterprise can repeatedly deliver, support, and defend economically.</p><p>That is the difference between technical success and enterprise value. Productization is where the enterprise converts a selected capability into an offer, service, or operating reality that customers can actually adopt, internal teams can reliably support, and the business can scale without leaking value through instability, friction, or avoidable cost. It is where architecture, engineering, operations, service, finance, and market logic converge.</p><p>Productization is also a timing signal. It does not only tell the enterprise that a capability is commercially real. It also acts as a barometer of how much runway remains on the current S-curve before the next jump must be prepared. As underlying cost-performance conditions continue to shift, productization becomes not just a commercialization milestone, but an indicator of how long the current curve can still be exploited before the economics begin to favor a new frontier move.</p><p>AI can add value here as well by continuously modeling where the enterprise sits on the current S-curve. It can help sense whether the path is still strengthening, accelerating, flattening, or beginning to decay, and whether the current capability still deserves scale or is nearing the point at which the next frontier move should be prepared. In that sense, AI supports not only productization, but ongoing shape-sensing of the curve itself, turning productization into a continuously informed decision about timing, runway, and the next move.</p><p>Productization makes the curve real. AI helps the enterprise sense where it now sits on that curve.</p><p>More broadly, AI in this loop should not be understood merely as a modeling tool. It functions as an execution-shaping capability: improving the speed, precision, and quality with which the enterprise can build, integrate, and propagate a selected move across the value chain. In doing so, it does more than validate progress. It helps tighten frontier trajectory by surfacing misalignment earlier, reducing wasted motion, preserving non-functional integrity, and improving how effectively the chosen move expands the trade space.</p><p>What B hands into the next loop is not just a launched capability. It is a live operating reality: release signals, service burden, reliability evidence, support cost, adoption friction, productization economics, and the first real proof of whether the move is strengthening or weakening under field conditions. That is where C begins.</p><p><em>In the next part, the problem changes again. A launched capability is not yet a learned capability. The enterprise still has to interpret reality, update architecture, and reallocate under live evidence.</em></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Architecture of AI Maturity, Part A]]></title><description><![CDATA[Sensing, Framing, and Committing to Frontier Movement]]></description><link>https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/the-architecture-of-ai-maturity-part</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Thu, 14 May 2026 16:20:20 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>In the first essay, I argued that the West&#8217;s AI problem is not primarily technical. It is maturational.</p><p>In the second, I argued that this pushes the enterprise to redesign its innovation system.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>In the third, I argued that AI turns innovation into a capital allocation problem because it compresses the distance between opportunity space and capital commitment.</p><p>The next question is therefore unavoidable.</p><p>What does an enterprise architecture look like when all of that is true?</p><p>This is where many discussions about AI become too vague to be useful. They speak about strategy, pilots, transformation, governance, copilots, productivity, and platforms. But they do not show what the enterprise actually needs to build if it wants AI to become symbiotic rather than chronic.</p><p>That is the purpose of this essay.</p><p>The issue is not whether an enterprise should add an AI layer. It is whether it can build an architecture that supports continuous frontier movement without losing legitimacy, control, or economic coherence.</p><p>That means architecture cannot remain a static target-state exercise. It has to be reoriented around frontier-aware roadmapping, so that operating loops become codified into architecture principles, architecture vision, governed building blocks, and adaptive transition logic rather than remaining as disconnected ideas.</p><p>By frontier movement, I mean the shift in what becomes newly possible, viable, and worth pursuing as technology, market absorption, and enterprise capability evolve together.</p><h2><strong>The Architecture Question</strong></h2><p>If AI is changing the tempo, structure, and economics of innovation, then architecture can no longer be treated as a downstream implementation concern.</p><p>It becomes one of the primary mechanisms by which the enterprise decides whether accelerated frontier movement becomes productive or destabilizing.</p><p>That is the architectural question.</p><p>Not: where do we place a model?</p><p>But: what must the enterprise be able to sense, decide, absorb, scale, govern, and learn if AI is to support trade-space expansion rather than chronic dysfunction?</p><p>A mature answer does not start with tools.</p><p>It starts with the operating loops the enterprise must support.</p><h2><strong>Architecture Must Close the Loop</strong></h2><p>The core architectural challenge is to close the loop between frontier ambition and enterprise reality.</p><p>That means connecting:</p><ul><li><p>horizon sensing</p></li><li><p>design and recombination of possibilities</p></li><li><p>technical progression</p></li><li><p>validation and quality</p></li><li><p>industrialization and scale</p></li><li><p>market absorption</p></li><li><p>financial steering</p></li><li><p>service and post-sales learning</p></li><li><p>reinvestment into the next wave of trade-space expansion</p></li></ul><p>If these remain fragmented, the enterprise will produce one of two pathologies.</p><ol><li><p>Either the strategy layer outruns operational reality.</p></li><li><p>Or the operating core slows the enterprise so much that it loses the frontier.</p></li></ol><p>Architecture exists to prevent both.</p><p>A symbiotic AI enterprise is one in which these loops are linked strongly enough that movement can be accelerated without becoming chaotic. But these loops only become enterprise capability when they are codified into architecture vision, architecture principles, governed building blocks, and adaptive transition logic rather than remaining as disconnected ideas.</p><h2><strong>The Roadmap Is Not a Straight Line</strong></h2><p>Once the enterprise decides to act on a selected innovation path shaped by algorithmic recombination, it cannot rely on annual planning cycles and static capital allocation regimes to govern the move. Nor can it afford to put itself through a fresh transformation exercise each time it wants to materialize a frontier shift.</p><p>The roadmap the enterprise must govern is not a straight path. It is a living network of decision paths, dependencies, pacing choices, feedback signals, market-window assessments, and capital commitments.</p><p>That is why the chief financial officer (CFO), chief technology officer (CTO), and research and development (R&amp;D) leadership have to work in much closer rhythm than many firms are used to. The CFO needs to understand not only budgets and returns, but the velocity, drag, acceleration, and inertia inside the roadmap itself, and how those dynamics translate into value that can expand the trade space without putting capex and cash flow into peril. That is how the CFO becomes able to support the CEO&#8217;s decision to commit, pace, delay, or redirect a frontier bet.</p><h2><strong>Maturity Must Propagate Across the Value Chain</strong></h2><p>The real test is not whether a technology matures. It is whether maturity propagates across the value chain.</p><p>This is where many architecture discussions become too abstract. A capability can look promising in technical terms and still fail the enterprise because its maturity does not travel. Technology maturity has to slipstream into integration readiness, manufacturing or production readiness, release readiness, service readiness, and market readiness. Otherwise the enterprise confuses local progress with enterprise progress.</p><p>This is why architecture cannot remain a paper exercise. Its role is to make readiness transferable rather than isolated. It has to connect design, engineering, integration, production, quality, release, service, and feedback as one governed system. A frontier move is only economically real when maturity survives each readiness regime it passes through rather than collapsing at the next handoff.</p><h2><strong>Response Speed Means Tempo Alignment, Not Raw Velocity</strong></h2><p>Architecture must not only compress the enterprise response cycle. It must optimize how quickly the enterprise can reconfigure around selected innovation paths shaped by algorithmic recombination in ways that actually move the trade space.</p><p>But speed here should not be confused with raw velocity for its own sake. The real requirement is temporal fit: the ability to move from inception to market at the pace required to match market absorptive readiness before the window of value begins to decay.</p><p>That cadence will differ by line of business. In some cases it may be days or weeks. In others, months or quarters. The strategic challenge is therefore not abstract acceleration. It is tempo alignment across frontier movement, enterprise response, and market absorption.</p><p>Speed without industrialization is noise. And as argued earlier in the series, speed without scale is anoxic.</p><p>Marketing and sales can be useful litmus tests for assessing whether the window of opportunity for an innovation is opening, but they are not neutral judges of market readiness. Left alone, they may over-index on current demand, existing accounts, and near-term sellability, or gold-plate what the market is truly prepared to absorb. Their signals therefore need to be validated against broader reaction curves at the industry, segment, and geography level.</p><p>This is where AI can add real value early, even at low levels of technical maturity. It can help model market-window hypotheses in advance, estimate where adoption friction is likely to sit, and continuously update those hypotheses as evidence improves through market research, pilot feedback, channel signals, existing customers, and the customers the enterprise is trying to unlock.</p><p>In that sense, AI does not just help read the market. It helps the enterprise assess whether the window is real, for whom it is real, how fast it is opening, how long it is likely to remain open, and what symptoms indicate that the window is beginning to narrow or close.</p><p>The enterprise should not only ask whether a window exists. It should ask where it sits in the life of that window.</p><p>When that alignment works, the enterprise builds momentum. When technical debt, missing building blocks, weak integration paths, market friction, or slow governance dominate, that momentum begins to stall. The management task is therefore not simply to demand more speed. It is to remove drag deliberately: reduce complexity, lower cognitive load on teams, simplify coordination, tighten decision rights, and create specialist teams or capabilities where bottlenecks repeatedly stall velocity. That is how the enterprise pushes its stall point outward and turns more frontier possibility into real progression.</p><h2><strong>The Operating Loops of an AI-Mature Enterprise</strong></h2><p>These loops are not a substitute for architecture discipline. They are the operating expression of it.</p><p>They show how architecture vision, architecture principles, and governed transition logic actually work when frontier movement is continuous rather than episodic.</p><h2><strong>A. Sense, Frame, and Commit</strong></h2><p>The enterprise does not commit directly from signal to spend. It commits through architecture.</p><p>This loop begins with sensing, but it has to move quickly into framing.</p><p>That means the enterprise needs:</p><ul><li><p>market and competitor signals</p></li><li><p>ecosystem and technology signals</p></li><li><p>customer and usage signals</p></li><li><p>operational and support signals</p></li><li><p>design and architecture context</p></li><li><p>constraint visibility</p></li><li><p>non-functional requirements</p></li><li><p>prior roadmap decisions</p></li><li><p>financial context and capital boundaries</p></li></ul><p>Without this layer, the enterprise is effectively flying blind. It reacts late, capitalizes noise, or mistakes internally generated excitement for external relevance.</p><p>But this sensing reflex cannot be meaningfully outsourced. The enterprise has to build it as an internal capability. Outside support may help through facilitation, mentoring, challenge, and capability building, but not by substituting for the enterprise&#8217;s own sensing metabolism. Otherwise the organization ends up renting pattern recognition rather than developing it.</p><p>The enterprise architect (EA) is not only important as a steward of coherence after a frontier signal appears. The EA is also part of the innovation ecosystem at a different altitude.</p><p>From there, the signal has to move from CTO and R&amp;D into architecture. CTO and R&amp;D determine which frontier movement is technically emerging, why it matters, and what kind of new capability it may unlock. But they should not surface frontier moves in purely technical terms. Even at the earliest stage, they should attach an initial economic hypothesis: what value might be created, what broad cost and timing implications are visible, and what early conditions would have to hold for the move to matter commercially.</p><p>At that stage, the CFO does not yet need to act as the formal gate, but finance should provide support capacity through early valuation logic, scenario framing, and sensitivity assumptions so that the signal is not carried forward as technical promise alone. Architecture then takes that signal and disciplines it: testing it against architecture vision, architecture principles, dependency structures, non-functional requirements, integration constraints, and transition logic so that the opportunity is translated into a governed path the enterprise can actually absorb.</p><p>That still understates the EA role. Some of the most important innovations in the enterprise are architectural innovations: reducing complexity, improving modularity, strengthening security, increasing maintainability, shortening outage cycles, simplifying integration, and improving the enterprise&#8217;s overall capacity to absorb future moves. Every major frontier move should therefore trigger an architectural enablement track in which the EA identifies and stages the quieter innovations that increase the organization&#8217;s agility and velocity.</p><p>AI should be highly leveraged here as well. Not to replace EA judgment, but to help surface and compare incremental innovation pathways that are themselves shaped by algorithmic recombination. In that sense, the EA does not merely run with innovation. The EA helps generate the enabling conditions for the next one.</p><p>Some of these architectural innovations do not move the trade space directly. But they still matter because they unlock or amplify the value of more visible frontier moves. That means the enterprise should think not only in terms of isolated bets, but in terms of connected investments whose value emerges in combination. This is one of the reasons incremental architectural innovation deserves serious attention from both the EA and the CFO.</p><p>This is where frontier-aware roadmapping becomes critical. It is a disciplined way of turning moving possibilities into staged enterprise choices. The formal scaffolding behind it can be rigorous technology roadmapping logic, but the practical requirement is simpler to state. The roadmap has to stay aware of moving frontiers, branching options, market absorption, dependency structures, and capital pacing.</p><p>In practice, that also means the architecture substrate itself has to evolve. A document-centric architecture process is too static for continuous frontier movement. The enterprise increasingly needs a model-centric architecture approach, ultimately moving toward digital representations of the system that make comparison, simulation, traceability, and disciplined change far more executable than documents alone. That gives the EA, CTO, and R&amp;D leadership a more reliable basis for testing paths, exposing consequences, and governing transition.</p><p>Only after that framing work does the CFO enter decisively. The CFO brings pacing discipline, cash-flow logic, scenario pressure, and the question of whether that architecturally framed path is financeable without destabilizing the wider enterprise. If it does not pass that test, there is little value in widening the commitment discussion further.</p><p>Other C-suite functions will often become relevant later depending on the nature of the move, for example market, operations, or enterprise platforms, but they are downstream of this initial discipline-and-finance gate. The essential sequence is technical signal, architectural framing, financial pacing, then executive commitment.</p><p>Together, that is what creates the conditions under which the CEO can commit responsibly.</p><p>This also means the enterprise needs a formal kill switch. It should be explicit from the beginning that a move can be paused, redirected, or killed at any stage if it no longer meets the intended trade-space objective, if the economics collapse under better information, or if the move cannot be realized inside agreed architectural, operational, or financial guardrails. Without that discipline, the enterprise risks carrying technically interesting but strategically unviable pathways far deeper into the system than they deserve.</p><p>But a killed path does not always need to vanish. In a more mature system, some ideas should remain in a ready-use locker: not funded for immediate progression, but preserved as contingent options should different market conditions, technical breakthroughs, cost curves, or architectural enablers make them viable later. This is where uncertainty, diversity, and optionality matter. The enterprise should not only know when to stop a path. It should also know when to preserve it as a live option while allocating capital elsewhere.</p><p>Architecture should also force the creation of a defensibility budget for the move. This is not just a development estimate. It is a governed view of what the enterprise will have to spend, in redesign, integration, debt reduction, non-functional hardening, release readiness, service readiness, and timing exposure, to make the innovation real from inception to deployment. That matters because the question is not simply whether the innovation looks attractive in concept. It is whether it remains worth funding once the critical path is visible and the full architectural burden is known.</p><p>But in an age of algorithmic recombination, even that is not enough. The enterprise does not only need to know whether one innovation is defensible. It needs to know whether it is the most defensible among the innovation paths shaped by algorithmic recombination now available. This is where AI becomes a particularly powerful partner. It can help compare alternative paths, estimate their net effect on the trade space, surface their internal burdens, and show which one creates the strongest value without overwhelming the architecture that has to absorb it.</p><p>The question is no longer only whether an innovation can be built. It is whether it is the best option among the innovation paths shaped by algorithmic recombination once the full trade-space effect and internal burden are visible.</p><p>The roadmap matters to the CFO because it can contain more than technical ambition. It can include financial models that show the delta a technology creates against the baseline business plan, in cost, revenue, timing, uncertainty, and net present value (NPV) terms. It can also include competitive tradespace models that show whether capital should fund higher performance, lower cost, a delayed move, or a different response entirely once competitor behavior is taken into account. And it can include mathematical models that make visible which constraints are actually binding and what their shadow price is, in other words, how much value those constraints are suppressing. That is what makes the roadmap financially legible. It stops being a technical wish list and becomes a structured basis for pacing commitment.</p><p>This is one reason frontier-aware roadmapping is so powerful: it makes technical movement, financial consequence, and competitive timing legible in the same frame.</p><p>That financial legibility matters even more once architecture turns the selected signal into a scaled implementation path. At that point, the issue is no longer only whether the frontier move is strategically attractive. The enterprise also has to understand what that path does to redesign effort, interface burden, integration cost, manufacturing and service economics, customer value, and uncertainty once the move is actually infused into the host product or system. That is what turns the move from an attractive idea into an economically intelligible implementation decision.</p><p>In other words, the roadmap helps choose the move; technology infusion analysis helps show what the move costs and creates once it enters the host product or system.</p><p>What comes out of this loop is not a commitment in the abstract. It is a governed candidate path: architecturally framed, economically legible, bounded by guardrails, and explicit about what would justify progression, preservation, pause, or kill. That is what allows the enterprise to move from possibility to a path worth building.</p><p><em>In the next part, the question changes. It is no longer whether the move is worth committing to. It is whether the enterprise can actually build, integrate, and propagate it without collapsing under execution reality.</em></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Why AI Turns Innovation into a Capital Allocation Problem]]></title><description><![CDATA[The economics of frontier movement in the AI era]]></description><link>https://thinkinginloops.substack.com/p/why-ai-turns-innovation-into-a-capital</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/why-ai-turns-innovation-into-a-capital</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Tue, 05 May 2026 14:40:52 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>AI compresses the distance between opportunity space and capital commitment. That is why innovation becomes a capital allocation problem.</p><p>This is the shift many enterprises still underestimate.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>AI is not just generating more ideas. It is not just accelerating prototyping, multiplying scenarios, or widening access to sophisticated knowledge. It is also compressing the time between what becomes possible and what must be funded, staged, governed, scaled, or killed.</p><p>That changes the economics of innovation.</p><p>In a slower world, firms could treat innovation as partly discretionary. They could tolerate longer gaps between sensing opportunity, placing bets, assessing progress, and deciding whether to continue. But when frontier movement accelerates, recombination becomes increasingly algorithmic, and practical scarcities begin to shift, that comfort erodes.</p><p>Innovation becomes less a bounded technical activity and more a continuous problem of capital commitment under uncertainty.</p><h2>The Old Capital Logic Is Breaking</h2><p>Most firms still allocate capital as if innovation moved in slower cycles, scarcity changed gradually, and defensibility lasted longer than it increasingly does.</p><p>That logic was not irrational in a world where knowledge remained relatively gated, option generation was costly, product cycles were longer, and profit extraction could often rely on more durable asymmetries.</p><p>But AI changes those conditions.</p><p>When idea generation, drafting, synthesis, prototyping, and certain forms of expert assistance become cheaper and more widely available, the old cadence of capital planning begins to look increasingly mismatched to the environment. Annual budgeting cycles, broad discretionary innovation buckets, and slow strategic reviews were designed for a world in which the frontier moved more slowly and the cost of missing a short-lived opportunity was lower.</p><p>That is no longer the world many firms are entering.</p><p>The issue is not simply that firms need to move faster. It is that their capital logic was built around slower frontier movement, more stable scarcities, and longer windows of defensibility than AI may now allow.</p><h2>AI Expands the Option Space Faster Than Firms Can Absorb It</h2><p>AI does not just generate more options. It generates more options faster than most firms can evaluate, sequence, and metabolize them.</p><p>This is where the pressure starts.</p><p>More ideas. More combinations. More scenarios. More prototypes. More adjacent possibilities. More pathways to explore. More potential bets competing for attention, capital, and organizational bandwidth.</p><p>At first glance, that looks like an innovation windfall.</p><p>But abundance has its own economics.</p><p>When option generation becomes cheap, the enterprise does not automatically become more innovative. It becomes more exposed to noise, mis-sequencing, weak prioritization, and shallow experimentation that never matures into durable capability.</p><p>AI does not merely accelerate innovation. It expands the option space faster than many firms can absorb.</p><p>And once absorption becomes the constraint, capital allocation becomes the filter through which opportunity must pass.</p><h2>More Options Do Not Mean More Value</h2><p>When option generation becomes cheap, the source of value shifts from creation to selection, sequencing, and disciplined commitment.</p><p>This is one of the most important changes in the AI era.</p><p>In a world of relative scarcity, generating viable options was itself a major source of value. Human bandwidth, expertise, access, and time naturally limited the funnel.</p><p>AI changes that.</p><p>Now the challenge is less about whether the enterprise can generate possibilities and more about whether it can choose wisely among them. Which options actually move the trade space? Which deserve capital now? Which should remain exploratory? Which should be industrialized? Which should be killed before they absorb further resources and attention?</p><p>Value begins to move away from creation alone and toward judgment, validation, sequencing, and disciplined commitment.</p><p>The firm wins not by generating endlessly, but by deciding well under conditions of accelerated abundance.</p><h2>Capital Allocation Becomes the Real Innovation Engine</h2><p>In the AI era, innovation is no longer governed mainly by ideation quality. It is governed by how intelligently capital is placed, staged, reallocated, and withdrawn.</p><p>That is the hard shift.</p><p>Firms have to place bets under faster-cycle uncertainty. They have to stage commitments rather than spend indiscriminately. They have to protect optionality without flooding the system with undisciplined experimentation. They have to fail fast without making failure itself destabilizing. And they have to productize winners at scale before imitation compresses the advantage.</p><p>This is why innovation increasingly behaves like a capital allocation regime.</p><p>Not because ideas no longer matter, but because the economic consequences of choosing, staging, scaling, slowing, or killing those ideas now arrive faster and more forcefully than before.</p><p>The real innovation engine is no longer just the ability to invent.</p><p>It is the ability to commit capital intelligently across moving frontier bets.</p><p>That also means the enterprise has to think in differentiated time horizons. Some bets are near-term optimization plays. Some are medium-term adjacency moves. Some are longer-term discontinuous frontier bets. Treating them as if they live on the same clock is itself a form of misallocation.</p><p>The capital logic therefore cannot be monolithic. It has to stage, pace, and govern different innovation horizons differently.</p><h2>Profit Extraction Logic Is Shifting</h2><p>As AI compresses scarcity, it also compresses the old bases of margin, defensibility, and profit extraction.</p><p>This is where many firms still think too narrowly.</p><p>If capabilities that were once scarce become more widely accessible, then the value proposition changes. Knowledge itself does not disappear as an asset, but knowledge possession alone becomes a weaker moat when sophisticated synthesis, drafting, prototyping, and certain forms of expertise become more broadly available.</p><p>That means firms can no longer assume that profits will be extracted from the same place, in the same way, or for the same duration.</p><p>Some of the old margin logic weakens.</p><p>Knowledge asymmetry compresses. Practical exclusivity windows shorten. Even intellectual property, while still legally intact, may lose strategic duration as innovation cycles shorten and imitation accelerates.</p><p>The future moat may belong less to those who protect invention longest, and more to those who absorb invention fastest.</p><p>Profit extraction increasingly shifts toward speed of absorption, quality of orchestration, scale of industrialization, trust, system integration, market learning, and the ability to keep extending the frontier before rivals catch up.</p><p>That is not a small economic adjustment.</p><p>It is a structural shift in where advantage lives.</p><h2>Faster Frontier Movement Requires Better Roadmapping</h2><p>Faster frontier movement is only part of the story. The deeper challenge is that algorithmic recombination can create multiple plausible S-curve jumps at once, expanding the trade space along pathways that are neither linear nor easily bounded. That is the real risk axis.</p><p>This is why technology roadmapping becomes more important, not less.</p><p>When AI expands the option space, the problem is not only that firms face more possibilities. It is that those possibilities can now emerge through algorithmic recombination at a scale and speed that make adjacency more volatile, dependency structures less obvious, and strategic coherence harder to preserve.</p><p>The enterprise is no longer choosing only whether to progress along its current curve. It may be forced to choose among several plausible next curves: incremental extensions, adjacent jumps, discontinuous shifts, parallel exploratory lanes, or delayed moves designed to industrialize a winning bet already underway.</p><p>That cannot be a blind guess.</p><p>Technology roadmapping becomes the discipline for adjudicating among competing S-curve possibilities under strategic, technical, capital, and absorptive constraints. It helps the enterprise distinguish what is merely possible from what is strategically relevant, technically absorbable, economically survivable, and worth staged commitment.</p><p>Without that logic, capital allocation becomes exposed to combinatorial noise. Bets are placed not against an intelligible progression path, but against a field of rapidly generated possibilities whose risks are poorly bounded and whose value is poorly sequenced.</p><p>That is why faster AI-driven innovation does not reduce the need for technology roadmapping. It intensifies it. The enterprise now needs a way to map not only frontier movement, but the S-curve choices and combinatorial risks created by algorithmic recombination itself.</p><p>And once those choices are visible, the next problem emerges immediately: how to forecast, stage, and govern capital in a world where the underlying conditions are moving faster than classical planning logic was designed to handle.</p><h2>Forecasting Gets Harder, Not Easier</h2><p>Once frontier choices are expanding faster and recombination is creating more volatile pathways, forecasting itself becomes a more exposed function.</p><p>AI may improve analysis, but it also makes innovation economics more dynamic, which can make capital forecasting less stable rather than more certain.</p><p>This is one of the quieter dangers in the current wave.</p><p>AI can produce more scenarios, more models, more comparisons, more synthetic evidence, and more apparent precision. That is useful. But it can also create the illusion that uncertainty has been reduced more than it actually has.</p><p>In reality, faster frontier movement often means the opposite.</p><p>Assumptions decay faster. Competitive moves arrive sooner. Recombination produces alternative offerings more quickly. Customer expectations shift more rapidly. Forecast baselines that once held for longer periods become more exposed.</p><p>That means point estimates become less reliable as a sole decision basis. Confidence bands, scenario ranges, staged thresholds, and capital buffers matter more.</p><p>The issue is not whether AI can help forecast.</p><p>It can.</p><p>The issue is whether enterprises understand that AI also increases the dynamism of the system being forecast.</p><p>That means forecasting discipline has to become more robust, not merely more automated. And that robustness depends on signal quality. If the underlying signals are delayed, biased, fragmented, or weakly connected across product, market, service, and finance, then AI will only accelerate misinterpretation. Symbiotic AI depends not just on more data, but on trustworthy signal loops that preserve lineage, context, and decision relevance.</p><h2>The Roadmap Becomes Financial Logic</h2><p>If forecasting is now more exposed, the roadmap can no longer sit beside finance as a parallel artifact. It has to become part of the financial steering system itself.</p><p>For the CFO, the technology roadmap is not merely a technical planning device. It becomes the structure that translates possibility into governable capital logic.</p><p>This is the disambiguation many enterprises still miss.</p><p>The CFO does not need the technology roadmap because finance suddenly becomes a technical function. The CFO needs it because the roadmap shows whether a proposed jump has a credible progression path, visible dependencies, stageable capital requirements, intelligible failure points, and a financeable sequence of value realization.</p><p>That matters because the CFO is not just screening bets.</p><p>The CFO uses the roadmap to shape strategic planning, staging assumptions, forecasting logic, cash-flow exposure, and contingency design. Under algorithmic recombination, the roadmap becomes the filter that distinguishes fundable frontier movement from capitalized noise.</p><p>Without that coupling, strategic planning becomes static allocation against dynamic uncertainty. With it, planning becomes staged financial navigation of frontier movement.</p><h2>The CFO Governs the Financial Feedback Loops</h2><p>The roadmap also becomes the basis for the enterprise&#8217;s financial feedback loops.</p><p>This is where the CFO role becomes much more central.</p><p>When a bet proves out, the loop can become reinforcing: stronger technical and market signals justify more capital, greater scale, better margin, and further reinvestment. A winning frontier move, if governed well, can compound into stronger cash generation and fund the next wave of expansion.</p><p>When a bet weakens, the loop must become balancing: thresholds tighten, forecast variance triggers caution, capital release slows, and downside exposure is contained before the broader enterprise is destabilized.</p><p>This is why the CFO cannot simply run classical planning cycles and static forecasts in parallel to a dynamic technology roadmap shaped by algorithmic recombination. The two systems would move at different speeds, with different assumptions, and the result would be structural drag.</p><p>Finance itself has to become adaptive.</p><p>In that sense, the CFO increasingly needs Finance AI, not as a cosmetic automation layer, but as the financial metabolism required to ingest roadmap progression, update scenario ranges, stage capital releases, model contingencies, and distinguish reinforcing loops from balancing ones as frontier bets evolve. Finance has to become adaptive enough to metabolize technological movement at the speed it is being generated.</p><p>Otherwise the enterprise risks pairing a Ferrari innovation system with a donkey financial metabolism.</p><h2>The CFO Helps the CEO Act on Frontier Bets</h2><p>This also changes how the CFO supports the CEO.</p><p>The CFO is not simply there to constrain frontier ambition or reject risky bets. In an AI-shaped innovation regime, the CFO becomes a strategic advisor on how and when the CEO should act on technology bets at all.</p><p>That means helping distinguish which bets are financeable now, which should be staged, which require stronger contingencies, which can be accelerated, and which should remain observational rather than committed.</p><p>In that sense, the CFO helps convert frontier ambition into paced, survivable commitment.</p><p>The real contribution is not only financial discipline. It is timing discipline, commitment discipline, and resilience discipline. The CFO helps the CEO move on the frontier without turning movement itself into instability.</p><h2>Market Absorptive Capacity Shapes the Trade Space</h2><p>But even that internal financial logic is not enough on its own, because the roadmap is not shaped only by what the enterprise can fund or absorb internally. It is also shaped by what the market can metabolize.</p><p>Market absorptive capacity shapes both the option set and the magnitude of trade-space expansion.</p><p>This is a crucial point that enterprise innovation systems often underweight. A frontier move is not economically meaningful simply because it is technically possible or internally fundable. Its real significance depends on whether the market is ready to metabolize it, at what speed, at what scale, and in what form.</p><p>But market absorptive capacity is not uniform. It is segmented, uneven, and dynamic. It varies by geography, demographics, sector, infrastructure, regulatory climate, trust, switching friction, channel structure, and pricing sensitivity. That means the same frontier move may be highly absorbable in one market, marginally viable in another, and economically premature in a third.</p><p>This adds another layer of complexity to algorithmic recombination. AI can generate many plausible paths forward, but those paths do not enter a single homogeneous market. They enter differentiated environments with different rates and modes of absorption.</p><p>That is why enterprises may need different bets for different markets, different pacing for different segments, and different roadmap branches depending on where the market is actually ready to metabolize the innovation. The enterprise is often choosing not just the bet, but the bet-market pairing.</p><p>This is where AI modeling becomes essential. It is not only useful for sensing market signals. It is key to understanding how roadmaps themselves should evolve, branch, and increment in response to uneven market dynamics. In that sense, AI helps the enterprise model not only what is possible, but where, for whom, and at what magnitude a frontier move can become economically real.</p><p>The market therefore does not merely respond to the roadmap after the fact. It helps shape it. The economics of the trade space emerge not from technical possibility alone, but at the intersection of frontier movement, enterprise absorptive capacity, and market absorptive capacity.</p><p>This also means the enterprise has to manage rate mismatch explicitly. It can be too early for the market, too late for the frontier, internally ready but commercially mistimed, or commercially ambitious but operationally fragile. None of those are trivial timing errors; they are structural mismatches that distort both roadmap progression and capital logic.</p><p>Without that loop, the enterprise risks becoming an island: technically ambitious, internally coherent, financially staged, but economically mistimed.</p><h2>Failure Must Be Designed into Governance</h2><p>Once market timing, roadmap progression, and capital exposure are all moving together, governance can no longer treat failure as an exception at the edge of the system.</p><p>When innovation becomes a faster capital allocation regime, failure can no longer sit outside governance as an exception. It has to be designed into the operating model.</p><p>This is where maturity becomes visible.</p><p>Not every frontier bet will work. Not every promising pathway should be scaled. Not every technical success deserves productization. Not every market signal should trigger more capital.</p><p>A mature enterprise does not discover this too late.</p><p>It builds the contingencies into steady-state governance.</p><p>That means staged release of capital. Kill thresholds. Reserve capacity. Fallback operating plans. Recapitalization criteria. Portfolio diversification. Governance triggers for when a bet underperforms technically, commercially, or operationally. Cash-flow protections that prevent the core business from being destabilized by a wave of poorly bounded ambition.</p><p>It also means threshold logic has to become more explicit. What triggers escalation? What triggers recapitalization? What triggers pause, slowdown, or industrialization? What signal indicates that a lane should remain exploratory rather than committed? These thresholds are not administrative detail. They are part of the control logic that keeps faster innovation from turning into systemic drift.</p><p>In a world of continuous frontier movement, contingency design is not defensive bureaucracy.</p><p>It is part of the innovation system.</p><h2>How Firms Get This Wrong</h2><p>Many enterprises will not fail here because they lack AI. They will fail because they metabolize it poorly.</p><p>Some will capitalize option abundance instead of sequencing it.</p><p>Some will mistake scenario richness for strategic clarity.</p><p>Some will treat market absorptive capacity as uniform when it is segmented and uneven.</p><p>Some will confuse roadmap possibility with financeable progression.</p><p>Some will scale novelty before reliability, supportability, and service economics are ready.</p><p>And some will let AI increase analytical volume without increasing decision quality.</p><p>These are not side errors. They are structural failure modes in a system where algorithmic recombination can generate more plausible pathways than weak governance can absorb.</p><h2>The Triangle Tightens Under Capital Stress</h2><p>AI does not just tighten the CEO&#8211;CTO&#8211;CFO triangle around innovation. It tightens it around the economics of choice, timing, and sacrifice.</p><p>This matters because frontier movement is not managed through ambition alone.</p><p>The CEO must decide which movements in the trade space matter strategically.</p><p>The CTO must determine which bets are technically absorbable, scalable, and worth progressing.</p><p>The CFO must determine how capital is staged, buffered, forecasted, and recycled without destabilizing the broader enterprise.</p><p>That triangle is not a static alignment mechanism.</p><p>It is an ebb-and-flow system in which strategic ambition, technical progression, and capital discipline are continuously recalibrated against one another.</p><p>Concessions are not signs of weakness. They are part of how a mature enterprise optimizes its overall frontier.</p><p>A technology readiness increment may be extended to preserve cash flow for other bets. A technically attractive pathway may be slowed so a sharper leading edge can be pushed harder. Capital may be redirected from frontier progression toward scaling a proven winner in the market.</p><p>What looks like delay in one lane may actually be optimization of the portfolio frontier.</p><p>The triangle does not merely align decisions.</p><p>It arbitrates the enterprise&#8217;s moving frontier under capital stress.</p><h2>The Real Enterprise Test</h2><p>Seen together, these pressures amount to more than a technology challenge or a finance challenge in isolation. They amount to a new enterprise test.</p><p>Maturation in an AI reality is not just a mindset problem. It is a capital allocation test under continuous frontier movement.</p><p>That is the real enterprise test.</p><p>Can the firm place sharper bets without flooding itself with noise?</p><p>Can it protect cash flow while still funding frontier movement?</p><p>Can it fail fast without turning failure into systemic instability?</p><p>Can it scale winning bets before defensibility compresses?</p><p>Can it preserve legitimacy while moving faster?</p><p>Can it repeatedly recycle capital into the next wave of trade-space expansion rather than treating innovation as a periodic discretionary event?</p><p>This is where many firms will struggle.</p><p>Not because they cannot imagine the future.</p><p>But because they have not yet built the capital logic required to survive their way into it.</p><h2>What Comes Next</h2><p>The winners in the AI era will not be those who see the most opportunity.</p><p>They will be those who convert opportunity into governed capital commitment without losing control of the enterprise.</p><p>That is the new demand AI places on innovation.</p><p>Not just more ideas.</p><p>Not just more analysis.</p><p>Not just more pilots.</p><p>But a more disciplined, dynamic, and strategically intelligent way of deciding what deserves capital, what deserves patience, what deserves scale, and what deserves to stop.</p><p>That is why innovation becomes a capital allocation problem.</p><p>And it leads directly to the next question: if the enterprise must now govern innovation as a dynamic capital regime under continuous frontier movement, what architecture and capability building blocks make that possible in practice?</p><p>That is where this discussion goes next.</p><p><em>My thinking on frontier movement and trade-space expansion has been shaped in part by my time at MIT and by the technology roadmapping work of Professor Olivier de Weck.</em></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Redesigning the Enterprise Innovation System for Continuous Frontier Movement]]></title><description><![CDATA[The micro lens on AI, innovation, and maturation]]></description><link>https://thinkinginloops.substack.com/p/redesigning-the-enterprise-innovation</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/redesigning-the-enterprise-innovation</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Thu, 30 Apr 2026 11:09:25 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>In the first essay, I argued that AI is changing the tempo, structure, and economics of innovation. It is weakening some traditional scarcities, making recombination increasingly algorithmic, compressing the practical value of knowledge asymmetries, and forcing institutions to confront a world of continuous frontier movement rather than slow, episodic updates to inherited trade spaces.</p><p>If that is true, then the next question is not whether firms should adopt AI.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>It is how they should redesign the enterprise around it.</p><p>This is the micro lens.</p><p>The challenge is no longer simply to generate more ideas, launch more pilots, or attach more AI labels to old operating models. It is to redesign the enterprise innovation system for a world in which trade-space movement is faster, value propositions are shifting, practical scarcity is being compressed, and the old distance between strategy, technology, and capital allocation is collapsing.</p><p>That is the operational side of the maturation problem.</p><h2>Innovation Is Now the Core Management Problem</h2><p>In many firms, innovation was once treated as a bounded function: part R&amp;D, part product development, part technology scouting, part discretionary investment. It could be governed in relatively slow cycles because the frontier itself moved more slowly, the scarcities were more stable, and the operating model could often tolerate a degree of separation between strategy, engineering, and capital discipline.</p><p>That is becoming harder to sustain.</p><p>If AI changes the speed, scale, and economics of frontier movement, then innovation stops being a peripheral function and becomes a central management problem. Not because every company suddenly becomes a pure technology company, but because the basis of competition, the logic of profit extraction, and the structure of advantage begin to move more quickly than legacy governance systems were designed to handle.</p><p>The issue is not only that innovation cycles compress. It is also that the speed and scale of those cycles now affect how capital is allocated, how bets are placed, how quickly weak bets must be killed, how winning bets must be productized at scale, how returns are forecasted, and how cash flow must be protected to sustain repeated trade-space expansion.</p><p>In the AI era, innovation is no longer just a technical function.</p><p>It is a capital allocation regime under continuous frontier movement.</p><h2>The Tightening Triangle: CEO, CTO, and CFO</h2><p>This is why the strategic distance between the CEO, CTO, and CFO must shrink.</p><p>In a slower world, these roles could remain more separated. The CEO could frame ambition and market direction. The CTO could manage technology and innovation lanes. The CFO could focus on capital discipline, forecasting, and return logic.</p><p>In an AI-shaped enterprise, that separation becomes far harder to sustain.</p><p>The CEO now has to determine which movements in the frontier matter strategically.</p><p>The CTO has to determine which new capabilities the enterprise can actually absorb, mature, industrialize, and scale.</p><p>The CFO has to determine how those bets are staged, funded, buffered, forecasted, and governed when they fail.</p><p>That is why the triangle tightens.</p><p>But it should not be understood as a fixed alignment mechanism. It is better understood as an ebb-and-flow system in which strategic ambition, technical progression, and capital discipline are continuously recalibrated against one another.</p><p>Concessions are part of the model.</p><p>An innovation progression may be extended to preserve cash flow for other frontier bets. Capital may be redirected from further technical progression toward productizing a winning capability at scale. A technically attractive lane may be slowed so that a sharper, more strategically important edge can be pushed harder.</p><p>What appears to be delay in one lane may actually be portfolio optimization at the level of the whole trade space.</p><p>In a mature innovation system, not every slowed increment is drift. Some are deliberate reallocations that sharpen the leading edge and improve the enterprise&#8217;s overall frontier position.</p><p>The triangle does not merely align decisions.</p><p>It arbitrates the enterprise&#8217;s moving frontier.</p><h2>AI Inside the Triangle: Chronic or Symbiotic</h2><p>This is where AI enters the triangle.</p><p>Its role is not simply to automate decisions or flood leaders with more analysis. Nor is it to replace judgment at the top of the house.</p><p>Its role is to alter the operating metabolism of the CEO&#8211;CTO&#8211;CFO relationship: how frontier options are sensed, how technical pathways are modeled, how capital is staged, how contingencies are tested, and how the enterprise learns across innovation cycles.</p><p>That can push the system in one of two directions.</p><p>One is endemic-chronic behavior: AI everywhere, but with rising noise, false confidence, shallow bets, distorted forecasts, and brittle governance. In that world, the enterprise mistakes more analysis for more maturity. It overgenerates options without improving selection. It accelerates decision cadence without strengthening judgment.</p><p>The other is endemic-symbiotic behavior: AI as a persistent but governed force that sharpens judgment, improves portfolio learning, strengthens capital discipline, and helps the enterprise extend the trade space without losing legitimacy, discipline, or control.</p><p>The question is not whether AI will sit inside the innovation triangle.</p><p>It is whether its presence will make the triangle chronically reactive or symbiotically intelligent.</p><h2>AI Must Cover the Full Enterprise Feedback Loop</h2><p>For AI to help create an endemic-symbiotic innovation system, it cannot remain confined to strategic conversations or executive dashboards.</p><p>It has to participate across the full enterprise feedback loop.</p><p>That means AI must help connect:</p><ul><li><p>opportunity sensing and strategic framing</p></li><li><p>concept generation and design</p></li><li><p>engineering and technical development</p></li><li><p>production and manufacturing</p></li><li><p>quality assurance and testing</p></li><li><p>non-functional attributes and system performance</p></li><li><p>productization and commercialization</p></li><li><p>marketing and sales signals</p></li><li><p>financial baselines and capitalization objectives</p></li><li><p>field performance and customer response</p></li><li><p>operational support and post-sales learning</p></li><li><p>reinvestment, scaling, slowing, or killing the next round of bets</p></li></ul><p>In other words, AI must not only inform the innovation triangle.</p><p>It must help close the enterprise feedback loop around it.</p><p>Otherwise the triangle optimizes abstractions instead of governing a living innovation system.</p><h2>Near-Real-Time Learning from the Market</h2><p>Ideally, AI should ingest near-real-time feedback from innovations in the marketplace and translate it into actionable learning.</p><p>What is working well?</p><p>What is underperforming?</p><p>What can be marginally improved quickly?</p><p>What requires deeper redesign?</p><p>What reliability patterns are emerging?</p><p>What support burdens are rising?</p><p>Where are customer expectations shifting?</p><p>Where are margins holding, compressing, or improving?</p><p>That kind of loop matters because it turns post-launch reality into design intelligence, operational foresight, and capital discipline.</p><p>It also allows the enterprise to connect commercial performance and technical reliability more tightly. AI should be able to forecast and update indicators such as MTBF and MTTR, surface the operational meaning of those patterns, and feed them back into product design, quality engineering, field service, post-sales support teams, and future investment decisions.</p><p>The real power of AI is not only to accelerate innovation creation.</p><p>It is to compress the learning loop between market reality and enterprise adaptation.</p><p>That is how a firm learns not only what to build, but what to improve, what to industrialize, what to support, what to abandon, and what to fund next.</p><h2>Decision Architecture for Continuous Frontier Movement</h2><p>If that is the context, then the enterprise needs something more than governance in the generic sense.</p><p>It needs decision architecture.</p><p>Decision architecture is the mechanism by which the enterprise decides:</p><ul><li><p>what enters the innovation funnel</p></li><li><p>what evidence is required before capital is committed</p></li><li><p>which bets are treated as frontier options versus scaling candidates</p></li><li><p>who holds judgment at each stage</p></li><li><p>what gets automated, augmented, escalated, or blocked</p></li><li><p>when cash flow protection overrides technical progression</p></li><li><p>when scale matters more than novelty</p></li><li><p>when a bet should be slowed, killed, or recapitalized</p></li></ul><p>This matters because continuous frontier movement destroys the comfort of slow-cycle management.</p><p>When knowledge scarcity weakens and recombination becomes algorithmic, the old basis of advantage erodes. The enterprise advantage shifts toward judgment, sequencing, validation, capital staging, absorptive capacity, and the ability to scale without losing control.</p><p>That is why decision architecture becomes central.</p><p>It is the enterprise mechanism for maturing around AI.</p><h2>White-Collar Pressure and the New Adaptive Core</h2><p>This also helps explain why the current transition is so disruptive inside firms.</p><p>The pressure on white-collar work is not just a labor-cost story. Nor is it simply a narrow skills problem.</p><p>As a structural interpretation, it reflects a deeper redesign of where adaptive capacity should reside inside the enterprise.</p><p>If healthy endemicity requires adaptive capacity, then firms will have to ask harder questions.</p><p>Which humans still provide unique adaptation value?</p><p>Which layers become redundant as knowledge mediation turns machine-assisted?</p><p>Where should judgment sit?</p><p>Where should escalation sit?</p><p>Where should reinvestment capacity sit?</p><p>That means white-collar contraction may not be only about efficiency.</p><p>It may be about re-architecting the enterprise around a different adaptive core.</p><p>Not every workforce reduction reflects mature strategy; some are reactive cost cutting or imitation. But the broader pressure on white-collar work suggests something larger than labor substitution alone. It suggests that enterprises are redistributing adaptation across systems, capital, and smaller groups of higher-order operators.</p><h2>From Front-End Pilots to End-to-End Maturity</h2><p>This is why so many AI efforts stall.</p><p>Enterprises launch pilots. They produce demos. They generate options. They show movement.</p><p>But they do not always redesign the underlying system by which innovation is selected, validated, funded, scaled, supported, and learned from.</p><p>That is why so much AI remains performative.</p><p>The enterprise can generate more possibilities without becoming better at maturing any of them.</p><p>And this is where the CEO&#8211;CTO&#8211;CFO triangle matters most.</p><p>The CEO defines where frontier movement matters.</p><p>The CTO determines what can be technically metabolized and industrialized.</p><p>The CFO determines whether the enterprise can place, stage, protect, and recycle capital in a way that sustains repeated trade-space expansion.</p><p>AI should strengthen that system, not destabilize it.</p><p>When it does, the enterprise moves toward healthy endemicity: AI as a productive, governed, and symbiotic part of innovation decision-making.</p><p>When it does not, AI becomes chronic: omnipresent, expensive, noisy, and corrosive.</p><h2>What Comes Next</h2><p>The operational challenge is therefore not simply AI governance.</p><p>It is redesigning the enterprise innovation system for continuous frontier movement.</p><p>That means redesigning how firms decide.</p><p>How they validate.</p><p>How they invest.</p><p>How they industrialize.</p><p>How they learn from the market.</p><p>How they protect cash flow while placing sharper bets.</p><p>And how they ensure that AI improves the quality of frontier decisions rather than merely accelerating activity.</p><p>The winners in the AI era will not be those who adopt the most tools first.</p><p>They will be those who build the capacity to mature around AI fastest: to validate, govern, absorb, scale, and continuously extend the frontier without losing legitimacy or control.</p><p>Part I argued that the real goal is not simply to make AI endemic, but to make it symbiotic rather than chronic. At the micro level, that means building an enterprise in which AI does not just accelerate innovation, but helps govern the full loop from ambition to market reality and back again.</p><p>That is the real work now.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[AI, Innovation, and the New Maturation Problem]]></title><description><![CDATA[From AI Epidemic to Endemic Innovation]]></description><link>https://thinkinginloops.substack.com/p/ai-innovation-and-the-new-maturation</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/ai-innovation-and-the-new-maturation</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Mon, 27 Apr 2026 13:31:23 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>We are experiencing an AI epidemic.</p><p>The technology is spreading faster than institutions, firms, and labor systems can fully absorb it. New models, agents, copilots, and automation layers are appearing everywhere. Boardrooms are discussing AI strategy. Vendors are relabeling roadmaps. Enterprises are launching pilots at speed. Yet beneath the surface, something more important is happening: the real challenge is no longer simple adoption.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>It is maturation&#8230;</p><p>And maturation here means more than learning how to use a new set of tools. It means rewiring enterprises and institutions for new aggregate capabilities, and developing a new mindset for how sustainable innovation is relaunched under AI conditions. The issue is not simply whether AI can be deployed. It is whether organizations can use it to continuously expand the trade space in ways that are economically meaningful, operationally governable, and strategically durable.</p><p>The question is not whether AI will spread. It already is. The deeper question is whether our institutions, enterprises, and innovation systems can adapt fast enough to metabolize that spread into something stable, productive, and governable. In other words, the challenge is how to move from an AI epidemic to endemic innovation.</p><p>That distinction matters. An epidemic is rapid, destabilizing, and uneven. It spreads faster than the host system can fully understand or absorb. An endemic condition is different. It does not mean harmless. It means persistent, normalized, bounded, and metabolized. But endemic does not automatically mean symbiotic. A system can also settle into a chronic, low-grade dysfunction with AI: always present, partially normalized, yet still eroding trust, resilience, or value over time. The real aim, then, is not endemicity alone, but healthy endemicity, an AI relationship that is productive, governed, and capable of creating durable value. In the AI context, that marks movement toward symbiosis: a state in which enterprises and institutions learn to live with AI productively enough to generate durable value rather than recurrent disruption.</p><p>That, to me, is the new maturation problem.</p><h2>What I Saw in Asia</h2><p>A recent trip to Asia sharpened this for me. What stood out was not simply speed. It was absorptive readiness.</p><p>In some contexts, the infrastructure, user behavior, platform integration, and social comfort with digital intermediation seem better aligned to rapid AI diffusion than many Western institutions currently are. What struck me was how subtle this is at the grassroots level: not necessarily through explicit declarations about AI, but through the quiet normalization of digital intermediation in daily life, commerce, and decision-making.</p><p>The point is not that one region is categorically &#8220;ahead&#8221; in every sense, or that fluid adaptation is automatically superior to institutional caution. It is that some environments appear better able to absorb fast-cycle digital innovation into everyday operating reality. The technology does not remain abstract for long. It gets embedded. Behaviors adjust. Expectations move. Commercial practices shift. The system metabolizes.</p><p>In much of the West, by contrast, we are still trying to govern AI with institutional tempos built for slower technology cycles. We debate AI strategically, but operationally and socially we are often not yet equipped for what accelerated diffusion actually looks like. Our instinct is often to respond through institutional constructs, legal, political, cultural, social, and regulatory, designed to preserve order and legitimacy, but not always to metabolize rapid technological change with equal fluidity.</p><p>That institutional reflex is not inherently a weakness. It can protect rights, trust, and social stability. But under conditions of accelerated AI diffusion, it may also slow adaptation, fragment operational learning, and leave societies governing a new reality with tempos inherited from an older one.</p><h2>The West&#8217;s AI Problem Is Not Primarily Technical. It Is Maturational.</h2><p>This is the arc that matters.</p><p>Most Western institutions and enterprises are not failing at AI because they lack access to tools. They are failing because they are trying to insert AI into inherited logics of legitimacy, operating design, and innovation management that were built for slower cycles and narrower trade spaces.</p><p>They treat AI as an add-on. A feature layer. A copilot. A productivity accessory. A modernizing signal.</p><p>But the real challenge is deeper. AI is not merely introducing new tools. It is changing the dynamics by which innovation is generated, selected, matured, scaled, and diffused.</p><p>That means the problem is not simply adoption. It is whether firms and institutions can redesign their innovation systems to function under a different tempo, a different abundance of options, and a different pattern of competitive and social diffusion, and whether they have the courage to place the investments required to build the absorptive capability that maturation demands.</p><p>Maturation in an AI reality is not just a mindset problem. It is also a capital allocation test.</p><p>Part of the difficulty is not only structural. It is cognitive and organizational. Many enterprises still lack the skills, and even more importantly the mindset, to leave no stone unturned in questioning whether they truly possess the absorptive capacity required for maturation. Do they have the talent, leadership, governance, portfolio discipline, and adaptive capacity to metabolize AI into new system-level capabilities? Or are they simply layering tools onto structures that were never designed to absorb this kind of change?</p><p>That is why maturation matters more than excitement.</p><h2>From Idea Scarcity to Maturation Scarcity</h2><p>Before AI, innovation had a more familiar rhythm. Generating viable ideas, drafting concepts, prototyping, and exploring alternatives were costly enough that many organizations naturally filtered themselves through effort and time. Human bandwidth acted as a bottleneck.</p><p>AI changes that.</p><p>It compresses ideation. It accelerates prototyping. It lowers the cost of recombination. It expands the search space. It allows more concepts, more variants, more simulations, more drafts, more candidate products, more candidate workflows, and more candidate automations to be generated in less time.</p><p>At first glance, that looks like a straightforward innovation advantage.</p><p>But it also changes what becomes scarce.</p><p>When generation becomes cheap, selection becomes harder.</p><p>More importantly, AI begins to democratize capabilities that were once comparatively scarce: ideation, synthesis, prototyping, drafting, and certain forms of expert assistance. This has a deeper implication. Knowledge itself, once prized as a valuable scarcity, no longer functions in quite the same way when sophisticated knowledge bases become broadly accessible to anyone willing to participate. That does not eliminate the value of knowledge, but it does flatten part of the playing field.</p><p>Institutions whose value proposition depends heavily on controlling scarce knowledge, rather than converting knowledge into adaptive, governed, and superior outcomes, are likely to come under severe pressure. Even the sacred cow of intellectual property begins to look different in this world. IP may remain legally intact, but its practical strategic value may compress temporally as innovation cycles shorten and imitation accelerates. Durable advantage shifts toward organizations that can absorb and compound innovation faster than others can catch up.</p><p>At the enterprise level, that means firms must rethink where defensibility, margin, and differentiation will come from when previously scarce capabilities become more widely accessible. At the aggregate level, it means AI is beginning to stress-test economic assumptions built around relatively stable forms of scarcity. That is why this is not a marginal adjustment. It is a systemic shock.</p><p>The future moat may belong less to those who protect invention longest, and more to those who absorb invention fastest.</p><p>When many more candidates can be produced, the real constraint shifts to judgment, integration, testing, governance, and scaling discipline.</p><p>In other words, AI shifts innovation from a scarcity problem of idea generation to a scarcity problem of maturation.</p><p>That is the new maturation problem.</p><h2>Why Legitimacy Is Now at Stake</h2><p>This matters because legitimacy in the AI era will increasingly come from something different than it did before.</p><p>Historically, many institutions and enterprises derived legitimacy from operating a known trade space well. They balanced cost, quality, risk, service, compliance, and speed within an established frontier. Stability, control, and predictability reinforced trust.</p><p>But AI is beginning to alter what is feasible, valuable, scalable, and expected.</p><p>That means legitimacy can no longer come merely from defending an inherited trade space and sprinkling AI tools across it.</p><p>It has to come from extending the trade space itself.</p><p>Legitimacy in the AI era increasingly comes from showing that you can redefine performance possibilities, redesign the operating model, create new value-quality-speed-cost combinations, absorb risks without freezing opportunity, and move the Pareto frontier rather than cosmetically modernize yesterday&#8217;s equilibrium.</p><p>That is the real test.</p><p>It is not enough to &#8220;use AI.&#8221; The harder question is whether AI enables a new and superior operating frontier.</p><h2>Automotive Makes the Difference Visible</h2><p>The automotive industry makes this especially visible.</p><p>One path is cosmetic modernization: adding AI-assisted features, smarter dashboards, more software language, or selective automation on top of legacy architectures and legacy development assumptions.</p><p>The other path is structural trade-space extension: using software, data, simulation, and AI to reshape design cycles, validation pathways, manufacturing logic, update models, service economics, and the basis of competition itself. Because scale matters. Speed without scale is anoxic. It does not sustain advantage. Fast experimentation matters, but only if its gains can be absorbed, industrialized, and propagated across the system. In the end, the real advantage comes when speed compounds through scale.</p><p>That is the difference between decorating the old trade space and enlarging it.</p><p>The same distinction applies well beyond automotive. In sector after sector, the central divide is emerging between organizations that treat AI as an overlay and those that use it to rethink the architecture of innovation and operations.</p><h2>Epidemic AI vs. Endemic Innovation</h2><p>This is why the epidemic metaphor matters.</p><p>Epidemic AI looks like this:</p><ul><li><p>rapid spread</p></li><li><p>reactive adoption</p></li><li><p>pilot proliferation</p></li><li><p>performative urgency</p></li><li><p>fragmented governance</p></li><li><p>uneven understanding</p></li><li><p>hype moving faster than validation</p></li><li><p>institutions absorbing the shock more slowly than the technology diffuses</p></li></ul><p>Endemic innovation is different. It does not mean the risks disappear. It means the system has matured enough to live with AI as a persistent condition. The technology becomes normal without becoming invisible. It is governed without being frozen. It is absorbed into operating reality without being romanticized as magic. But the target is not endemicity alone. It is healthy endemicity: a condition in which AI becomes a productive, governed, and value-creating part of the system rather than a permanent source of low-grade dysfunction.</p><p>That kind of endemic condition requires more than deployment. It requires adaptive capacity. And that helps explain why the current transition is so disruptive. Enterprises are not only reassessing the market value of specific white-collar skills. They are rethinking where adaptive capacity should reside inside the organization. In that sense, the pressure on white-collar work is not just a labor-cost story. It reflects a deeper redesign of how firms intend to sense, decide, adapt, and scale in an AI-shaped operating model.</p><p>If healthy endemicity requires adaptive capacity, then firms will have to ask harder questions. Which humans still provide unique adaptation value? Which layers become redundant as knowledge mediation turns machine-assisted? Where should judgment sit? Where should escalation sit? Where should reinvestment capacity sit?</p><p>That means white-collar contraction may not be only about efficiency. It may be about re-architecting the enterprise around a different adaptive core. Not every workforce reduction reflects mature strategy; some are reactive cost cutting or imitation. But as a structural interpretation, the pressure on white-collar work suggests something larger than labor substitution alone.</p><p>It requires enterprises and institutions to do something more pervasive than redesigning a few processes. They have to institutionalize a perpetual cycle of trade-space expansion and diffusion: an ongoing rhythm, with ebbs and flows, in which new capabilities are continuously created, matured, absorbed, and scaled. Legacy structures are often not built for that. They are designed to optimize within an inherited frontier, not to repeatedly extend it. That is the real shift now underway: from inherited frontiers updated slowly and episodically, to dynamic trade-space expansion in fast cycles, fueled by knowledge that is no longer scarce and recombination that is increasingly <strong>algorithmic</strong>. The old system was built to manage bounded progress. The new one has to metabolize continuous frontier movement.</p><p>This is why mindset alone is not enough. Enterprises need people who understand the cause-and-effect relationship between AI, innovation maturation, trade-space movement, and diffusion. They need leaders who can shape the right innovation portfolios, sequence investment across horizons, and build funding structures that channel meaningful profits back into capability creation. In the AI era, serious innovation cannot remain discretionary or ornamental. It has to be treated as a strategic reinvestment engine for trade-space expansion and Pareto movement.</p><h2>Why This Changes Everything</h2><p>This is why I believe AI changes everything.</p><p>Not because it is simply another digital tool layer.</p><p>Not because it automates a few workflows.</p><p>And not because it adds intelligence to existing products in some incremental way.</p><p>It changes everything because it alters the tempo, structure, and economics of innovation itself.</p><p>AI accelerates generation faster than many systems can validate. It diffuses capabilities faster than many institutions can adapt. It democratizes forms of knowledge and recombination that were once comparatively scarce. And when scarcity moves, value moves with it. The value proposition shifts. The basis on which profits are extracted begins to change. So does the logic of defensibility.</p><p>This is why the shock is deeper than most organizations admit. The real issue is not whether firms can adopt more AI tools. It is whether they can function in a world where knowledge is less scarce, recombination is increasingly algorithmic, and frontier movement is becoming continuous rather than episodic.</p><p>That is why the West&#8217;s challenge is not primarily technical.</p><p>It is maturational.</p><p>Many institutions and enterprises are still organized to optimize within inherited frontiers, updating them slowly and defensively. But the new environment demands something else: dynamic trade-space expansion in fast cycles, supported by absorptive capacity, reinvestment discipline, and the courage to place capital behind new capability formation.</p><p>In that world, legitimacy changes too. It no longer comes merely from preserving inherited order or decorating old models with AI features. It increasingly comes from demonstrating that you can extend the trade space responsibly, absorb risk without freezing opportunity, and convert new capability into durable value.</p><p>This is why we do not simply need more tools, more pilots, or more AI labels attached to old models. We need a different mindset, and beyond mindset, different portfolios, capital commitments, and organizational designs, that understand AI as a challenge to innovation maturation, trade-space expansion, operating legitimacy, and adaptive capacity in a world of continuous frontier movement.</p><p>The real question is no longer whether organizations can use AI.</p><p>It is whether they can mature around it fast enough to remain relevant.</p><h2>What Comes Next</h2><p>The winners in the AI era will not be those who adopt the most tools first.</p><p>They will be those who build the capacity to mature around AI fastest: to validate, govern, absorb, scale, and continuously extend the frontier without losing legitimacy or control.</p><p>That is now the real work.</p><p>And it leads directly to the next question: how should firms redesign decision architecture for a world in which innovation cycles compress, knowledge scarcity weakens, and trade-space movement becomes continuous?</p><p>That is where this discussion goes next.</p><p>The real goal is not simply to make AI endemic. Endemicity alone can still be dysfunctional. The aim is healthy endemicity: an AI relationship that becomes symbiotic rather than chronic, productive rather than corrosive, and durable rather than destabilizing.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Innovation That Touches the P/L]]></title><description><![CDATA[Signals to look for&#8212;and gates to insist on&#8212;before you fund agentic AI (or any &#8220;innovation&#8221; program)]]></description><link>https://thinkinginloops.substack.com/p/innovation-that-touches-the-pl</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/innovation-that-touches-the-pl</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Fri, 03 Apr 2026 15:00:53 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2><strong>Who this is for</strong></h2><p>If you&#8217;re a <strong>CEO, CFO, or CTO</strong> being asked to &#8220;do innovation&#8221; or &#8220;adopt agents,&#8221; you&#8217;re about to be pitched, by vendors, systems integrators, and often by large consulting firms with impressive decks and large teams.</p><p>This note is for <strong>you</strong>, the accountable sponsor. It gives you a screening test and a set of gates you can insist on before you authorize spend, so you can tell the difference between:</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><ul><li><p>work that can measurably move <strong>margin, cash conversion, risk, and throughput</strong>, and</p></li><li><p>work that creates <strong>motion and spend</strong> without changing feasibility.</p></li></ul><h2><strong>Why I&#8217;m writing this</strong></h2><p>I keep seeing the same pattern:</p><p>You announce an innovation ambition.</p><p>A pitch team arrives with reference architectures, &#8220;accelerators,&#8221; and a roadmap.</p><p>Everyone leaves energized.</p><p>Six months later, nothing material has moved: not margin, not cash, not throughput, not loss events. What <em>has</em> moved is spend.</p><p>This isn&#8217;t because people are incompetent. It&#8217;s because <strong>innovation fails when feasibility is assumed instead of proven</strong>, especially in system-of-systems enterprises where coupling, governance throughput, and control maturity are the real constraints.</p><h2><strong>The signal to look for (one sentence)</strong></h2><p><strong>Are you being offered tool activity, or a credible path to move the P/L under real constraints?</strong></p><p>In other words: will this measurably move <strong>margin, cost-to-serve, cash conversion (DSO / borrowing costs), loss events, and throughput</strong>, and can it scale without triggering a control deficiency that freezes the program?</p><p>If the pitch doesn&#8217;t answer that, it&#8217;s not an innovation plan. It&#8217;s theater.</p><div><hr></div><h1><strong>The blunt instrument that cuts through noise</strong></h1><p>A mentor of mine measured his ability to succeed by the <strong>authority</strong> he was given. That was useful in sliding projects.</p><p>Today, authority is often decorative. What matters is:</p><p><strong>How close will you allow this work to get to your P/L?</strong></p><p>Because if the economic levers remain out of scope, you cannot hold anyone accountable for outcomes.</p><p>So here&#8217;s the feasibility model I use:</p><p><strong>Engagement viability &#8776; permitted P/L influence &#247; change surface (and constrained by control maturity).</strong></p><p>Plain English:</p><ul><li><p>If the change surface is huge and controls are weak, scaling will stall or freeze.</p></li><li><p>If the P/L levers are out of scope, you&#8217;re being sold optics.</p></li></ul><div><hr></div><h1><strong>The P/L Influence Test (10 questions)</strong></h1><p>Run this in 20&#8211;30 minutes. If you can&#8217;t get clear answers, or clear commitments, you already have your answer.</p><ol><li><p><strong>Which P/L line are we moving?</strong></p><p>margin %, cost-to-serve, working capital/DSO, loss events, revenue retention</p></li><li><p><strong>What&#8217;s the baseline and target?</strong></p><p>current value &#8594; target delta &#8594; timeframe</p><p><em>(If there&#8217;s no baseline, it&#8217;s not a plan.)</em></p></li><li><p><strong>Who owns that line today?</strong></p><p>name the accountable executive (CFO/COO/GM), not &#8220;the team&#8221;</p></li><li><p><strong>Which levers are in scope?</strong></p><p>pricing/promo rules, credits/adjustments, exception policies, approval SLAs, contract terms workflow, reconciliation rules</p></li><li><p><strong>What decision rights will you grant?</strong></p><p>can policies/thresholds actually change, or are we &#8220;advising&#8221;?</p></li><li><p><strong>What is the &#8220;write boundary&#8221;?</strong></p><p>recommend-only vs bounded execution in systems-of-record</p></li><li><p><strong>What governance throughput will you guarantee?</strong></p><p>approval latency, SoD enforcement mechanism, change-control cadence</p></li><li><p><strong>What evidence and recovery are required?</strong></p><p>replayable traces, rollback/compensation, observability thresholds</p></li><li><p><strong>What will you stop to make space?</strong></p><p>if nothing stops, your organization is not serious</p></li><li><p><strong>What&#8217;s the kill rule?</strong></p><p>what triggers stop/de-scope if assumptions break?</p></li></ol><p>This isn&#8217;t bureaucracy. This is how you avoid six months of &#8220;progress&#8221; that never touches outcomes.</p><div><hr></div><h1><strong>Gates you should insist on (especially when big firms are pitching)</strong></h1><p>Large firms can bring program capacity. Capacity is not feasibility. Before you authorize spend, insist on gates that force reality.</p><h2><strong>Gate 1 &#8212; Outcome gate (CFO-grade)</strong></h2><ul><li><p>baseline + target + timeframe for at least one P/L driver</p></li><li><p>explicit Figures of Merit and how they&#8217;ll be measured</p></li></ul><p>If &#8220;better&#8221; is not measurable, you are funding storytelling.</p><h2><strong>Gate 2 &#8212; Lever gate (permission to move the P/L)</strong></h2><ul><li><p>explicit list of levers in scope</p></li><li><p>explicit decision rights (who can approve what, and how fast)</p></li></ul><p>If the levers remain out of scope, nothing material will move.</p><h2><strong>Gate 3 &#8212; Control gate (no material weakness)</strong></h2><ul><li><p>enforceable gates (approvals / allow-lists / segregation-of-duties)</p></li><li><p>replayable evidence at decision time</p></li><li><p>recovery competence (rollback/compensation)</p></li><li><p>observability thresholds</p></li></ul><p>If controls are &#8220;later,&#8221; you are paying for a future freeze.</p><h2><strong>Gate 4 &#8212; Change surface gate (blast radius realism)</strong></h2><ul><li><p>explicit mapping of where change propagates (process/org/data/apps/tech)</p></li><li><p>staging plan that bounds scope early</p></li></ul><p>If blast radius is wide on Day 1, you&#8217;re not piloting, you&#8217;re changing a system.</p><h2><strong>Gate 5 &#8212; Coupling gate (the honest dependency map)</strong></h2><ul><li><p>top technical hotspots (systems-of-record, reconciliation, contracts)</p></li><li><p>top stakeholder hotspots (decision rights, approvals, SoD bottlenecks)</p></li></ul><p>If coupling is invisible, surprises are inevitable, and expensive.</p><h2><strong>Gate 6 &#8212; Evidence pack gate (prove it before scaling)</strong></h2><p>For each stage, require an evidence pack:</p><ul><li><p>gate enforcement tests</p></li><li><p>rollback/compensation tests</p></li><li><p>replayable trace packets</p></li><li><p>observability proof</p></li><li><p>audit mapping (&#8220;what happened, why, who approved, what changed, how reversed&#8221;)</p></li></ul><p>If &#8220;passing a stage&#8221; can&#8217;t be proven, you&#8217;re buying a narrative.</p><h2><strong>Gate 7 &#8212; Kill gate (capital discipline)</strong></h2><p>You need an explicit kill rule. If assumptions break, scope changes, or controls can&#8217;t be operated at velocity, stop or de-scope.</p><p>Without a kill rule, you create zombie initiatives that consume budget while shrinking the feasible set.</p><h2><strong>Gate 8 &#8212; Risk-at-stake gate (are they willing to underwrite outcomes?)</strong></h2><p>If a firm claims they can move business drivers, ask what they are willing to put at stake.</p><p>You&#8217;re looking for credible alignment, not bravado. Examples:</p><ul><li><p>outcome-based fee component tied to agreed FOM deltas</p></li><li><p>milestone payments only when gate evidence packs pass</p></li><li><p>fee holdbacks until operational acceptance criteria are met</p></li><li><p>mutual kill rights if constraints prevent feasibility (pre-agreed)</p></li></ul><p>If there is <strong>zero</strong> willingness to tie compensation to outcomes or gate evidence, yet the pitch claims &#8220;transformation&#8221;, treat it as a warning signal.</p><p><em>(In regulated environments, full &#8220;pay-for-outcome&#8221; may be unrealistic, but some risk alignment is always possible.)</em></p><div><hr></div><h1><strong>What you should expect from your CTO/CIO/COO in the room</strong></h1><p><em>(and when you should end the meeting)</em></p><p>If you are a CEO or CFO sponsoring innovation or transformation, especially anything involving AI or agentic AI, your CTO/CIO/COO are not there to &#8220;observe.&#8221; They are there to <strong>bound feasibility</strong>.</p><p>If they are passive observers while you hope a consulting firm delivers a Hail Mary, you have the wrong people around the table, or the meeting is structured to produce theater, not outcomes.</p><h2><strong>At a minimum, your internal leaders must be able to answer these questions on the spot</strong></h2><p>Before you entertain a pitch, your CTO/CIO/COO should be able to speak to:</p><ul><li><p><strong>Current limitations:</strong> what cannot scale today, and why (controls, throughput, coupling, decision rights)</p></li><li><p><strong>Coupling hotspots:</strong> the known hard dependencies across systems and teams (systems-of-record, reconciliation, approvals, segregation-of-duties bottlenecks)</p></li><li><p><strong>Domains of change:</strong> where the impact will propagate (process, organization, location, data, applications, technology)</p></li><li><p><strong>Risk posture:</strong> what could break, how failure propagates, and what &#8220;bounded loss&#8221; looks like</p></li><li><p><strong>Technical debt and constraints:</strong> where debt is structural vs cosmetic, and what it will cost to resolve</p></li><li><p><strong>Governance and compliance posture:</strong> which obligations apply (audit evidence, retention, model risk management, change control, regulatory reporting), and what &#8220;acceptable evidence&#8221; means</p></li><li><p><strong>Security posture:</strong> trust boundaries, identity/permissioning, attack surface, abuse cases, incident response expectations, and what must never be automated</p></li><li><p><strong>Governance throughput:</strong> approval latency, change-control cadence, who can stop a decision, and how quickly</p></li><li><p><strong>Control maturity:</strong> whether gates, evidence, recovery, and observability exist in practice or only in slides</p></li></ul><p>If your team can&#8217;t articulate this, you&#8217;re not ready to select vendors. You&#8217;re ready to do internal due diligence.</p><h2><strong>The CEO/CFO &#8220;stop the meeting&#8221; rule</strong></h2><p>If the pitch proceeds without:</p><ul><li><p>a baseline (what is true today),</p></li><li><p>a clear scope boundary (what is being changed), and</p></li><li><p>a feasible path to move a P/L driver under constraints,</p></li></ul><p>then the meeting is not an innovation meeting. It is a marketing meeting.</p><p>If your CTO/CIO/COO cannot challenge the pitch with coupling, control, security, and compliance realities, end the meeting.</p><div><hr></div><h1><strong>Why a proper RFI/RFP is non-negotiable</strong></h1><p><em>(and why an RFP is not just technical requirements)</em></p><p>A pitch without a proper RFI/RFP is a recipe for renegotiation and scope drift. But here&#8217;s the key point:</p><p><strong>An RFP is not just technical requirements.</strong></p><p>A credible RFI/RFP for AI/agentic AI must include the constraints that determine feasibility:</p><ul><li><p><strong>Business outcomes:</strong> baseline FOMs, target deltas, time horizon</p></li><li><p><strong>Operating model constraints:</strong> decision rights, approvals, SoD requirements, change-control process and throughput</p></li><li><p><strong>Compliance requirements:</strong> evidence standards, retention, audit expectations, model risk management, regulatory reporting requirements</p></li><li><p><strong>Security requirements:</strong> trust boundaries, identity/permissions, abuse cases, incident response, &#8220;must never automate&#8221; constraints</p></li><li><p><strong>Coupling realism:</strong> known dependencies, systems-of-record, reconciliation points, data authority boundaries</p></li><li><p><strong>Domains of change:</strong> which areas are in play and which are explicitly out of scope</p></li><li><p><strong>Risk and assurance requirements:</strong> recovery expectations (rollback/compensation), observability thresholds, safety constraints</p></li><li><p><strong>Delivery constraints:</strong> environment readiness, release governance, parallel run expectations, acceptance evidence</p></li><li><p><strong>What must not happen:</strong> material weaknesses, audit findings, uncontrolled writes, unsafe automation</p></li></ul><p>Without those, you are not procuring a solution. You are procuring a story.</p><h2><strong>What a good pitch meeting looks like instead</strong></h2><p>A good pitch meeting is not &#8220;show me the demo.&#8221; It&#8217;s:</p><ul><li><p>&#8220;Here is our baseline and constraint envelope (including compliance/security constraints).&#8221;</p></li><li><p>&#8220;Here are the P/L levers we will allow you to touch, and the write boundaries.&#8221;</p></li><li><p>&#8220;Here is how we prove stage progression with evidence packs that satisfy audit and security.&#8221;</p></li><li><p>&#8220;Here is how we avoid a governance freeze, and what we&#8217;ll stop if assumptions break.&#8221;</p></li><li><p>&#8220;Here is what you&#8217;re willing to put at stake to underwrite the business driver claims.&#8221;</p></li></ul><p>If the room cannot operate at that level, the organization isn&#8217;t buying transformation, it&#8217;s buying hope.</p><div><hr></div><h1><strong>RFP and contract strategy: three parts, clear authorities, and &#8220;break glass&#8221; rights</strong></h1><p>If you want AI/agentic AI to scale, your RFI/RFP and contract can&#8217;t be a single blended document full of aspirations. You need at least <strong>three delineated parts</strong>, because they represent different failure modes and different enforcement mechanisms.</p><h2><strong>Part 1 &#8212; Technical (what must work, and what technical advancement must be delivered)</strong></h2><p>This is the engineering truth, but it&#8217;s not just a requirements list. It must specify the <strong>technical advancement</strong> the work will deliver, i.e., what new capability becomes possible, what maturity is earned, and what constraints are reduced.</p><p>It should state:</p><ul><li><p><strong>Technical advancement objective (capability uplift):</strong> what technical capability is being enabled that does not exist today (e.g., bounded execution with enforceable gates; audit-grade replayable evidence; rollback/compensation competence; drift/anomaly sensing; cross-system orchestration with typed contracts). <em>(This is the &#8220;technical TRL-like uplift&#8221; you are buying.)</em></p></li><li><p><strong>Architecture constraints and interfaces:</strong> system boundary, interface contracts, service boundaries, tool allow-lists, identity and permissions model</p></li><li><p><strong>Systems-of-record and data authority:</strong> what records are authoritative, where writes are permitted, reconciliation rules, lineage and provenance</p></li><li><p><strong>Non-functional requirements (contractually testable):</strong> latency, throughput, availability, resilience, recovery objectives, degradation modes</p></li><li><p><strong>Security and compliance controls (engineered mechanisms):</strong> trust boundaries, SoD enforcement, audit evidence standards, retention, access control, abuse-case protections</p></li><li><p><strong>Recovery competence:</strong> rollback/compensation mechanisms, containment patterns, failure handling, DLQ behavior</p></li><li><p><strong>Test and evidence obligations:</strong> load/soak/concurrency testing, peak-hour patterns, failure injection, parallel run expectations, required evidence packs</p></li><li><p><strong>Acceptance criteria for technical advancement:</strong> what must be proven for the advancement to be achieved (performance at production load, evidence completeness, rollback success rates, SoD adherence, observability thresholds)</p></li></ul><p>In short, Part 1 must let you answer: <strong>&#8220;What technical capability did we advance, how do we prove it, and what new feasible actions does it enable safely?&#8221;</strong></p><h2><strong>Part 2 &#8212; Business (what outcome must change, and why trade space matters)</strong></h2><p>This isn&#8217;t &#8220;business justification language.&#8221; This is the <strong>outcome contract</strong>: what must change in a decision-relevant way.</p><p>It should state:</p><ul><li><p>which business driver(s) must move</p></li><li><p>baseline &#8594; target delta &#8594; timeframe</p></li><li><p>how this changes feasibility (trade space)</p></li><li><p>what must not degrade (control viability)</p></li><li><p>what is explicitly out of scope</p></li></ul><p><strong>Cross-link:</strong> The business claim is only valid if the <strong>contracted technical advancement</strong> is achieved under the stated controls, otherwise any apparent improvement is either non-scalable or attributable to permissive policy rather than capability.</p><p>In other words, Part 2 should make the business claim falsifiable: <strong>if the feasible capability set does not expand or scalable ROI does not improve under constraints, the initiative has not delivered what it promised.</strong></p><h2><strong>Part 3 &#8212; Delivery management / execution (how it will be delivered and governed)</strong></h2><p>This is the part many RFPs omit&#8212;and where projects die. It defines how the system will be proven and how change will be controlled:</p><ul><li><p>delivery operating model and governance cadence</p></li><li><p>decision rights, SoD workflow, change-control throughput</p></li><li><p>quality assurance regime (test gates, evidence packs, operational readiness gates)</p></li><li><p>performance and scalability assurance (load/soak/concurrency tests, rollback/containment drills)</p></li><li><p>acceptance evidence requirements (what you must see to approve stage progression)</p></li><li><p>integrated supplier coordination model (how multiple parties work without finger-pointing)</p></li></ul><p>If these three aren&#8217;t separated, you won&#8217;t know what you&#8217;re buying, what you&#8217;re measuring, or how you&#8217;ll enforce.</p><div><hr></div><h2><strong>The authority model: why &#8220;outsourcing everything&#8221; fails</strong></h2><p>When an RFP goes to consulting firms, remember: your solution must work in a real supplier ecosystem. Most enterprises already have existing platforms, integrators, internal security/compliance governance, and incumbent systems-of-record.</p><p>That reality should drive a sane authority model:</p><ol><li><p><strong>Technical authority sits with the contracting supplier, for what they build.</strong></p><p>If you contract a supplier to deliver a subsystem, they must be technically accountable for that subsystem: quality, correctness, performance, and evidence.</p></li><li><p><strong>Integration authority sits with the customer (and is non-negotiable).</strong></p><p>Overall integration cannot be &#8220;someone else&#8217;s problem&#8221; because it crosses your environments, your security/compliance constraints, your data authority boundaries, and your enterprise architecture and operating model.</p></li></ol><p>This is why <strong>architectural authority must remain with the customer.</strong> Suppliers can propose. The enterprise must decide.</p><p>I have seen customers attempt to outsource the whole lot, architecture, integration, and operational authority. It ends in failure because the supplier optimizes for their delivery boundary, not for your system-of-systems constraints.</p><div><hr></div><h2><strong>Contract posture: capability enablement, risk-sharing, and enforceable quality</strong></h2><p>A transformation contract should be capability enablement oriented, not deck-oriented:</p><ul><li><p>what capability is enabled</p></li><li><p>what maturity gates must be passed</p></li><li><p>what evidence must be produced</p></li><li><p>what measurable outcomes must move</p></li><li><p>what must not happen (material weaknesses, audit findings, uncontrolled writes, unsafe automation)</p></li></ul><h3><strong>Risk-sharing (where it makes sense)</strong></h3><p>Risk-sharing should not be vague &#8220;partnership language.&#8221; It should show up as:</p><ul><li><p>milestone payments tied to passing evidence gates</p></li><li><p>fee holdbacks until operational acceptance criteria are met</p></li><li><p>explicit performance warranties for the contracted subsystem</p></li><li><p>mutual kill/de-scope rights if constraints prevent feasibility (pre-agreed)</p></li></ul><h3><strong>Performance assurance is not optional</strong></h3><p>Production scale is where reputations go to die. I&#8217;ve witnessed a well-known global consulting firm deliver a solution that could not perform at production load, <strong>$16M wasted</strong>, followed by <strong>another $20M</strong> to remediate and scale it properly.</p><p>The lesson is simple:</p><p><strong>If performance and scalability are not contractually assured, through explicit tests and acceptance criteria, you are buying hope.</strong></p><p>So specify: load/soak/concurrency and peak patterns, stability under failure modes, rollback/containment drills, and operational readiness evidence.</p><div><hr></div><h2><strong>The ace in the deck: directive authority (&#8220;break glass&#8221; rights) &#8212; clarified</strong></h2><p>Directive authority is not &#8220;governance oversight.&#8221; It is an explicit contractual right that protects the enterprise when delivery threatens to create havoc.</p><p><strong>Definition:</strong> Directive authority is the customer&#8217;s right to direct the supplier to perform specific actions (or cease specific actions) to ensure delivery does not create operational, security, compliance, or architectural disruption in the customer&#8217;s business.</p><p><strong>Contractual backbone:</strong></p><ul><li><p>The supplier is obligated to follow the directive within the contract&#8217;s governance mechanism (no delay-by-debate).</p></li><li><p>Compliance with a directive does not relieve the supplier of contractual obligations or technical responsibilities.</p></li><li><p>The directive is a control mechanism to prevent harm; it is not a liability escape hatch for the supplier.</p></li></ul><p>Practically, directive authority covers actions like: block/roll back releases that violate gates; prioritize remediation of coupling hotspots; require specific test evidence; enforce architectural constraints; impose stop-work or de-scope orders when assumptions break.</p><p>This is not micromanagement. In high-coupling transformations, directive authority preserves business continuity, governance integrity, and investment protection when reality diverges from the plan.</p><div><hr></div><h1><strong>This is not anti-consulting. It is pro-proof.</strong></h1><p>Engaging any firm will improve their economics. Your job is to ensure it improves yours.</p><p>Be explicit about what you are buying:</p><ul><li><p><strong>program capacity</strong> (fine, measure throughput),</p></li><li><p><strong>expertise</strong> (require proof artifacts and scars), or</p></li><li><p><strong>trade-space expansion</strong> (require gates and evidence packs).</p></li></ul><p>What you need are strategic partners who bring a superpower that big firms often cannot scale: deep systems realism, delivery credibility, and the discipline to bind autonomy to governance, without hand-waving. Those partners are often found in smaller independents with a proven track record of delivering mission-critical solutions&#8212;often with formal systems training (for example, MIT-style roadmapping and systems engineering discipline), and the scars to match.</p><div><hr></div><h1><strong>Closing</strong></h1><p>Innovation isn&#8217;t authority. It&#8217;s <strong>permission to operate on the P/L levers, under real constraints.</strong></p><p>In practice, &#8220;permission&#8221; means:</p><p>(1) the economic levers are in scope,</p><p>(2) decision rights are explicit,</p><p>(3) bounded write authority exists where needed, and</p><p>(4) governance throughput can keep up, so change can reach production and stay admissible.</p><p>If the levers are out of scope, if governance throughput is weak, if controls are &#8220;later,&#8221; and if blast radius is wide on Day 1, the program will stall or freeze.</p><p>No amount of glossy decks will change that. Only discipline will.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Will Agentic AI Change the Game for Your Organization?]]></title><description><![CDATA[Proving (not assuming) trade-space expansion&#8212;and staging ROI with governance intact]]></description><link>https://thinkinginloops.substack.com/p/will-agentic-ai-change-the-game-for</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/will-agentic-ai-change-the-game-for</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Wed, 01 Apr 2026 12:49:21 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!AO1l!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2><strong>Foreword: why I&#8217;m writing this</strong></h2><p>Executive teams are being pulled into agentic AI conversations that start in the wrong place: tools, demos, runtimes, and vendor roadmaps. The signal-to-noise ratio is brutal.</p><p>I&#8217;m writing this to give you building blocks for a decision-grade approach, so you can see clearly, reduce hand-waving, and make deliberate choices about what to do next.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This note will:</p><ul><li><p><strong>Reduce &#8220;agent talk&#8221; to decision-grade artifacts:</strong> measurable outcomes, explicit coupling, maturity gates, evidence packs, and staged increments.</p></li><li><p><strong>Provide a roadmap template</strong> to stage ROI while keeping governance intact, so scaling doesn&#8217;t trigger the control failures that freeze programs, and so you can have the right conversations with your CEO/CFO about investment, sequencing, and risk-adjusted returns.</p></li><li><p><strong>Provide a disciplined way to approach investment in agentic AI</strong> <em>(not financial advice):</em> how to structure increments and portfolios so returns are measurable, sequencing is realistic, and enabling work (controls, evidence, coupling resolution) is not treated as optional overhead.</p></li></ul><blockquote><p><strong>Credibility note (domain-neutral):</strong> This note is informed by prior mission-critical delivery experience building identity/trust decisioning systems that combined advanced ML/DL components with high levels of runtime autonomy, implemented with enforceable gates, replayable evidence, rollback/containment, and human change control. I&#8217;m presenting the pattern here in a domain-neutral way so the logic remains portable.</p></blockquote><div><hr></div><h2><strong>The executive problem (three failure modes)</strong></h2><p>Enterprises get trapped in three predictable failure modes:</p><ol><li><p><strong>Tool theater (possible &#8800; scalable):</strong> everyone agrees agents are possible, but nobody can show what is scalable under real constraints, so the program becomes a stack debate.</p></li><li><p><strong>Governance freeze:</strong> autonomy expands implicitly through coupling and workarounds until a control deficiency or incident forces a freeze, often right when ROI should have started compounding.</p></li><li><p><strong>Analysis paralysis (the laggard trap):</strong> leaders understand their legacy and technical debt, and they know doing nothing is a slow death, yet they can&#8217;t determine where to start without betting the enterprise.</p></li></ol><p>This note is designed to break all three: replace tool talk with decision artifacts, and replace paralysis with staged proof.</p><div><hr></div><h2><strong>Conway&#8217;s Law (why &#8220;scalable&#8221; is usually not a tooling problem)</strong></h2><p><strong>Conway&#8217;s Law (Melvin Conway, 1967)</strong> posits that organizations design systems that mirror their communication structure. In practice, fragmentation in communication and decision-making shows up as fragmentation in architecture: interfaces, couplings, handoffs, and integration friction.</p><p><strong>Hard-edged implication:</strong> if the organization can&#8217;t scale coordination, neither can the system.</p><div><hr></div><h2><strong>Method posture</strong></h2><p>I&#8217;ll use a disciplined technology roadmapping method (<strong>ATRA</strong>, MIT / Prof. Olivier de Weck) to force explicit outcomes, explicit constraints, and staged proof. After this point, I won&#8217;t keep repeating the framework name; I&#8217;ll just run the questions and artifacts so the discussion stays deterministic.</p><p>Two software/AI variables are made explicit throughout because they determine whether autonomy can scale:</p><ul><li><p><strong>Agentic Maturity Model (AMM):</strong> control-plane maturity (evidence, gating enforceability, rollback/containment, observability).</p></li><li><p><strong>POLDAT (Process/Organization/Location/Data/Applications/Technology):</strong> domains of change (change surface / blast radius).</p></li></ul><blockquote><p><strong>Further reading:</strong> If you want the deeper breakdown of AMM and POLDAT and how they interact, see my earlier Substack post on <strong>AMM &#215; POLDAT: Autonomy &#215; Controls &#215; Change Surface.</strong> </p><div class="embedded-post-wrap" data-attrs="{&quot;id&quot;:188898686,&quot;url&quot;:&quot;https://thinkinginloops.substack.com/p/agentic-maturity-isnt-model-iq&quot;,&quot;publication_id&quot;:7076113,&quot;publication_name&quot;:&quot;Philippe's Substack&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!-R30!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png&quot;,&quot;title&quot;:&quot;Agentic maturity isn&#8217;t model IQ. &quot;,&quot;truncated_body_text&quot;:&quot;Most CEOs don&#8217;t wake up thinking about &#8220;agent autonomy,&#8221; &#8220;control planes,&#8221; or &#8220;blast radius.&#8221;&quot;,&quot;date&quot;:&quot;2026-02-23T14:26:40.935Z&quot;,&quot;like_count&quot;:1,&quot;comment_count&quot;:0,&quot;bylines&quot;:[{&quot;id&quot;:109774320,&quot;name&quot;:&quot;Philippe Xanthopoulos&quot;,&quot;handle&quot;:&quot;philippe255954&quot;,&quot;previous_name&quot;:&quot;Philippe&quot;,&quot;photo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b4858b56-2e98-4147-9dd8-9d39d3f97487_506x506.jpeg&quot;,&quot;bio&quot;:&quot;MIT-trained technology executive and former CTO writing about AI-native architecture, systems thinking, and digital trust. I explore how leaders can move from AI &#8220;projects&#8221; to resilient, intelligent systems that actually ship and scale.&quot;,&quot;profile_set_up_at&quot;:&quot;2024-12-12T10:29:18.393Z&quot;,&quot;reader_installed_at&quot;:&quot;2025-11-28T06:19:04.986Z&quot;,&quot;publicationUsers&quot;:[{&quot;id&quot;:7221179,&quot;user_id&quot;:109774320,&quot;publication_id&quot;:7076113,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:false,&quot;publication&quot;:{&quot;id&quot;:7076113,&quot;name&quot;:&quot;Philippe's Substack&quot;,&quot;subdomain&quot;:&quot;thinkinginloops&quot;,&quot;custom_domain&quot;:null,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;My personal Substack&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/a6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png&quot;,&quot;author_id&quot;:109774320,&quot;primary_user_id&quot;:109774320,&quot;theme_var_background_pop&quot;:&quot;#FF6719&quot;,&quot;created_at&quot;:&quot;2025-11-26T08:10:06.820Z&quot;,&quot;email_from_name&quot;:null,&quot;copyright&quot;:&quot;Philippe&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;disabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:null}}],&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null,&quot;status&quot;:{&quot;bestsellerTier&quot;:null,&quot;subscriberTier&quot;:null,&quot;leaderboard&quot;:null,&quot;vip&quot;:false,&quot;badge&quot;:null,&quot;paidPublicationIds&quot;:[],&quot;subscriber&quot;:null}}],&quot;utm_campaign&quot;:null,&quot;belowTheFold&quot;:true,&quot;type&quot;:&quot;newsletter&quot;,&quot;language&quot;:&quot;en&quot;,&quot;source&quot;:null}" data-component-name="EmbeddedPostToDOM"><a class="embedded-post" native="true" href="https://thinkinginloops.substack.com/p/agentic-maturity-isnt-model-iq?utm_source=substack&amp;utm_campaign=post_embed&amp;utm_medium=web"><div class="embedded-post-header"><img class="embedded-post-publication-logo" src="https://substackcdn.com/image/fetch/$s_!-R30!,w_56,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" loading="lazy"><span class="embedded-post-publication-name">Philippe's Substack</span></div><div class="embedded-post-title-wrapper"><div class="embedded-post-title">Agentic maturity isn&#8217;t model IQ. </div></div><div class="embedded-post-body">Most CEOs don&#8217;t wake up thinking about &#8220;agent autonomy,&#8221; &#8220;control planes,&#8221; or &#8220;blast radius&#8230;</div><div class="embedded-post-cta-wrapper"><span class="embedded-post-cta">Read more</span></div><div class="embedded-post-meta">4 months ago &#183; 1 like &#183; Philippe Xanthopoulos</div></a></div></blockquote><div><hr></div><h2><strong>Research Question</strong></h2><p><strong>RQ:</strong> Does agentic AI, when introduced into an enterprise system-of-systems where decisional freedom to act is emergent and bounded by the architecture-as-built and governance pathways, change the feasible trade space of capability options in a decision-relevant way, and can this change be demonstrated and staged through technology roadmapping using explicit maturity gates?</p><h3><strong>CEO/CFO translation (why you should care)</strong></h3><p><strong>Will agents measurably move margin, cost-to-serve, cash conversion, loss events, and throughput, and can we scale that benefit without creating a control deficiency that freezes the program?</strong></p><div><hr></div><h2><strong>Strategic drivers (the only reasons this exists)</strong></h2><p>Agentic AI is only worth discussing if it advances strategic drivers executives can measure and govern:</p><ul><li><p><strong>Margin / cost-to-serve</strong></p></li><li><p><strong>Throughput / time-to-value</strong> (especially under exceptions)</p></li><li><p><strong>Loss containment</strong> (waste, inefficiencies, outages, safety incidents; cascade limitation)</p></li><li><p><strong>Assurance / auditability</strong> (evidence completeness; fewer control deficiencies)</p></li><li><p><strong>Resilience</strong> (MTTD/MTTR; containment competence)</p></li><li><p><strong>Strategic optionality</strong> (new feasible capabilities under constraints)</p></li></ul><p>If an initiative cannot be traced to at least one driver with measurable deltas, it is not a strategy, it is a demo.</p><div><hr></div><h2><strong>Engineering thesis (what we&#8217;re actually solving)</strong></h2><p>If agentic AI changes feasibility under real constraints, the engineering problem is <strong>staged realization</strong>: deliver measurable ROI at each step while increasing the safety margin around admissible decisional freedom, so the feasible capability set expands over time without governance failures that terminate scaling.</p><p>Two constraints keep this honest:</p><ul><li><p><strong>Policy-level admissible decisional freedom</strong> is held constant when comparing agentic vs non-agentic designs at a given maturity stage.</p></li><li><p><strong>Maturity should increase the safety margin around a given DOF</strong>, not necessarily the DOF itself.</p></li></ul><div><hr></div><h2><strong>What counts as proof (what would answer the RQ)</strong></h2><p>We treat &#8220;trade-space expansion&#8221; as an empirical claim. Under constant policy DOF at a stage, it holds only if at least one occurs:</p><ol><li><p><strong>New feasible capabilities:</strong> previously infeasible options become feasible without unacceptable governance burden.</p></li><li><p><strong>Scalable ROI improves without creating a material weakness:</strong> value outcomes improve without degrading control-viability outcomes.</p></li><li><p><strong>Governance no longer collapses DOF as coupling grows:</strong> sensing + evidence + recovery increase the safety margin.</p></li></ol><p>If complexity and governance burden grow faster than control effectiveness, leading to stall, incidents, or DOF constriction, then the trade space has not expanded in a decision-relevant way.</p><div><hr></div><h2><strong>Proof examples (CEO/CFO recognizable)</strong></h2><h3><strong>Example 1 &#8212; CPG: order-to-cash exceptions (deductions, claims, short-ships)</strong></h3><ul><li><p><strong>Claim:</strong> exception-heavy O2C flows become feasible to run at scale with bounded, auditable actions (resolve deductions/claims; request missing evidence; issue credits only when admissible).</p></li><li><p><strong>Proof:</strong> deductions per 1,000 orders &#8595;, cost-to-serve &#8595;, cycle time &#8595;, margin leakage &#8595; (or not &#8593;), evidence completeness &#8805; threshold, rollback/compensation success &#8805; threshold.</p></li></ul><h3><strong>Example 2 &#8212; CPG: margin + market share defense (price&#8211;promo&#8211;mix)</strong></h3><ul><li><p><strong>Claim:</strong> commercial decisions become faster and more accurate without creating settlement leakage or audit weakness.</p></li><li><p><strong>Proof:</strong> gross margin % &#8593;, trade spend leakage &#8595;, promo ROI &#8593;, forecast error &#8595;, revenue/share not &#8595;, evidence completeness &#8805; threshold, audit findings not &#8593;.</p></li></ul><h3><strong>Example 3 &#8212; Pharma: working-capital release (DSO &#8595;) to reduce CCA</strong></h3><ul><li><p><strong>Claim:</strong> DSO reduction and leakage control becomes feasible at scale without weakening financial controls.</p></li><li><p><strong>Proof:</strong> DSO &#8595;, cash conversion cycle &#8595;, write-offs/leakage &#8595;, <strong>cost of capital allowance (CCA) &#8595;</strong>, SoD adherence provable, evidence packs replayable, rollback/compensation success &#8805; threshold.</p></li></ul><div><hr></div><h2><strong>Terms in 60 seconds (only what we&#8217;ll actually use)</strong></h2><ul><li><p><strong>Trade space:</strong> feasible capability options under real constraints.</p></li><li><p><strong>Figure of Merit (FOM):</strong> measurable outcomes used to compare options (cost-to-serve, cycle time, loss-event rate, evidence completeness).</p></li><li><p><strong>Degrees of freedom (DOF):</strong> admissible state changes/action pathways at runtime.</p></li><li><p><strong>Emergence:</strong> downstream system-of-systems outcomes from interactions/feedback (path-dependent; non-local).</p></li><li><p><strong>Maturity gates:</strong> evidence-backed criteria required to expand scope.</p></li><li><p><strong>TEI (Technical Effort Index):</strong> end-to-end effort realism (integration/contracts; data authority; governance controls + evidence plane; observability/SRE; security/compliance; operating model change; testing/failure injection/parallel run).</p></li><li><p><strong>WSO (Weighted Stakeholder Occurrence):</strong> stakeholder-constraint weighting that feeds needs ranking (what dies in steering committee vs what can actually be committed).</p></li></ul><div><hr></div><h2><strong>The four questions that structure the proof</strong></h2><ol><li><p><strong>Where are we today?</strong> (baseline constraints and competitive posture)</p></li><li><p><strong>Where could we go?</strong> (bounded option space under constraints)</p></li><li><p><strong>Where should we go?</strong> (tradeoffs, gates, admissibility)</p></li><li><p><strong>Where are we going?</strong> (portfolio and staged execution with evidence)</p></li></ol><div><hr></div><h1><strong>1) Where are we today?</strong></h1><h2><strong>The baseline constraint envelope (technology</strong></h2><h2><strong>and organization)</strong></h2><p>This is the step most agent programs skip. They jump to use cases and tooling before establishing the one thing that determines whether any of it will scale:</p><p><strong>Your current feasibility envelope is set by coupling + control maturity + organizational throughput.</strong></p><div><hr></div><h2><strong>The grey zone that determines scalability: team topology and cognitive load</strong></h2><p>Agentic programs don&#8217;t fail because the model can&#8217;t reason. They fail because the organization can&#8217;t deliver and govern change at velocity once autonomy touches real workflows.</p><p>This is why team topology matters. If teams are not aligned to value streams, and if cognitive load is not actively managed, the organization responds to rising coupling by slowing approvals, constricting DOF, and pushing work into manual escalation, killing operating leverage.</p><p>This is exactly why the <strong>Team Topologies</strong> model (Skelton &amp; Pais) matters here: it treats stream-aligned teams, platform teams, enabling teams, and cognitive load as first-class design constraints on delivery velocity.</p><p><strong>Scaling constraints (why this is not &#8220;culture talk&#8221;):</strong></p><ul><li><p>Cognitive load sets a hard ceiling on how much change a team can safely own; absent a platform, &#8220;control plane + delivery + coupling resolution&#8221; overloads stream teams and velocity collapses.</p></li><li><p>Brooks-style schedule nonlinearity: adding people to late, coupled work increases coordination overhead and makes it later (you can&#8217;t staff your way out of coupling).</p></li><li><p>Dunbar-style coordination limits: as cross-team coordination grows, governance throughput becomes the bottleneck.</p></li></ul><p><strong>Connection to AMM + POLDAT:</strong> poor topology increases POLDAT &#8220;Organization&#8221; heat and lowers effective AMM in practice because gating/evidence/recovery cannot be operated at velocity.</p><div><hr></div><h2><strong>POLDAT: domains of change (why agents &#8220;spread&#8221; faster than you think)</strong></h2><p>Agents don&#8217;t land in &#8220;AI.&#8221; They land in the operating system of the enterprise. POLDAT is the ripple map:</p><ul><li><p><strong>Process:</strong> workflow logic changes (decisioning, exception handling, handoffs)</p></li><li><p><strong>Organization:</strong> roles, approvals, SoD, accountability shift</p></li><li><p><strong>Location:</strong> jurisdictions, sites, regions, regulators are crossed</p></li><li><p><strong>Data:</strong> authoritative records/labels are created or transformed</p></li><li><p><strong>Applications:</strong> transactions hit systems-of-record; permissions are required</p></li><li><p><strong>Technology:</strong> runtime controls/identity/monitoring/infrastructure/pipelines change</p></li></ul><p><strong>Executive rule:</strong></p><p><strong>Risk and cost rise nonlinearly with the number of POLDAT domains you heat up, especially when Applications or Technology are involved.</strong></p><div><hr></div><h2><strong>Value stream + velocity: the &#8220;donkey pulling a Ferrari&#8221; failure mode</strong></h2><p>Agentic AI can add enormous capability. But capability without execution throughput is wasted.</p><p>If the organization isn&#8217;t structured to deliver end-to-end change quickly, aligned to value streams, with manageable cognitive load, scaling looks like:</p><blockquote><p><strong>A Ferrari engine strapped to a donkey.</strong></p><p>The capability is there, but the system can&#8217;t transmit it into motion.</p></blockquote><div><hr></div><h2><strong>Baseline assessment (what you must measure before talking vendors)</strong></h2><ul><li><p>Baseline outcomes (FOMs): cost-to-serve, cycle time, exception rate; loss pathways; audit/evidence baseline</p></li><li><p>AMM baseline: enforceable gating? replayable evidence? rollback/containment proven? observability thresholds met?</p></li><li><p>POLDAT heatmap: for candidate use cases, which domains light up, and how hot?</p></li><li><p>Org throughput: team topology aligned to value streams? cognitive load managed via platform/enabling capacity?</p></li><li><p>Change approach: is Reverse Conway feasible (where must boundaries/interfaces change)?</p></li></ul><div><hr></div><h2><strong>Agentic mechanism (domain-neutral) &#8212; what &#8220;agents&#8221; mean here</strong></h2><p>Not chat. Not copilots. Agentic AI here means software that can:</p><ol><li><p>interpret signals into context,</p></li><li><p>form intent under explicit policies and decision rights,</p></li><li><p>select from an admissible action set,</p></li><li><p>pass an enforceable gate (approvals/SoD/allow-lists),</p></li><li><p>execute bounded actions in enterprise systems, and</p></li><li><p>produce replayable evidence at decision time.</p></li></ol><p>Operationally, scalable agentic systems require a layered control loop:</p><p><strong>pre-action risk check &#8594; gated execution &#8594; exception routing (DLQ) &#8594; remediation proposal &#8594; human change control</strong></p><p>This is what prevents silent workarounds and turns blocked actions into structured learning rather than program friction.</p><div><hr></div><h1><strong>Bridging model: OPD-0 (why &#8220;autonomy&#8221; is not a promise)</strong></h1><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!AO1l!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!AO1l!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 424w, https://substackcdn.com/image/fetch/$s_!AO1l!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 848w, https://substackcdn.com/image/fetch/$s_!AO1l!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 1272w, https://substackcdn.com/image/fetch/$s_!AO1l!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!AO1l!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png" width="1056" height="535" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:535,&quot;width&quot;:1056,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:90483,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://thinkinginloops.substack.com/i/192598405?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!AO1l!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 424w, https://substackcdn.com/image/fetch/$s_!AO1l!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 848w, https://substackcdn.com/image/fetch/$s_!AO1l!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 1272w, https://substackcdn.com/image/fetch/$s_!AO1l!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F11ecdd1f-ea88-4f90-bcde-ca14b9d7b6ae_1056x535.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p><strong>Figure 1 &#8212; OPD-0 (Level-0 control-system contract for scalable autonomy).</strong></p><p>This is not a vendor architecture. It defines the minimum closed-loop control system required before software can safely change enterprise state: constrained decisioning, enforceable gating, replayable evidence, and recoverable execution (rollback/containment). Use it to locate where autonomy touches reality and where governance must operate at decision time.</p><p><strong>The autonomy contract (what must be true):</strong></p><ol><li><p>decisions are constrained by explicit goals/policies/thresholds/decision rights</p></li><li><p>actions are gated at the boundary between recommendation and execution (approvals/SoD/allow-lists)</p></li><li><p>state changes are recoverable (rollback/compensation; containment under failure/adversary)</p></li><li><p>every decision is auditable (replayable evidence at decision time)</p></li></ol><p><strong>DLQ/salvage loop (how scaling doesn&#8217;t freeze):</strong> blocked/unsafe actions route to DLQ with reason codes; triage reviews; remediation is proposed; human change control approves updates to constraints. This converts friction into structured learning rather than unsafe bypasses.</p><div><hr></div><h1><strong>2) Where could we go?</strong></h1><h2><strong>Explore futures &#8212; but package them so selection is real</strong></h2><p>This section generates a bounded set of future scenarios. The goal is not to be creative; the goal is to be <strong>selectable</strong>: each scenario must be described in a way that enables comparison of feasibility, risk-adjusted value, and scalability under constraints.</p><h3><strong>Step 1 &#8212; Define what &#8220;winning&#8221; means (so we don&#8217;t explore nonsense)</strong></h3><p>Before we explore scenarios, define what &#8220;better&#8221; looks like in the business:</p><ul><li><p><strong>CPG O2C:</strong> fewer deductions/claims per 1,000 orders, faster cycle time, less leakage from bad credits</p></li><li><p><strong>CPG margin/share:</strong> higher promo ROI and lower trade spend leakage without settlement chaos</p></li><li><p><strong>Pharma DSO/CCA:</strong> shorter DSO tail &#8594; less borrowing &#8594; lower CCA, without audit findings</p></li></ul><p>And one universal constraint:</p><blockquote><p>If the system can&#8217;t <strong>prove what it did, why it did it, and how it can be reversed</strong>, it won&#8217;t scale.</p></blockquote><p>That&#8217;s &#8220;winning&#8221; for agentic AI: measurable business movement + admissible control.</p><h3><strong>Step 2 &#8212; Use a CFO-grade model (value, loss, and the true cost of scaling)</strong></h3><p>Every scenario needs an explicit hypothesis that a CFO can interrogate:</p><ol><li><p><strong>Value:</strong> what improves margin, cost-to-serve, throughput, cash conversion</p></li><li><p><strong>Loss pathways:</strong> what could get worse, leakage, write-offs, audit findings, cascades</p></li><li><p><strong>Governance cost:</strong> what it takes to stay admissible, SoD, approvals, evidence, monitoring, rollback/compensation</p></li><li><p><strong>True effort to scale:</strong> integration + coupling resolution + control plane + operating model change (not just &#8220;build&#8221;)</p></li></ol><p>If you want the compact model behind that logic:</p><p><strong>ROI_RA &#8776; (&#916;Value &#8722; &#916;ExpectedLoss &#8722; &#916;GovernanceCost) / TEI_eff</strong></p><p><strong>TEI_eff = TEI_base &#215; M(AMM_gap, POLDAT_heat, Infusion_depth, Org_scaling_risk)</strong></p><p><strong>Pharma (CCA) in plain English:</strong> reducing DSO releases cash. If you need to borrow less to meet obligations (payroll, vendors), your financing cost drops. That drop is the CCA benefit.</p><h3><strong>Step 3 &#8212; Generate scenarios systematically (not brainstorming)</strong></h3><p>We don&#8217;t want a workshop list of &#8220;use cases.&#8221; We want a bounded set of <strong>design options</strong> we can compare and stage. So we generate scenarios by varying a small set of <strong>design knobs</strong> <em>(a morphological matrix, if you want the formal term)</em>:</p><ul><li><p><strong>Decision locus:</strong> human-in-loop vs human-on-loop vs machine</p></li><li><p><strong>Action authority:</strong> recommend vs bounded execute vs coordinate</p></li><li><p><strong>Controls:</strong> approvals / segregation-of-duties / allow-lists / thresholds</p></li><li><p><strong>Evidence:</strong> log-only vs replayable vs audit-grade</p></li><li><p><strong>Risk sensing:</strong> none vs pre-action risk checks vs drift/anomaly triggers</p></li><li><p><strong>Recovery:</strong> manual fallback vs compensating actions/rollback vs salvage workflow</p></li><li><p><strong>Integration depth:</strong> single domain vs cross-system coupling</p></li><li><p><strong>Change surface:</strong> how many POLDAT domains are heated</p></li><li><p><strong>Infusion depth:</strong> how deep into systems-of-record and operating model the change goes</p></li></ul><p><strong>Why this matters:</strong> it prevents &#8220;tool theater.&#8221; You can&#8217;t compare scenarios unless you define what changes and what is controlled.</p><h3><strong>Step 4 &#8212; Make dependencies explicit (so sequencing is real)</strong></h3><p>Every scenario must surface the dependencies that will determine whether it scales or stalls. If you don&#8217;t do this, you discover &#8220;the hard couplings&#8221; in production, expensively.</p><p>We capture dependencies in two views <em>(DSM is the formal term, but you don&#8217;t need to remember that)</em>:</p><ul><li><p><strong>Technical hotspots (what must change together):</strong> systems-of-record, data authority edges, reconciliation points, integration contracts, and failure propagation paths.</p></li><li><p><strong>Stakeholder hotspots (who can stop you):</strong> approvals, segregation-of-duties, decision rights, and change-control throughput bottlenecks.</p></li></ul><p><strong>Why this matters:</strong> these hotspots are where TEI_eff multiplies and where programs freeze. Making them explicit is how you stage work and avoid late surprises.</p><h3><strong>Step 5 &#8212; Stress-test the scenario (what breaks first)</strong></h3><p>Before committing capital, identify what variables dominate feasibility and ROI. We&#8217;re not trying to predict perfectly, we&#8217;re trying to learn what can kill the scenario.</p><p>Each scenario declares its top &#8220;break factors,&#8221; for example:</p><ul><li><p><strong>exception rate and diversity</strong> (how fast edge cases swamp the design)</p></li><li><p><strong>approval latency / governance throughput</strong> (whether gates become the bottleneck)</p></li><li><p><strong>coupling intensity</strong> (how quickly propagation risk grows)</p></li><li><p><strong>evidence completeness</strong> (whether auditability collapses at scale)</p></li><li><p><strong>rollback/compensation success</strong> (whether bounded execution is truly recoverable)</p></li><li><p><strong>adversarial intensity</strong> (fraud, manipulation, and gaming pressure)</p></li></ul><p><strong>Why this matters:</strong> sensitivity drivers tell you what enabling investments are non-negotiable, and what scope must remain bounded at each stage.</p><blockquote><p>We&#8217;re doing dependency mapping (DSM thinking) and sensitivity scanning because they&#8217;re the two fastest ways to expose where scale will break, technically or organizationally, before it breaks in production.</p></blockquote><div><hr></div><h3><strong>Scenario Card A &#8212; CPG: Order-to-Cash exception suppression (deductions, claims, short-ships)</strong></h3><ul><li><p><strong>Need served:</strong> protect margin and reduce cost-to-serve by shrinking exception volume/cycle time, without increasing leakage or weakening auditability.</p></li><li><p><strong>FOM trajectory hypothesis:</strong> deductions per 1,000 orders &#8595;, cost-to-serve &#8595;, cycle time &#8595;, margin leakage &#8595; (or not &#8593;), evidence completeness &#8805; threshold, compensation success &#8805; threshold.</p></li><li><p><strong>POLDAT heat footprint:</strong> Process high; Data high; Applications high; Org medium; Tech medium.</p></li><li><p><strong>Minimum AMM gate:</strong> enforceable gating + replayable evidence + compensation/rollback + observability thresholds; DLQ for blocked/unsafe actions.</p></li><li><p><strong>Coupling hotspots:</strong> ERP credits, deductions/claims system, POD, customer terms, reconciliation.</p></li><li><p><strong>Top sensitivities:</strong> exception diversity, approval latency, reconciliation breakage, evidence completeness.</p></li><li><p><strong>Why agentic is the game changer:</strong> it can pre-check risk, pick a next-best admissible action (request evidence vs issue credit), route ambiguity to DLQ, and produce replayable evidence at decision time, reducing cost-to-serve without creating leakage.</p></li></ul><h3><strong>Scenario Card B &#8212; CPG: Margin + market share defense via governed price&#8211;promo&#8211;mix execution</strong></h3><ul><li><p><strong>Need served:</strong> arrest margin compression while protecting revenue/share by improving speed/quality of commercial decisions, without settlement leakage or audit weakness.</p></li><li><p><strong>FOM trajectory hypothesis:</strong> gross margin % &#8593;, net revenue &#8593;, trade spend leakage &#8595;, promo ROI &#8593;, forecast error &#8595;, OTIF not &#8595;, evidence completeness &#8805; threshold, audit findings not &#8593;.</p></li><li><p><strong>POLDAT heat footprint:</strong> Process high; Org high; Data high; Apps medium-high; Location medium; Tech medium.</p></li><li><p><strong>Minimum AMM gate:</strong> enforceable gating for commercial actions + replayable evidence for &#8220;why this change&#8221; + rollback windows + drift monitoring for assumptions.</p></li><li><p><strong>Coupling hotspots:</strong> pricing master, promo engine, demand planning, supply constraints, settlement/rebates.</p></li><li><p><strong>Top sensitivities:</strong> elasticity error, approval latency, supply volatility, promo compliance, evidence completeness.</p></li><li><p><strong>Why agentic is the game changer:</strong> it coordinates across competing constraints (margin vs service vs promo commitments), proposes bounded actions with evidence, and continuously reconciles signals, rather than leaving humans to stitch across silos under time pressure.</p></li></ul><h3><strong>Scenario Card C &#8212; Pharma: Working-capital release (DSO &#8595;) to reduce CCA and improve cashflow resilience</strong></h3><ul><li><p><strong>Need served:</strong> improve cashflow by reducing DSO and leakage, thereby lowering CCA (financing cost from borrowing to meet obligations).</p></li><li><p><strong>FOM trajectory hypothesis:</strong> DSO &#8595;, cash conversion cycle &#8595;, AR aging tail &#8595;, write-offs/leakage &#8595;, cost-to-serve &#8595;, CCA &#8595;, evidence completeness &#8805; threshold, audit findings not &#8593;.</p></li><li><p><strong>POLDAT heat footprint:</strong> Process high; Org high; Data high; Apps high; Location medium-high; Tech medium.</p></li><li><p><strong>Minimum AMM gate:</strong> enforceable gating for credits/adjustments + SoD proof + replayable evidence + compensation/rollback + observability thresholds + DLQ + human change control.</p></li><li><p><strong>Coupling hotspots:</strong> contract eligibility, chargeback/rebate logic, revenue recognition rules, settlement workflows, master data.</p></li><li><p><strong>Top sensitivities:</strong> eligibility data quality, approval latency, reconciliation breakage, exception diversity, evidence completeness.</p></li><li><p><strong>Why agentic is the game changer:</strong> it reduces DSO without weakening controls by assembling evidence, performing pre-action checks, selecting safe actions, and routing exceptions to DLQ, so throughput rises while auditability remains intact.</p></li></ul><div><hr></div><h2><strong>Output of Q2</strong></h2><p>A bounded set of Scenario Records that are systematically generated, outcome-modeled, coupling-grounded, sensitivity-tagged, and annotated with AMM/POLDAT feasibility markers and TEI_eff realism.</p><div><hr></div><h2><strong>Optional control-plane exemplar (cross-industry): Security/Ops bounded runbooks</strong></h2><p>If you want a clean stress test of &#8220;safe autonomy,&#8221; incident runbooks are ideal: actions are discrete, rollback is well-defined, segregation-of-duties is enforceable, and evidence requirements are clear. This makes it a strong proving ground for the control loop (pre-action risk check &#8594; gated execution &#8594; DLQ &#8594; remediation &#8594; change control) before you apply the same pattern to higher-coupling business domains like O2C, price/promo, or DSO.</p><div><hr></div><h1><strong>3) Where should we go?</strong></h1><h2><strong>CFO-grade selection: from scenarios to an investable portfolio</strong></h2><p>Q2 generated a bounded set of Scenario Records. Q3 turns them into <strong>a decision output you can defend</strong>: what we fund now, what we fund as enablement, and what we stop.</p><h3><strong>Why Q3 exists (CFO/CEO lens)</strong></h3><p>Because the real choice is never &#8220;agents or no agents.&#8221; It is:</p><p><strong>Do we spend $1 (capability) or $1.5&#8211;$3 (capability + controls + coupling resolution) to unlock the same outcome, without triggering a freeze?</strong></p><p>Q3 makes that trade explicit and auditable.</p><div><hr></div><h2><strong>Artifact 1 &#8212; Needs-to-FOM investment lens (WSO &#8594; needs ranking &#8594; FOM priorities)</strong></h2><p><strong>What it is:</strong> a deterministic mapping from ranked needs to a small set of Figures of Merit (FOMs).</p><p><strong>Why it matters:</strong> it prevents the program from optimizing what demos well instead of what moves EBITDA, working capital, and risk exposure.</p><p><strong>Investment insight:</strong> it clarifies which FOMs the CFO will underwrite (margin, cost-to-serve, DSO/CCA, leakage) and which control FOMs are non-negotiable (evidence completeness, SoD adherence, rollback success, containment competence).</p><p>In practical terms:</p><ul><li><p>CPG O2C is primarily a <strong>margin leakage + cost-to-serve</strong> play.</p></li><li><p>CPG margin/share is a <strong>profit engine</strong> play (price&#8211;promo&#8211;mix effectiveness) that is highly sensitive to coordination and assumption drift.</p></li><li><p>Pharma DSO/CCA is a <strong>working capital + financing cost</strong> play (DSO &#8594; borrowing needs &#8594; CCA), which is control-intensive and audit-sensitive.</p></li></ul><div><hr></div><h2><strong>Artifact 2 &#8212; Admissibility gate (what standard roadmaps do not decide)</strong></h2><p>Technology roadmaps are good at option space and trade-offs. They do <strong>not</strong>, by themselves, answer whether a scenario is operationally admissible when autonomy touches enterprise state.</p><p>That is the missing variable set that <strong>AMM + POLDAT</strong> make explicit:</p><ul><li><p><strong>AMM tells you whether control is viable at runtime</strong> (enforceable gates, evidence, rollback/compensation, observability).</p></li><li><p><strong>POLDAT tells you where change propagates</strong> (blast radius across Process/Org/Location/Data/Apps/Tech).</p></li></ul><p>Together they determine whether a scenario is <strong>scalable</strong> or a future governance freeze.</p><p><strong>Admissibility rule (pass/fail):</strong></p><ul><li><p>AMM gate passes at this stage</p></li><li><p>POLDAT footprint is acceptable at this stage</p></li><li><p>Coupling reality is survivable: hotspot dependencies and decision rights will not choke throughput (DSM-Tech + DSM-Stakeholder)</p></li></ul><p><strong>Threaded application (one-liners):</strong></p><ul><li><p><strong>CPG O2C:</strong> admissible early if credits are bounded, SoD-gated, evidence-complete, and compensation paths exist; otherwise it routes to enablement.</p></li><li><p><strong>Pharma DSO/CCA:</strong> high value, but admissible only after SoD + audit-grade evidence plane + reconciliation are proven; otherwise enablement-first.</p></li><li><p><strong>CPG margin/share:</strong> admissible only after rollback windows, drift monitoring, and governance throughput exist; typically later-stage.</p></li></ul><p><strong>Investment insight:</strong> this is where TEI_eff multipliers are diagnosed early, not discovered late.</p><div><hr></div><h2><strong>Artifact 3 &#8212; Efficient set (trade-off front, not a single &#8220;best&#8221;)</strong></h2><p>After admissibility, we compare what remains on a trade-off plane:</p><ul><li><p><strong>Value axis:</strong> margin / cost-to-serve / DSO&#8594;CCA / throughput / loss containment</p></li><li><p><strong>Control axis:</strong> evidence completeness / rollback success / SoD adherence / containment competence</p></li></ul><p>The point is not a single winner. The point is an <strong>efficient set</strong>: options that improve business outcomes without pushing control viability below threshold.</p><p><strong>Investment insight:</strong> options that look attractive but degrade control viability are not &#8220;high ROI.&#8221; They are latent write-offs (audit findings, leakage, program stop).</p><div><hr></div><h2><strong>Artifact 4 &#8212; The shortlist table (the decision record)</strong></h2><p><strong>What it is:</strong> a one-page decision record with three buckets.</p><p><strong>Why it matters:</strong> it converts selection into an auditable capital decision rather than a narrative debate.</p><p><strong>How it makes outcomes deterministic:</strong> every scenario must land in exactly one bucket with an explicit reason tied to gates and economics.</p><div class="captioned-image-container"><figure><a class="image-link image2" target="_blank" href="https://substackcdn.com/image/fetch/$s_!xZQr!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!xZQr!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 424w, https://substackcdn.com/image/fetch/$s_!xZQr!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 848w, https://substackcdn.com/image/fetch/$s_!xZQr!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 1272w, https://substackcdn.com/image/fetch/$s_!xZQr!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!xZQr!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png" width="942" height="210" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:210,&quot;width&quot;:942,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:48861,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://thinkinginloops.substack.com/i/192598405?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!xZQr!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 424w, https://substackcdn.com/image/fetch/$s_!xZQr!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 848w, https://substackcdn.com/image/fetch/$s_!xZQr!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 1272w, https://substackcdn.com/image/fetch/$s_!xZQr!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5e86eacb-4b0c-465b-8e5c-bc4f8c6fb2c8_942x210.png 1456w" sizes="100vw" loading="lazy"></picture><div></div></div></a></figure></div><p><strong>Threaded outcome (illustrative):</strong></p><ul><li><p>CPG O2C is often <strong>Shortlist now</strong> at bounded scope.</p></li><li><p>Pharma DSO/CCA is often <strong>Enablement required</strong> until SoD/evidence/reconciliation prove out.</p></li><li><p>CPG margin/share is often <strong>Enablement / later</strong> due to wide ripple and assumption drift risk.</p></li></ul><h3><strong>Output of Q3</strong></h3><p>A shortlist + enablement backlog + kill list, each with explicit reasons tied to AMM/POLDAT/DSM and TEI_eff economics.</p><div><hr></div><h1><strong>4) Where are we going?</strong></h1><h2><strong>CFO-grade staging: portfolios that advance capability maturity and preserve scale</strong></h2><p>Q4 turns the shortlist into a staged investment program. This is where the roadmap becomes the instrument of proof: staged ROI, staged evidence, staged scope.</p><h3><strong>TRL-like progression (software/agentic translation)</strong></h3><p>We use TRL-like progression in a software-appropriate way:</p><ul><li><p>not &#8220;lab demo &#8594; rocket launch,&#8221;</p></li><li><p>but <strong>assist &#8594; bounded execution &#8594; coordinated autonomy</strong>, each stage earning progression through evidence packs.</p></li></ul><p><strong>Key point:</strong> maturity progression is not automatically &#8220;more autonomy.&#8221;</p><p>Maturity progression is <strong>more capability at the same or safer admissible DOF</strong>, because controls, evidence, and recovery competence expand the safety margin.</p><div><hr></div><h2><strong>Portfolio structure (what the CFO actually funds)</strong></h2><p>You do not fund &#8220;agents.&#8221; You fund a portfolio of <strong>capability + controls + coupling resolution</strong>.</p><h3><strong>Portfolio A &#8212; ROI Now (cash/margin this year)</strong></h3><p><strong>Purpose:</strong> deliver early value without expanding policy DOF.</p><p><strong>Typical scope:</strong> assistive + evidence-first; limited bounded actions with strict allow-lists.</p><p>Examples:</p><ul><li><p><strong>CPG O2C:</strong> evidence assembly and recommended resolutions; bounded credits only where SoD and evidence are already strong.</p></li><li><p><strong>Pharma DSO/CCA:</strong> evidence assembly for disputes; recommended actions; gated approvals to start pulling the DSO tail down.</p></li></ul><p><strong>Why it matters:</strong> prevents analysis paralysis and proves value while you build enablement.</p><div><hr></div><h3><strong>Portfolio B &#8212; Control Plane &amp; Evidence (AMM uplift)</strong></h3><p><strong>Purpose:</strong> raise AMM so autonomy can scale without creating a material weakness.</p><p>Investments (the &#8220;missing variables&#8221; most decks skip):</p><ul><li><p>enforceable policy gates (allow-lists/thresholds/SoD)</p></li><li><p>replayable evidence packets (decision trace schema + storage)</p></li><li><p>rollback/compensation mechanisms + failure injection tests</p></li><li><p>observability thresholds (DLQ rates, containment times, drift/anomaly flags)</p></li><li><p>DLQ triage + remediation workflow + human change control lane</p></li></ul><p><strong>What standard roadmaps don&#8217;t tell you:</strong> without these, the feasible set collapses as coupling grows (governance constricts DOF &#8594; ROI ceiling).</p><div><hr></div><h3><strong>Portfolio C &#8212; Coupling Resolution (POLDAT + DSM hotspots)</strong></h3><p><strong>Purpose:</strong> reduce blast radius and sequencing risk by resolving the hard couplings.</p><p>Investments:</p><ul><li><p>contract hardening / interface stabilization</p></li><li><p>data authority clarity and reconciliation controls</p></li><li><p>dependency decoupling (where feasible)</p></li><li><p>stakeholder governance throughput fixes (decision rights / approval latency / SoD workflow)</p></li></ul><p><strong>Why it matters:</strong> this is where TEI_eff multipliers hide. If you ignore it, the roadmap is fantasy.</p><div><hr></div><h3><strong>Portfolio D &#8212; Capability Expansion (only after evidence is earned)</strong></h3><p><strong>Purpose:</strong> expand scope safely into higher-coupling domains.</p><p>Examples:</p><ul><li><p><strong>CPG margin/share</strong> (price&#8211;promo&#8211;mix) only after rollback windows + drift monitoring + governance throughput exist</p></li><li><p><strong>Pharma DSO/CCA at scale</strong> only after SoD + audit-grade evidence + reconciliation are proven</p></li></ul><p><strong>Why it matters:</strong> this is where programs freeze if you jump too early.</p><div><hr></div><h2><strong>The stage table + evidence packs (how maturity is earned)</strong></h2><p>Insert your stage table here (already referenced earlier in the note).</p><p><strong>One evidence pack example (Stage 2 bounded execution):</strong></p><ul><li><p>gate enforcement tests (allow-lists/thresholds/SoD)</p></li><li><p>rollback/compensation tests (failure injection)</p></li><li><p>replay packet (inputs/context/gate decision/execution/trace ID)</p></li><li><p>observability proof (DLQ rates/reasons; containment times)</p></li><li><p>audit mapping (what/why/who/changed/how reversed)</p></li></ul><p><strong>CFO investment insight:</strong> evidence packs convert &#8220;risk&#8221; into quantifiable assurance and prevent late surprises that destroy ROI.</p><div><hr></div><h2><strong>The one-page proof per increment (how decisions stay deterministic)</strong></h2><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!6VFj!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!6VFj!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 424w, https://substackcdn.com/image/fetch/$s_!6VFj!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 848w, https://substackcdn.com/image/fetch/$s_!6VFj!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 1272w, https://substackcdn.com/image/fetch/$s_!6VFj!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!6VFj!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png" width="1456" height="666" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/e12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:666,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:571847,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://thinkinginloops.substack.com/i/192598405?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!6VFj!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 424w, https://substackcdn.com/image/fetch/$s_!6VFj!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 848w, https://substackcdn.com/image/fetch/$s_!6VFj!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 1272w, https://substackcdn.com/image/fetch/$s_!6VFj!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe12d853e-a4e7-481b-bf86-fa9c846d2578_3795x1737.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Each committed increment must carry:</p><ul><li><p>ranked need served (WSO)</p></li><li><p>FOM deltas + ROI hypothesis (including DSO&#8594;CCA logic for pharma)</p></li><li><p>AMM/POLDAT footprint (blast radius)</p></li><li><p>coupling hotspots (DSM)</p></li><li><p>gate + evidence pack required</p></li><li><p>TEI_eff realism and multiplier risks</p></li><li><p>explicit kill criteria</p></li></ul><p>This is how investment decisions remain consistent across quarters, leadership changes, and vendor noise.</p><div><hr></div><h2><strong>CFO note: portfolios are not static&#8212;kill what stops being true</strong></h2><p>A portfolio is not a promise. It is a set of hypotheses.</p><p>You must continuously test whether each initiative&#8217;s stated intention still holds:</p><ul><li><p>Do the FOM deltas still exist under current constraints?</p></li><li><p>Did TEI_eff change because coupling got worse, governance throughput dropped, or assumptions drifted?</p></li><li><p>Are we still admissible at the current stage, or are we accumulating control debt?</p></li></ul><p>If the hypothesis no longer holds: <strong>kill it</strong>, or reduce scope until it becomes admissible again. This is how you protect capital and avoid zombie initiatives that consume budget while shrinking the feasible set.</p><div><hr></div><h1><strong>Zoom-out: what matters vs. what doesn&#8217;t (and why this note exists)</strong></h1><p>At this point, you have enough structure to separate signal from noise. Agentic AI does not fail because people lack ambition. It fails because they confuse:</p><ul><li><p>what&#8217;s possible with what&#8217;s scalable, and</p></li><li><p>what&#8217;s impressive with what&#8217;s admissible.</p></li></ul><h2><strong>The few things that matter (the signal)</strong></h2><ol><li><p><strong>Outcomes that move the business:</strong> margin, cost-to-serve, cash conversion (DSO&#8594;CCA), throughput under exceptions, loss events, assurance.</p></li><li><p><strong>Admissibility under real controls:</strong> gates, evidence, recovery, observability&#8212;autonomy as permitted state change.</p></li><li><p><strong>Blast radius:</strong> how widely change propagates across POLDAT.</p></li><li><p><strong>Coupling realism:</strong> technical and stakeholder dependencies that constrain sequencing and throughput.</p></li><li><p><strong>Organizational throughput:</strong> value stream alignment and cognitive load as scaling constraints.</p></li><li><p><strong>Staged realization:</strong> ROI now, scope later, only when evidence is earned.</p></li></ol><h2><strong>The many things that don&#8217;t matter (the noise)</strong></h2><ul><li><p>framework wars and tooling debates before feasibility is established</p></li><li><p>benchmark theater without operational control viability</p></li><li><p>architecture drawings that omit gates/evidence/rollback/coupling hotspots</p></li><li><p>AI strategy decks that don&#8217;t bind claims to FOMs, TEI realism, and maturity gates</p></li><li><p>vendor selection before internal due diligence (AMM + POLDAT + DSM realism)</p></li></ul><h2><strong>A word of caution on glossy decks and 7&#8211;8 figure consulting</strong></h2><p>This work is hard. Agentic transformation is a system-of-systems change problem.</p><p>Glossy PowerPoint and large consulting spend can create a dangerous illusion: activity without feasibility. This isn&#8217;t a moral argument about firm size; it&#8217;s a feasibility argument about what actually shifts constraints.</p><p><strong>Engaging any firm will improve their economics. Your job is to ensure it improves yours.</strong></p><p>Be explicit about what you&#8217;re buying:</p><ul><li><p>If you are buying <strong>program capacity</strong>, measure throughput and governance throughput.</p></li><li><p>If you are buying <strong>expertise</strong>, demand prior proof artifacts and scars, not claims.</p></li><li><p>If you are buying <strong>trade-space expansion</strong>, require proof machinery: FOMs + coupling realism + AMM/POLDAT gates + evidence packs + staged roadmap decisions.</p></li></ul><p>What you need are strategic partners who bring a superpower that big firms often cannot scale: deep systems realism, delivery credibility, and the discipline to bind autonomy to governance, without hand-waving. <strong>Those partners are often found in smaller independents with a proven track record of delivering mission-critical solutions, often with formal systems training (for example, MIT-style roadmapping and systems engineering discipline), and the scars to match.</strong></p><h2><strong>Who should lead this (and who should not)</strong></h2><p>Agentic roadmapping and staged autonomy are not run as &#8220;dev/test/deploy at scale.&#8221; That&#8217;s necessary, but not sufficient.</p><p>This work requires a CTO who can manage innovation under constraints:</p><ul><li><p>define and defend Figures of Merit,</p></li><li><p>model coupling and governance throughput,</p></li><li><p>run staged roadmaps with evidence-backed gates, and</p></li><li><p>make kill decisions when assumptions break.</p></li></ul><p>In other words: trust a CTO who knows how to manage innovation and technology roadmapping, not just a delivery guru optimizing pipelines.</p><h2><strong>Closing</strong></h2><p>Agentic AI changes the game only if it expands what is feasible under real constraints, moving margin, cash, throughput, and loss outcomes without creating a governance incident that freezes scale.</p><p>The roadmap is the instrument of proof: it forces measurable outcomes, explicit coupling, and staged evidence that turns possible into scalable.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Agentic maturity isn’t model IQ. ]]></title><description><![CDATA[It&#8217;s whether agents can move your bottom line&#8212;at scale&#8212;without creating a control failure.]]></description><link>https://thinkinginloops.substack.com/p/agentic-maturity-isnt-model-iq</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/agentic-maturity-isnt-model-iq</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Mon, 23 Feb 2026 14:26:40 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Most CEOs don&#8217;t wake up thinking about &#8220;agent autonomy,&#8221; &#8220;control planes,&#8221; or &#8220;blast radius.&#8221;</p><p>They wake up thinking about the <strong>bottom line</strong>: margin, cost-to-serve, cash conversion, reliability, and loss events.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Agents can move those outcomes, but only if they&#8217;re allowed to <strong>act</strong>, not just draft. And the moment agents act, the program succeeds or fails based on one thing:</p><p><strong>Can you scale autonomy into operating leverage without creating a governance incidentor a control deficiency that shows up later as a material weakness?</strong></p><p>Before we go further, here&#8217;s a useful mirror. In my experience, most businesses fall into <strong>one of two situations</strong>. Decide which one sounds like you.</p><div><hr></div><h2><strong>Mirror 1: &#8220;We want ROI&#8212;fast&#8221;</strong></h2><p>You&#8217;re not short on ideas. You want measurable results.</p><p>Your executive questions look like this:</p><p><strong>Value question:</strong></p><p>&#8220;Where will agents measurably move the bottom line, margin, cost-to-serve, cash conversion, loss events, and in what timeframe?&#8221;</p><p><strong>Scaling question (the real trap):</strong></p><p>&#8220;What autonomy do we need to deliver that value, and can we scale it without creating a governance incident, or a control deficiency that becomes a material weakness?&#8221;</p><p>Because the moment you need real ROI, you need agents that can <strong>act</strong>.</p><p>And once agents act, your ability to scale value depends on whether <strong>autonomy and controls grow together</strong>.</p><div><hr></div><h2><strong>Mirror 2: &#8220;We&#8217;re stuck in pilot purgatory&#8221;</strong></h2><p>You have pilots. You have demos. You have internal excitement.</p><p>What you don&#8217;t have is measurable impact at the enterprise level.</p><p>In this world, you&#8217;re usually trapped between two outcomes:</p><ul><li><p><strong>Pilot purgatory:</strong> productivity anecdotes, no outcome ownership, no measurable value.</p></li><li><p><strong>Governance blowback:</strong> autonomy scaled too quickly, a control gap emerged (sometimes rising to the level of a material weakness), and the program froze.</p></li></ul><p>The question isn&#8217;t whether you can &#8220;do AI.&#8221;</p><p>It&#8217;s whether you can scale autonomy into the operating model <strong>without stalling</strong>.</p><div><hr></div><h2><strong>The uncomfortable truth (and the reason this article exists)</strong></h2><blockquote><p><strong>If you don&#8217;t care about controls, you don&#8217;t care about ROI, because controls determine whether autonomy can scale.</strong></p></blockquote><p>That&#8217;s why &#8220;agent strategy&#8221; can&#8217;t start with vendors, demos, or model choices.</p><p>You shouldn&#8217;t seriously engage vendors until you&#8217;ve done internal due diligence on:</p><ul><li><p>where value will land,</p></li><li><p>what autonomy is required to capture it, and</p></li><li><p>what control environment is necessary to scale without blowback.</p></li></ul><div><hr></div><h2><strong>The framework: AMM + POLDAT (ROI enablers, not governance theatre)</strong></h2><p>This article proposes a practical framework to make autonomy-to-value delivery explicit, repeatable, and governable.</p><ul><li><p><strong>AMM tells you how much autonomy you can safely grant now</strong> (your current ROI ceiling).</p></li><li><p><strong>POLDAT tells you how widely value, and risk, propagates</strong> (your scaling cost and exposure).</p></li><li><p><strong>Together they give you a trajectory</strong> to increase autonomy (and therefore ROI) without triggering program freeze.</p></li></ul><p>Now we can talk about agentic maturity the way executives need it:</p><p>not &#8220;how smart is the model,&#8221; but <strong>how to turn autonomy into operating leverage, safely, repeatably, and with evidence.</strong></p><div><hr></div><h2><strong>The AMM framework: Autonomy &#215; Control Plane &#215; Change Surface</strong></h2><p><strong>AMM + POLDAT is a control framework for autonomy.</strong></p><p>It converts agent ideas into <strong>governed decisions</strong>: what an agent may do, where it propagates, what controls are mandatory, and what capability investments unlock the next step.</p><p>The framework combines three lenses:</p><h3><strong>1) AMM Levels (L0&#8211;L5): how mature your control environment is</strong></h3><p>A ladder from &#8220;assistive&#8221; to &#8220;adaptive,&#8221; based on governance and operational control, not AI sophistication.</p><ul><li><p><strong>L0 &#8212; Automation-only:</strong> deterministic workflows; no AI decisioning.</p></li><li><p><strong>L1 &#8212; Assistive AI:</strong> AI suggests; humans execute.</p></li><li><p><strong>L2 &#8212; Guardrailed execution:</strong> <strong>bounded writes</strong> in one domain; approvals, allow-lists, rollback.</p></li><li><p><strong>L3 &#8212; Orchestrated workflows:</strong> cross-system / multi-agent coordination with typed contracts + policy gates.</p></li><li><p><strong>L4 &#8212; Closed-loop governance:</strong> continuous monitoring; drift/anomaly controls; <strong>audit-grade traceability + replay</strong>; segregation of duties.</p></li><li><p><strong>L5 &#8212; Controlled self-improvement:</strong> agents propose policy/model changes, but only through validated change control.</p></li></ul><h3><strong>2) Autonomy Domains (D1&#8211;D5): where agents act</strong></h3><p>This is your &#8220;touch reality&#8221; dial.</p><ul><li><p><strong>D1 - Information:</strong> search/summarize/explain (read-only)</p></li><li><p><strong>D2 - Decision:</strong> recommend/triage/prioritize (human-owned action)</p></li><li><p><strong>D3 - Execution:</strong> commit transactions / run runbooks (<strong>writes</strong>)</p></li><li><p><strong>D4 - Coordination:</strong> cross-team, cross-system workflows (systemic coupling)</p></li><li><p><strong>D5 - Optimization:</strong> propose changes to policies/models/workflows (highest governance load)</p></li></ul><h3><strong>3) POLDAT: the change surface map (domains of change)</strong></h3><p>If you want this to work in real enterprises, you need a &#8220;where does this propagate?&#8221; lens.</p><ul><li><p><strong>P</strong> - Process</p></li><li><p><strong>O</strong> - Organization</p></li><li><p><strong>L</strong> - Location/Jurisdiction</p></li><li><p><strong>D</strong> - Data</p></li><li><p><strong>A</strong> - Applications</p></li><li><p><strong>T</strong> - Technology</p></li></ul><p><strong>POLDAT doesn&#8217;t measure value or risk by itself. It measures blast radius and coupling.</strong></p><p>Risk emerges when blast radius meets autonomy without adequate controls.</p><div><hr></div><h2><strong>What this framework does, and what it doesn&#8217;t</strong></h2><h3><strong>What AMM + POLDAT does</strong></h3><ul><li><p><strong>Prevents pilot purgatory</strong> by forcing <strong>outcome ownership</strong> and measurable baselines.</p></li><li><p><strong>Prevents governance blowback</strong> by aligning autonomy with controls (audit, rollback, SoD, policy gates).</p></li><li><p><strong>Makes impact legible</strong> by mapping where change propagates (process, accountability, systems).</p></li><li><p><strong>Produces a trajectory</strong>: Now / Next / Later with explicit enablement investments.</p></li><li><p><strong>Changes your trade space</strong> by shrinking the feasible set to what can actually go live safely today, and identifying what investments expand feasibility tomorrow.</p></li></ul><h3><strong>What it doesn&#8217;t do</strong></h3><ul><li><p>It does <strong>not</strong> choose your vendor, model, or platform.</p></li><li><p>It does <strong>not</strong> replace strategy or prioritization (leadership still decides what matters).</p></li><li><p>It does <strong>not</strong> magically create data quality, process clarity, or ownership.</p></li><li><p>It does <strong>not</strong> guarantee ROI.</p><p><strong>It guarantees you won&#8217;t confuse demos for delivery.</strong></p></li></ul><p>One important nuance:</p><blockquote><p><strong>You shouldn&#8217;t seriously engage vendors until you&#8217;ve done internal due diligence with AMM + POLDAT.</strong></p><p>Otherwise you&#8217;re buying a solution before you&#8217;ve defined the autonomy ceiling, blast radius, controls, and outcome ownership required to make it succeed.</p></blockquote><div><hr></div><h2><strong>Outcome ownership: how you prove the business is actually being touched</strong></h2><p>Frameworks don&#8217;t create value. <strong>Owned outcomes do.</strong></p><p>Every agent initiative must have:</p><ul><li><p><strong>a named business owner</strong> (accountable for the outcome)</p></li><li><p><strong>a measurable outcome metric</strong> with baseline and target</p><p>(cycle time, error rate, loss events, downtime, rework, compliance throughput, customer friction)</p></li></ul><p><strong>AMM + POLDAT tells you what is safe and scalable. Outcome ownership tells you what is worth doing.</strong></p><div><hr></div><h2><strong>POLDAT + AMM: how you avoid &#8220;agent-as-glue&#8221;</strong></h2><p>Most early agent programs fail because they start in <strong>multi-domain change</strong> (Process + Data + Apps + Org) without admitting it.</p><h3><strong>Step 1 &#8212; Add a &#8220;Domain-of-Change Heatmap&#8221; to every use case</strong></h3><p>Score impact (0&#8211;3) across POLDAT:</p><ul><li><p><strong>P:</strong> does it change workflow or decision logic?</p></li><li><p><strong>O:</strong> does it shift responsibilities / approvals / roles?</p></li><li><p><strong>L:</strong> does it cross sites, plants, jurisdictions, cloud regions?</p></li><li><p><strong>D:</strong> does it create/transform authoritative records or labels?</p></li><li><p><strong>A:</strong> does it integrate across systems or trigger transactions?</p></li><li><p><strong>T:</strong> does it change runtime controls, IAM, monitoring?</p></li></ul><p><strong>Rule:</strong> the more domains you heat up (especially A/T), the higher the control burden.</p><h3><strong>Step 2 &#8212; Make the leap explicit</strong></h3><ul><li><p><strong>Low-risk entry (good at L1&#8211;L2):</strong> &#8220;P-only&#8221; or &#8220;D-only&#8221; influence</p><p>(read-only assistance, drafting, diagnostics, recommendations)</p></li><li><p><strong>High-risk leap (requires L3+):</strong> &#8220;D+A&#8221; or &#8220;P+O+A&#8221;</p><p>(writing records + executing actions + cross-team coupling)</p></li><li><p><strong>Safety-critical domains:</strong> anything that touches A/T without formal gates is a hard no.</p></li></ul><h3><strong>Step 3 &#8212; Map AMM levels to allowed POLDAT footprint</strong></h3><ul><li><p><strong>L1 - Assistive:</strong> touches D(read), maybe P(draft); no writes.</p></li><li><p><strong>L2 - Guardrailed execute:</strong> limited A with allow-lists + approvals; D writes only as non-authoritative.</p></li><li><p><strong>L3 - Orchestrated:</strong> controlled P+D+A across bounded systems; org boundaries explicit.</p></li><li><p><strong>L4 - Closed-loop governance:</strong> continuous control across O and T (policy-as-code, SoD, monitoring, rollback, replay).</p></li><li><p><strong>L5 - Adaptive:</strong> optimization proposals across domains, but only via controlled change management.</p></li></ul><div><hr></div><h2><strong>The core operating rule (the one executives remember)</strong></h2><p><strong>Three-domain rule:</strong></p><p>If an agent impacts <strong>&#8805;3 POLDAT domains</strong> <em>and</em> includes <strong>Applications or Technology (A/T)</strong>, you&#8217;re no longer &#8220;piloting an agent.&#8221; <strong>You&#8217;re changing a system.</strong></p><p>That means:</p><ul><li><p>you need <strong>L3+ maturity to scale</strong> (often <strong>L4+</strong> in safety-critical sectors), and</p></li><li><p>you should treat it like a controlled change program, not an &#8220;AI experiment.&#8221;</p></li></ul><p>This is the fastest way to separate serious work from shiny decks.</p><div><hr></div><h2><strong>Example 1: POLDAT heatmap (blast radius and coupling)</strong></h2><h3><strong>Use case: &#8220;Agentic exception handling for invoice disputes&#8221;</strong></h3><p>The agent reads invoices and contracts, proposes resolutions, and may trigger credits/adjustments.</p><p><strong>Impact intensity scale:</strong> 0 = none, 1 = low, 2 = medium, 3 = high</p><div class="captioned-image-container"><figure><a class="image-link image2" target="_blank" href="https://substackcdn.com/image/fetch/$s_!awDO!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!awDO!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 424w, https://substackcdn.com/image/fetch/$s_!awDO!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 848w, https://substackcdn.com/image/fetch/$s_!awDO!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 1272w, https://substackcdn.com/image/fetch/$s_!awDO!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!awDO!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png" width="606" height="190" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:190,&quot;width&quot;:606,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:42012,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://thinkinginloops.substack.com/i/188898686?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!awDO!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 424w, https://substackcdn.com/image/fetch/$s_!awDO!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 848w, https://substackcdn.com/image/fetch/$s_!awDO!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 1272w, https://substackcdn.com/image/fetch/$s_!awDO!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c6f3387-974d-46cd-844f-96a6602337fc_606x190.png 1456w" sizes="100vw" loading="lazy"></picture><div></div></div></a></figure></div><p><strong>Interpretation:</strong></p><ul><li><p>This touches <strong>P + O + D + A + T</strong> &#8594; high coupling.</p></li><li><p>The main risk isn&#8217;t model accuracy. It&#8217;s <strong>transactional authority + operating model change</strong>.</p></li><li><p>Treating it as a casual pilot yields either no value (blocked) or unacceptable exposure (writes without evidence controls).</p></li></ul><div><hr></div><h2><strong>Example 2: AMM autonomy matrix (what&#8217;s allowed now vs later)</strong></h2><p><strong>Legend</strong></p><ul><li><p>&#9989; Allowed by default</p></li><li><p>&#9888;&#65039; Allowed only with strict gates (approvals, allow-lists, rollback)</p></li><li><p>&#9940; Not sensible / not safe at this maturity level</p></li></ul><div class="captioned-image-container"><figure><a class="image-link image2" target="_blank" href="https://substackcdn.com/image/fetch/$s_!GNaH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!GNaH!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 424w, https://substackcdn.com/image/fetch/$s_!GNaH!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 848w, https://substackcdn.com/image/fetch/$s_!GNaH!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 1272w, https://substackcdn.com/image/fetch/$s_!GNaH!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!GNaH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png" width="640" height="169" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:169,&quot;width&quot;:640,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:34629,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://thinkinginloops.substack.com/i/188898686?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!GNaH!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 424w, https://substackcdn.com/image/fetch/$s_!GNaH!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 848w, https://substackcdn.com/image/fetch/$s_!GNaH!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 1272w, https://substackcdn.com/image/fetch/$s_!GNaH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49386cc3-1af9-41c7-b4a1-5958f1deccba_640x169.png 1456w" sizes="100vw" loading="lazy"></picture><div></div></div></a></figure></div><div><hr></div><h2><strong>Putting it together: the governed trajectory (Now / Next / Later)</strong></h2><h3><strong>Outcome ownership (non-negotiable)</strong></h3><ul><li><p><strong>Owner:</strong> CFO / VP Finance</p></li><li><p><strong>Metrics:</strong> dispute cycle time; write-off rate; rework rate; customer friction</p></li><li><p><strong>Baseline:</strong> required before scaling autonomy</p></li></ul><h3><strong>Now (0&#8211;90 days): value without governance blowback</strong></h3><ul><li><p>Deploy <strong>Recommend-only</strong> (D2): agent proposes resolution + evidence</p></li><li><p>Humans approve and execute</p></li><li><p>Mandatory controls:</p><ul><li><p>audit trail for each recommendation (inputs, rationale, decision)</p></li><li><p>tool allow-lists</p></li><li><p>approval workflow instrumentation</p></li></ul></li></ul><h3><strong>Next: unlock bounded execution (D3)</strong></h3><ul><li><p>Agent drafts credits/adjustments</p></li><li><p>Approval required; rollback rehearsed</p></li><li><p>Auto-execution only under strict thresholds and strong monitoring</p></li></ul><h3><strong>Later: unlock coordination (D4)</strong></h3><ul><li><p>Expand into cross-system orchestration (AR + Sales Ops + Customer Success)</p></li><li><p>Only after closed-loop governance (L4 posture) is proven</p></li></ul><div><hr></div><h2><strong>Heuristics for CEOs/CTOs: 2-minute sanity checks</strong></h2><h3><strong>Heuristic 1: The &#8220;3 questions&#8221; gate</strong></h3><p>If any answer is &#8220;no,&#8221; don&#8217;t scale autonomy.</p><ol><li><p><strong>Ownership:</strong> named executive owner + metric baseline?</p></li><li><p><strong>Authority:</strong> will it write to authoritative data or trigger transactions? If yes, rollback + audit replay proven?</p></li><li><p><strong>Coupling:</strong> does it heat &#8805;3 POLDAT domains and touch A/T? If yes, treated as controlled system change (L3/L4)?</p></li></ol><h3><strong>Heuristic 2: The 2&#215;2 (Autonomy vs Blast Radius)</strong></h3><ul><li><p><strong>Autonomy:</strong> Recommend-only vs Execute/Coordinate</p></li><li><p><strong>Blast radius:</strong> Low POLDAT vs High (&#8805;3 domains + A/T)</p></li></ul><p><strong>Guidance</strong></p><ul><li><p>low autonomy + low blast radius &#8594; safe quick win</p></li><li><p>low autonomy + high blast radius &#8594; good assist candidate; manage change</p></li><li><p>high autonomy + low blast radius &#8594; viable with L2 controls</p></li><li><p>high autonomy + high blast radius &#8594; system change; fund control plane first</p></li></ul><div><hr></div><h2><strong>AMM + POLDAT redraws the Pareto frontier</strong></h2><p>Traditional agent conversations implicitly optimize one thing: <strong>more automation</strong>.</p><p>Real enterprises have multiple objectives:</p><ul><li><p><strong>Value</strong> (outcome metric improvement)</p></li><li><p><strong>Autonomy</strong> (what the agent is allowed to do)</p></li><li><p><strong>Blast radius</strong> (how widely change propagates)</p></li><li><p><strong>Control maturity</strong> (auditability, rollback, SoD, monitoring)</p></li></ul><p>AMM + POLDAT makes the trade space explicit:</p><ul><li><p>Some initiatives that look attractive on ROI are <strong>dominated</strong> because they require autonomy + blast radius your control plane can&#8217;t support.</p></li><li><p>Some &#8220;boring&#8221; investments (audit/replay, policy gates, SoD, observability) create <strong>option value</strong> by moving the frontier outward&#8212;making higher autonomy feasible later.</p></li></ul><p><strong>AMM + POLDAT doesn&#8217;t just prioritize use cases; it redraws the Pareto frontier of what&#8217;s feasible.</strong></p><div><hr></div><h2><strong>Closing</strong></h2><p>Agents will reshape operating models. That&#8217;s the point.</p><p>But autonomy without controls is not innovation, it&#8217;s deferred liability.</p><p><strong>Agentic maturity is the ability to let software touch reality safely, repeatedly, and with evidence.</strong></p><p>AMM tells you how much autonomy is safe. POLDAT shows where change propagates. Outcome ownership ensures you deliver measurable value. Together, they provide a <strong>trajectory to enablement</strong>, and a fast way to separate serious transformation from shiny decks.</p><p></p><blockquote><p><em>Footnote:</em> POLDAT is a general enterprise &#8220;domains of change&#8221; lens (Process, Organization, Location, Data, Applications, Technology). This article is not affiliated with, nor a reproduction of, any proprietary methodology; POLDAT is used only as a practical change-surface (blast-radius) map.</p></blockquote><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Behavioural Model of the Firm: A CFO Note on Agentic AI IP (for CFOs and CEOs together)]]></title><description><![CDATA[From workflows to behavioural IP: what changes on the balance sheet, in vendor contracts, and in the board conversation when agents enter the flow.]]></description><link>https://thinkinginloops.substack.com/p/the-behavioural-model-of-the-firm</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/the-behavioural-model-of-the-firm</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Thu, 15 Jan 2026 10:55:03 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>If agents are making decisions in your value streams, you already have behavioural IP. The only question is whether you manage it as an asset, or keep treating it as just &#8220;processes and workflows&#8221; and casually hand it over to vendors and consultants every time you modernise a value stream or design a future mode of operation.</em></p><p>This is written through a <strong>CFO lens</strong>, but it is really a note for any <strong>CEO&#8211;CFO pair</strong> who suspects that &#8220;how our agents behave&#8221; is becoming a core asset, not just an IT detail. If you&#8217;re a CEO, read this as the agenda you should expect your CFO to bring you &#8211; and the questions you should both be ready to answer in front of the board and supervisors.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>In my earlier pieces on agentic AI, from <em>Agentic AI and the Future-Proof Enterprise</em> (business case, use cases, governance) to the value-stream view on Order-to-Cash and Procure-to-Pay, I argued three things:</p><ul><li><p>agents belong in <strong>value streams</strong>, not in slideware,</p></li><li><p>you need real <strong>C3</strong> (command, control, communications): Rules of Engagement, Sentinels, STOP actions, evidence,</p></li><li><p>you cannot outsource <strong>who owns the dials</strong>.</p></li></ul><p>This note doesn&#8217;t re-argue any of that.</p><p>It does one thing: look at the same problem through a <strong>CFO&#8211;CEO joint custody</strong> lens.</p><p>If agents are starting to make real decisions in credit, collections, pricing, hiring, underwriting, cross-border payments, or procurement, then you already have what I&#8217;d call a <strong>behavioural model of the firm</strong>:</p><blockquote><p>The set of policies, critics, Rules of Engagement and playbooks that determine how machines are allowed to behave in your name.</p></blockquote><p>That model is <strong>IP</strong>. It has a creation cost, it moves risk and value, and it&#8217;s easy to under-manage because it lives in prompts, config files and a few people&#8217;s heads.</p><p>This is what I&#8217;d want on the CFO / CEO / Audit Committee agenda.</p><div><hr></div><h2><strong>1. What behavioural IP actually is (in CFO language)</strong></h2><p>Forget the architecture diagrams for a second. For a CFO (and CEO), &#8220;behavioural IP&#8221; boils down to three buckets:</p><ol><li><p><strong>How agents are allowed to act</strong></p><ul><li><p>Rules of Engagement in core flows (credit, collections, mortgages, international payments, procurement, etc.).</p></li><li><p>What counts as &#8220;within policy&#8221;, what must be escalated, what is forbidden.</p></li><li><p>The logic for tightening or loosening those rules when conditions change.</p></li></ul></li><li><p><strong>How you watch and correct them</strong></p><ul><li><p>Sentinel logic: what gets monitored, which patterns count as drift or danger.</p></li><li><p>The thresholds for alarms and STOP actions.</p></li><li><p>The drill books: what happens in the first 24&#8211;48 hours of a &#8220;war-room grade&#8221; agentic incident.</p></li></ul></li><li><p><strong>How you explain yourself</strong></p><ul><li><p>Evidence pipelines: what logs, traces and rationales you keep.</p></li><li><p>Test suites and scenarios you can replay.</p></li><li><p>The narrative you can show auditors, supervisors and the board:</p></li></ul></li></ol><blockquote><p>&#8220;Here is how this class of agents behaves, how we know, and what we do when it doesn&#8217;t.&#8221;</p></blockquote><p>Together, that is the <strong>practical behaviour</strong> of your firm under agentic conditions.</p><p>Models come and go; this stuff stays.</p><div><hr></div><h2><strong>2. Two examples of invisible IP</strong></h2><p>Executives often think &#8220;our IP is patents, products and code.&#8221; In reality, a lot of the edge lives in <strong>how you operate</strong>.</p><h3><strong>Example 1 &#8211; The freight company that didn&#8217;t think it had IP</strong></h3><p>A large North American <strong>freight company</strong> I worked with quietly ran one of the leanest fuel budgets in its market: more tonnes of cargo per unit of fuel than almost anyone else. Not because of some miracle algorithm, but because of how they actually operated, how loads were built, how routes were planned, and how drivers handled every hill, curve and junction to balance fuel, schedule and safety.</p><p>That is IP. It&#8217;s a behavioural model: thousands of tiny decisions about how to trade fuel against time and wear in a very specific network.</p><p>Then a vendor arrived with an attractive offer: instrument the <strong>fleet</strong> with a dense layer of sensors and telemetry, wrapped in a &#8220;predictive maintenance and fuel optimisation&#8221; platform. Hidden in the boilerplate was an assumption that the vendor could freely analyse and reuse the behavioural patterns in that data across its customer base.</p><p>In other words, the company was about to pay to turn its operating know-how into a generic product. Unless you see that as <strong>behavioural IP</strong>, it looks like &#8220;just an efficiency project.&#8221;</p><h3><strong>Example 2 &#8211; The bank training away its edge</strong></h3><p>Consider a composite example of a retail and commercial bank. On paper, its products look similar to peers. In practice, its performance is driven by how it behaves at the edges:</p><ul><li><p>how it underwrites borderline SME, <strong>enterprise credit</strong> and <strong>mortgages</strong> (who gets a manual exception, who gets declined, who gets a second chance),</p></li><li><p>how it structures and prices <strong>project and corporate finance</strong> deals, including the choice and timing of modern financial instruments and hedges,</p></li><li><p>how it restructures stressed borrowers instead of rushing straight to legal and hard collections,</p></li><li><p>how it decides which transactions to flag as suspicious without paralysing genuine customers,</p></li><li><p>how it sets thresholds and investigations around <strong>payment gateways for international transactions</strong>, balancing fraud/AML risk, sanctions exposure and customer experience,</p></li><li><p>how it applies limits and overrides in the treasury and liquidity book.</p></li></ul><p>That is IP. It&#8217;s a behavioural model of risk, relationship management and capital allocation that has been shaped over years of episodes, scars and quiet judgement.</p><p>Now a vendor turns up with an &#8220;AI-powered decisioning platform&#8221; for underwriting, collections, AML, international payments and even enterprise lending and structured deals. The pitch is compelling: better models, lower defaults, smoother journeys, frictionless cross-border flows, more sophisticated use of instruments. The technical proposal quietly assumes full access to live decisions and outcomes across mortgages, enterprise financing, payment gateways, transactions and collections, in other words, a real-time feed of how the bank actually behaves.</p><p>If no one in the room sees that as <strong>behavioural IP</strong>, the bank is about to do the same thing as the freight company:</p><ul><li><p>give a third party the raw material to learn its credit, restructuring, mortgage and cross-border heuristics,</p></li><li><p>let that learning flow back into a generic platform,</p></li><li><p>and then compete in a market where its hard-won judgement has been partially commoditised.</p></li></ul><p>Once you start adding <strong>agentic</strong> layers, agents that can propose terms, adjust offers, renegotiate, initiate restructurings, tweak mortgage conditions or route and pause international payments, you&#8217;re no longer just outsourcing models. You&#8217;re implicitly outsourcing part of the <strong>behaviour of the firm</strong> unless you make ownership and control of that behaviour explicit.</p><div><hr></div><h2><strong>3. When does this become a capital asset, not plumbing?</strong></h2><p>Very simple CFO test:</p><ol><li><p><strong>If we lost this tomorrow, what would we lose?</strong></p><p>Not parameter files &#8211; those are replaceable.</p><p>You&#8217;d lose:</p><ul><li><p>the accumulated <strong>judgement</strong> encoded in your RoEs and Sentinels,</p></li><li><p>the <strong>trust</strong> you&#8217;ve built with regulators and auditors,</p></li><li><p>the <strong>speed</strong> with which you can safely roll out or adjust agents.</p></li></ul></li><li><p><strong>Is it firm-specific and hard to copy?</strong></p><p>Yes. Your behavioural model is tied to:</p><ul><li><p>your products and contracts,</p></li><li><p>your risk appetite,</p></li><li><p>your incident history and scars,</p></li><li><p>your specific customer and counterparty base.</p></li></ul></li><li><p><strong>Does it change the economics of future projects?</strong></p><p>Yes. A mature behavioural IP layer:</p><ul><li><p>lowers the marginal cost of each new agentic deployment,</p></li><li><p>widens the envelope of &#8220;things we can safely automate&#8221;,</p></li><li><p>reduces the tail risk of incidents that would otherwise block whole classes of use cases.</p></li></ul></li></ol><p>On top of that, agentic AI forces a level of <strong>data discipline</strong> that many firms have deferred for years. If behaviour is an asset, you can&#8217;t treat all data as one amorphous lake. You need to be explicit about categories such as:</p><ul><li><p><strong>Operational data</strong> &#8211; events, logs, telemetry that describe how the firm actually runs.</p></li><li><p><strong>Trade secrets</strong> &#8211; pricing logic, routing heuristics, credit and collections strategies, optimisation know-how.</p></li><li><p><strong>Customer-sensitive information</strong> &#8211; not just PII in the narrow legal sense, but any data that reveals something materially sensitive about customers or counterparties, even if they&#8217;re not individually identifiable (behavioural segments, risk clusters, distress patterns, etc.).</p></li><li><p>And further buckets as appropriate for your domain (safety-critical, regulated, embargoed, internal-only, etc.).</p></li></ul><p>Behavioural IP sits at the intersection of these: it&#8217;s how you <em>use</em> operational data, trade secrets and customer-sensitive information to make decisions.</p><p>It is knowledge about these categories, what must <strong>never</strong> be shared, what can be shared under strict terms, and what is genuinely commodity, that has to sit at the <strong>front of your mind in any vendor negotiation</strong>:</p><ul><li><p>especially with Big 4 firms and large SaaS / platform providers, who are often very aggressive in what they reserve the right to analyse, log, and reuse;</p></li><li><p>if you go into those negotiations without a clear internal stance on your data and behavioural IP categories, you will end up conceding ground by default.</p></li></ul><p>So the discipline here is twofold:</p><ol><li><p><strong>Classify the landscape</strong> (operational, trade-secret, customer-sensitive, etc.).</p></li><li><p><strong>Treat that classification as non-negotiable input</strong> to your sourcing and contract strategy: decide in advance which categories are never exposed, which can only be used under your supervision, and which are genuinely open.</p></li></ol><p>If the honest answer to the three tests above is &#8220;yes&#8221;, and you recognise that behavioural IP rides on some of your most sensitive data categories, then from a finance and risk point of view this is <strong>capital-like</strong>:</p><ul><li><p>it&#8217;s expensive to build,</p></li><li><p>it pays off over multiple projects and years,</p></li><li><p>it affects the firm&#8217;s ability to capture upside without unacceptable downside,</p></li><li><p>and it constrains what you can safely share with vendors and partners.</p></li></ul><p>That doesn&#8217;t mean you suddenly capitalise every RoE change. It means you <strong>name the asset</strong>, <strong>categorise the data it depends on</strong>, and walk into every major vendor negotiation with that map as a hard constraint, not an afterthought.</p><div><hr></div><h2><strong>4. Own vs outsource: where the hard line really is</strong></h2><p>From a CFO seat, you can think of agentic spend in two piles.</p><h3><strong>Pile A &#8211; safely outsourceable (with control)</strong></h3><ul><li><p>base models and serving,</p></li><li><p>generic tools (vector stores, evaluation harnesses, orchestration frameworks),</p></li><li><p>commodity agents (document Q&amp;A, generic summarisation, internal &#8220;copilots&#8221;),</p></li><li><p>implementation help and reference patterns.</p></li></ul><p>These are infrastructure and accelerators. They&#8217;re important, but they&#8217;re not where your firm-specific behavioural edge lives.</p><h3><strong>Pile B &#8211; must be owned (and carefully partitioned)</strong></h3><ul><li><p>RoEs in <strong>money-touching and conduct-sensitive flows</strong> (credit, mortgages, collections, payment gateways, procurement, claims, spend, capital allocations, etc.),</p></li><li><p>Sentinel logic: what you watch, where you set thresholds, how STOP works,</p></li><li><p>incident taxonomy and war-room playbooks,</p></li><li><p>how you encode <strong>risk appetite</strong> and &#8220;what good looks like&#8221; for behaviour,</p></li><li><p>how you generate and store evidence for <strong>supervisors, auditors and your own board</strong>.</p></li></ul><p>You <strong>can</strong> use vendors to help implement and operate parts of this, but two principles matter:</p><ol><li><p><strong>No single external party should see enough to reconstruct your behavioural IP on its own.</strong></p><ul><li><p>Decompose responsibilities so that model hosting, telemetry, orchestration and evaluation are not all concentrated with one provider, especially in your most sensitive flows.</p></li><li><p>Keep the &#8220;behavioural glue&#8221;, RoEs, Sentinel tuning, incident logic, under your direct control.</p></li></ul></li><li><p><strong>Contracts must explicitly codify IP ownership and permitted use.</strong></p><p>At minimum, that should include:</p><ul><li><p>Clear language that:</p><ul><li><p>your <strong>data</strong>,</p></li><li><p>your <strong>behavioural patterns</strong>, and</p></li><li><p>any <strong>derived behavioural logic</strong> (policies, thresholds, models trained primarily on your behaviour)</p><p>are <strong>your IP</strong>, not the vendor&#8217;s.</p></li></ul></li><li><p>Explicit prohibitions on:</p><ul><li><p>using your data or behavioural patterns to train generic products,</p></li><li><p>staging inferences on your flows and then reusing the resulting insight to build offerings that can be sold to competitors.</p></li></ul></li><li><p>A narrow allowance that:</p><ul><li><p>under <strong>your supervision</strong>, the vendor may use your data and inferences <strong>only</strong> to improve the services they provide <em>back to you</em>,</p></li><li><p>any such derived IP still belongs to you, and the vendor operates it under a <strong>licence you grant</strong> for the sole purpose of serving your account.</p></li></ul></li><li><p>Audit and transparency rights:</p><ul><li><p>the right to see how your data is used,</p></li><li><p>the right to verify that no cross-client training or leakage is happening.</p></li></ul></li></ul></li></ol><p>Consultants and vendors can help you <strong>shape and implement</strong> Pile B. They should not be in a position to bottle it and walk away with it.</p><p>Because when something goes wrong:</p><ul><li><p>the <strong>economic loss</strong> sits on your P&amp;L and balance sheet,</p></li><li><p>the <strong>legal and regulatory exposure</strong> sits with your board,</p></li><li><p>and the <strong>reputational damage</strong> sits with your brand.</p></li></ul><p>Behaviour doesn&#8217;t move with the invoice; it stays with you. Your contracts and vendor architecture should reflect that.</p><h3><strong>One more discipline: stay at arm&#8217;s length &#8211; even with your &#8220;trusted partners&#8221;</strong></h3><p>When it comes to AI and agentic systems, you&#8217;re on new ground. The cosy habits that grew out of long, fruitful relationships with big consultancies or platform vendors can quietly turn into very expensive failure experiments:</p><ul><li><p>assumptions get waved through &#8220;because they&#8217;ve always been our partner&#8221;,</p></li><li><p>behavioural IP and sensitive data categories are relaxed by exception,</p></li><li><p>and no one wants to be the person who challenges a long-standing relationship in front of the room.</p></li></ul><p>For agentic work, the enterprise needs an <strong>explicit arm&#8217;s-length posture</strong> with <em>every</em> vendor, including the ones you like and know well. That doesn&#8217;t mean hostility; it means treating them as counterparties in a high-stakes domain where the downside (behavioural leakage, misaligned agents, regulatory incidents) sits squarely on your balance sheet and reputation, not theirs.</p><div><hr></div><h2><strong>5. How do you value this under GAAP/IFRS without kidding yourself?</strong></h2><p>It&#8217;s tempting to say &#8220;let&#8217;s book a line called <em>behavioural IP</em> on the balance sheet,&#8221; but current accounting standards don&#8217;t work that way.</p><p>Under IFRS, internally generated intangibles can only be capitalised when they are identifiable, under your control, expected to generate future economic benefits and their cost can be measured reliably, and even then, only in the <strong>development</strong> phase, not in research. Certain categories (internally generated goodwill, brands, customer lists and similar items) are explicitly prohibited from recognition as assets.</p><p>Under US GAAP, internally generated intangibles are generally expensed, with important exceptions like <strong>internal-use software</strong>, where development costs that meet specific criteria are capitalised as intangible assets and amortised over their useful life. The rules have been modernised for agile development, but the basic idea remains: you capitalise software, not vague &#8220;know-how&#8221;.</p><p>The practical implication:</p><ul><li><p>You will <strong>not</strong> get to record a single clean line item called <em>behavioural IP &#8211; 200M</em> just because you have agents.</p></li><li><p>You <strong>can</strong> and <strong>should</strong> capture part of that behavioural IP as <strong>capitalised internal-use software / development costs</strong> &#8211; the code, orchestration and evaluation layers that embody your RoEs, Sentinels and STOP logic.</p></li></ul><p>A pragmatic CFO move is to define a distinct <strong>behavioural control layer</strong> as a capital project:</p><ul><li><p>agent policy engines and routers,</p></li><li><p>Sentinel / drift detection and evidence pipelines,</p></li><li><p>test harnesses and evaluation frameworks that sit across O2C, P2P and other flows.</p></li></ul><p>If you treat that as internal-use software rather than miscellaneous opex, you can:</p><ul><li><p>capitalise eligible development costs once the relevant criteria are met (under IFRS development rules or US GAAP internal-use software thresholds),</p></li><li><p>amortise them over a realistic useful life (often 3&#8211;5 years, given model and regulatory change),</p></li><li><p>and tie that asset explicitly to reductions in incident risk, lower marginal cost of new agentic deployments and increased capacity to &#8220;safely automate&#8221; value streams.</p></li></ul><p>The rest of the behavioural IP, the accumulated judgement about borderline cases, the organisational learning, the policy debates that never make it into code, will remain largely off-balance-sheet, just as internally generated brands and customer lists do today. But that doesn&#8217;t mean you ignore it.</p><p>Two disciplines make this credible:</p><ol><li><p><strong>Treat the behavioural control layer as a named asset</strong>, not a by-product. Design it so it is technically identifiable: its own stack, APIs, configuration and change history, used across multiple value streams.</p></li><li><p><strong>Maintain an internal &#8220;behavioural IP register&#8221;</strong> that tracks:</p><ul><li><p>capitalised software and development costs,</p></li><li><p>where the behavioural layer is deployed,</p></li><li><p>and, at least in scenario form, the ranges of risk reduction, cost leverage and revenue enablement it underpins.</p></li></ul></li></ol><p>That gives you a GAAP-aligned floor (what&#8217;s on the balance sheet) and an economically honest ceiling (what it is likely worth to the firm). In conversations with the board, investors and supervisors, the <strong>CEO&#8211;CFO pair</strong> can then say, without hand-waving:</p><blockquote><p>&#8220;Here is what we have capitalised as internal-use software. Here is the broader behavioural IP it embodies. Here is the cash-flow and risk profile it supports. And here is how we make sure we don&#8217;t casually give that away to vendors when we negotiate contracts.&#8221;</p></blockquote><p>You stay within the rules, but you stop treating the behavioural model of the firm as unmeasured magic or worse just as, &#8220;processes and workflows&#8221;.</p><div><hr></div><h2><strong>6. A minimal CFO/CTO plan (one slide, not a programme)</strong></h2><p>If I had to put this on a single slide for a CFO/CEO/CTO offsite, it would be five bullets:</p><ol><li><p><strong>Inventory the behavioural surface</strong></p><ul><li><p>Where do agents currently touch cash, customers, suppliers, or reporting?</p></li><li><p>For each, is there a written RoE, Sentinel definition, incident playbook and evidence view?</p></li></ul></li><li><p><strong>Make it explicit and versioned</strong></p><ul><li><p>Pull RoEs, Sentinel configs, scenarios and playbooks into a <strong>single artefact set</strong>.</p></li><li><p>Put them under change control like any other critical system logic.</p></li></ul></li><li><p><strong>Treat evolution as a small R&amp;D portfolio</strong></p><ul><li><p>3&#8211;5 named themes, for example:</p><ul><li><p>&#8220;O2C conduct and mis-selling risk&#8221;,</p></li><li><p>&#8220;P2P supplier resilience and fraud&#8221;,</p></li><li><p>&#8220;Agentic bias and fairness in hiring&#8221;,</p></li><li><p>&#8220;Cross-border payment safety vs friction&#8221;.</p></li></ul></li><li><p>Each with: owner, hypotheses, tests, and a rough horizon (0&#8211;12, 12&#8211;36 months).</p></li><li><p>Push the CTO to use <strong>TRL-style language</strong>, Technology Readiness Levels, a 1&#8211;9 maturity scale for how &#8220;ready&#8221; something is &#8211; so it&#8217;s clear which behavioural controls are still experimental and which are proven enough for broad deployment.</p></li></ul></li><li><p><strong>Make sure the asset actually hits the balance sheet where it should</strong></p><ul><li><p>Define the <strong>behavioural control layer</strong> (policy engine, Sentinels, STOP and evidence pipelines) as a recognisable internal-use software project.</p></li><li><p>Work with accounting to:</p><ul><li><p>identify when it moves from research to development (or meets US GAAP internal-use software thresholds),</p></li><li><p>capitalise eligible development costs,</p></li><li><p>amortise them sensibly and tie them to concrete risk and value arguments.</p></li></ul></li><li><p>If you don&#8217;t do this explicitly, everything vanishes into opex and your &#8220;behavioural IP&#8221; remains invisible in the financials, no matter how strategic it is.</p></li></ul></li><li><p><strong>Instrument Supply Management and Legal as gatekeepers, not spectators</strong></p><ul><li><p>For any material agentic or platform deal, run a <strong>multidisciplinary task force</strong>, not a procurement formality:</p><ul><li><p>CFO / Finance (behavioural IP and capital view),</p></li><li><p>CEO / sponsor of risk&#8211;reward trade-offs,</p></li><li><p>CTO / architecture,</p></li><li><p>CIO / operations and security,</p></li><li><p>Risk / Compliance,</p></li><li><p><strong>Legal</strong> (IP, data use, liability),</p></li><li><p><strong>Supply Management / Procurement</strong> (vendor leverage, commercial terms).</p></li></ul></li><li><p>Make <strong>one person the engagement lead</strong>, not just a PM ticking boxes, not a lone &#8220;business champion&#8221;, but someone who understands:</p><ul><li><p>the behavioural IP stakes,</p></li><li><p>the accounting and risk implications,</p></li><li><p>and can negotiate firmly against vendor boilerplate.</p></li></ul></li><li><p>Their job is to ensure you don&#8217;t walk out of the room having given a big 4 firm or SaaS provider everything they need to reconstruct your behavioural IP, in exchange for donuts and a slide deck.</p></li></ul></li></ol><p>That&#8217;s it. No giant operating-model deck. Just a shared understanding at the top that:</p><blockquote><p>&#8220;Behaviour&#8221; is an asset with an owner, a vendor strategy, a place on the balance sheet where appropriate, not an emergent side-effect of experiments.</p></blockquote><div><hr></div><h2><strong>7. Questions a CFO and CEO should ask tomorrow</strong></h2><p>If you want this to be concrete, here&#8217;s the short list I&#8217;d put on a sticky note for the CEO&#8211;CFO pair:</p><ul><li><p><em>Show us, on one page, where agents touch cash, customers, suppliers, and reporting.</em></p></li><li><p><em>For each of those, who owns the RoE? Who owns the Sentinel logic?</em></p></li><li><p><em>Where do those rules live? Are they versioned? Who can change them, and how?</em></p></li><li><p><em>What is our definition of an &#8220;agentic incident&#8221;? How many have we had this quarter, and what did we learn?</em></p></li><li><p><em>If a regulator walks in tomorrow, what do we show them as evidence that we&#8217;re in control?</em></p></li><li><p><em>What does our vendor map look like in these flows? Could any single vendor reconstruct our behavioural IP from what we share with them?</em></p></li><li><p><em>Do our contracts explicitly state who owns behavioural IP, what vendors may and may not do with our data and derived models, and what licence (if any) we grant back?</em></p></li><li><p><em>How have we categorised the data our agents rely on (operational, trade secret, customer-sensitive, etc.), and how does that map into our sourcing and contract positions?</em></p></li><li><p><em>Where, specifically, are we capitalising the behavioural control layer as internal-use software, and what is its current book value and amortisation plan?</em></p></li><li><p><em>Are Legal and Supply Management set up as active gatekeepers of this IP in major AI/vendor deals, with a named engagement lead who can say &#8220;no&#8221; when the terms would leak our edge?</em></p></li><li><p><em>What part of this work are we treating as R&amp;D (learning new ways to test / monitor / control), versus pure ops?</em></p></li></ul><p>If the answers are fuzzy, heavily outsourced, or spread across vendors and &#8220;that team that runs the LLM stuff&#8221;, then you have your diagnosis:</p><p>You&#8217;re already building a <strong>behavioural model of the firm</strong>.</p><p>You&#8217;re just not yet treating it like an asset that deserves <strong>CFO&#8211;CEO level</strong> attention, including how it&#8217;s reflected in the balance sheet, and how, and with whom, you share it.</p><p>The firms that take behavioural IP seriously now will have a very different conversation with supervisors, auditors and investors when agentic incidents stop being hypotheticals and start showing up in real reports.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Agentic AI in the Value Stream: Order-to-Cash, Procure-to-Pay and C3]]></title><description><![CDATA[What McKinsey&#8217;s &#8216;Big Rethink&#8217; leaves out about control, C3 and value streams]]></description><link>https://thinkinginloops.substack.com/p/agentic-ai-in-the-value-stream-order</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/agentic-ai-in-the-value-stream-order</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Sat, 10 Jan 2026 22:17:36 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!wCE0!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>McKinsey&#8217;s <em><a href="https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-big-rethink-an-agenda-for-thriving-in-the-agentic-age">&#8220;The Big Rethink: An agenda for thriving in the agentic age&#8221;</a></em> is, in many ways, directionally right. It points CEOs toward the right domains, new operating models, learning systems, rethought roles. </p><p>But it&#8217;s also a bit like a cake with only the first half of the recipe written down. You get the list of ingredients and some early steps, but not the part where heat, timing and structure decide whether you end up with something you can actually serve.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Once you move from slides to production, agentic AI stops being a catalogue of &#8220;use cases&#8221; and becomes a <strong>decision fabric threaded through the flows that keep the enterprise alive</strong>:</p><ul><li><p>how money comes in (<strong>Order-to-Cash</strong>), and</p></li><li><p>how money goes out (<strong>Procure-to-Pay</strong>).</p></li></ul><p>At that point it&#8217;s no longer just the CEO&#8217;s toy. It becomes the shared problem of the <strong>entire C-suite</strong>: CEO, CFO, COO, CRO, CIO, CTO, CMO, General Counsel and the board.</p><p>This piece is about that missing layer: the <strong>control picture</strong> for agentic AI across Order-to-Cash (O2C) and Procure-to-Pay (P2P), and the C3 fabric (command, control, communications) you need on top.</p><p>If you read the McKinsey agenda and thought, <em>&#8220;This is broadly right, but I still don&#8217;t see how this actually behaves across my value streams,&#8221;</em> you&#8217;re exactly who I&#8217;m writing for.</p><div><hr></div><h2><strong>1. Agentic AI lives in value streams, not in isolated &#8220;use cases&#8221;</strong></h2><p>Most agentic discussions stay safely abstract: &#8220;agents that triage tickets&#8221;, &#8220;agents that draft contracts&#8221;, &#8220;agents that optimise pricing&#8221;.</p><p>The reality in a scaled enterprise is messier. Those agents don&#8217;t live in isolation; they live <strong>inside value streams</strong>:</p><ul><li><p><strong>Order-to-Cash</strong>: from shaping demand and pricing, through order capture and credit decisions, to fulfilment, invoicing, collections and dispute resolution.</p></li><li><p><strong>Procure-to-Pay</strong>: from sensing needs and sourcing, through RFI/RFP, negotiation, contract management, ordering and goods receipt, to payables and working-capital decisions.</p></li></ul><p>If you put agents into these flows, you&#8217;re not just making individual steps faster. You&#8217;re:</p><ul><li><p>changing <strong>who reasons about what</strong>,</p></li><li><p>changing <strong>how decisions interact over time</strong>, and</p></li><li><p>creating new ways for value and risk to propagate across the system.</p></li></ul><p>That&#8217;s the part the glossy decks usually skip.</p><div><hr></div><h2><strong>2. The tempting side: value flywheels in O2C and P2P</strong></h2><p>On the value side, the story is seductive and real.</p><p>In <strong>Order-to-Cash</strong>, agents can help:</p><ul><li><p>personalise offers and pricing,</p></li><li><p>detect churn and collections risk earlier,</p></li><li><p>orchestrate proactive outreach,</p></li><li><p>compress cycle times from order to cash realisation.</p></li></ul><p>In <strong>Procure-to-Pay</strong>, agents can:</p><ul><li><p>sense needs and opportunities from spend, incidents and roadmap signals,</p></li><li><p>run continuous market scans and sourcing cycles,</p></li><li><p>normalise and compare vendor responses,</p></li><li><p>drive contract clean-up, renegotiation and resilience improvements.</p></li></ul><p>If you get this right:</p><ul><li><p>more agentic penetration in O2C and P2P &#8594; more realised value (revenue quality, structural cost, resilience, working capital) &#8594; more appetite to expand agents &#8594; more penetration.</p></li></ul><p>You&#8217;ve effectively built <strong>two reinforcing value flywheels</strong>: one in O2C, one in P2P. That&#8217;s the part every board likes to hear.</p><p>Unfortunately, that&#8217;s not the whole system.</p><div><hr></div><h2><strong>3. Where brittleness really comes from</strong></h2><p>The moment you let agents pick routes and act across value streams, you also create <strong>new failure modes</strong> that don&#8217;t exist in simple automation.</p><p>It&#8217;s not that &#8220;agents are fragile&#8221;. It&#8217;s that:</p><ul><li><p>you&#8217;re increasing the <strong>concatenated decision complexity</strong>, many small local decisions interacting in ways no one saw during testing,</p></li><li><p>you&#8217;re introducing <strong>new blind spots,</strong> regions of the state space no human or rule ever explored,</p></li><li><p>and you&#8217;re creating the possibility that <strong>two agents, each &#8220;within policy&#8221;, combine into a risk you never approved.</strong></p></li></ul><p>A simple example:</p><ul><li><p>A <strong>sales/pricing agent</strong> learns it can hit its revenue goal by shifting offers toward segments a separate <strong>credit agent </strong>also finds borderline acceptable.</p></li><li><p>Each is &#8220;within policy&#8221;; together they create a concentrated pocket of fragile credit risk.</p></li></ul><p>Nothing in the UI looks &#8220;wrong&#8221;. The brittleness is not a coding bug; it&#8217;s a <strong>system-level interaction effect</strong>.</p><p>If you treat this like ordinary automation, your control options degrade to two extremes:</p><ul><li><p><strong>Do nothing</strong> and hope you don&#8217;t get unlucky.</p></li><li><p><strong>Slam the brakes</strong> after a bad incident and manually clamp everything down.</p></li></ul><p>You need something better.</p><div><hr></div><h2><strong>4. Rules of Engagement as control rods, not feature flags</strong></h2><p>In an agentic fabric, the real control surface isn&#8217;t &#8220;this agent on / off&#8221;. It&#8217;s the <strong>Rules of Engagement (RoE)</strong>:</p><ul><li><p>What goals is an agent allowed to pursue?</p></li><li><p>What tools can it call, and in what order?</p></li><li><p>What kinds of situations must be handed off?</p></li><li><p>How far can it go without explicit approval?</p></li></ul><p>RoEs are to agents what <strong>control rods are to a nuclear reactor</strong>:</p><ul><li><p>You don&#8217;t turn the reactor on and off; you <strong>insert or withdraw the rods</strong> to moderate the rate of fission.</p></li><li><p>Push them all the way in and the system slows to a crawl.</p></li><li><p>Pull them out too quickly and you invite runaway reactions.</p></li></ul><p>RoEs work the same way:</p><ul><li><p>You can tighten them to reduce autonomy and slow risk accumulation.</p></li><li><p>You can loosen them to let agents explore more of the possibility space and unlock more value.</p></li><li><p>You never want to yank them from &#8220;tight&#8221; to &#8220;loose&#8221; in one move; you adjust <strong>gradually, with feedback</strong>.</p></li></ul><p>Critically, RoE adjustments shouldn&#8217;t be hand-tuned by whoever shouts loudest. They should be driven by <strong>Sentinels</strong>:</p><ul><li><p>agents (or ensembles of models) that specialise in <strong>watching the fabric itself</strong>,</p></li><li><p>measuring drift, concentrations and emergent patterns,</p></li><li><p>recommending RoE tightening or loosening based on evidence,</p></li><li><p>and triggering <strong>STOP actions</strong> when the system crosses predefined risk envelopes.</p></li></ul><p>Sentinels and RoE logic are the heart of <strong>C3 for agents</strong>: command, control and communications.</p><div><hr></div><h2><strong>5. Behavioural IP as a capital asset</strong></h2><p>If you build this properly, you end up with something most enterprises don&#8217;t realise they have:</p><blockquote><p>A <strong>behavioural model</strong> of the firm, the policies, critics, RoE patterns, Sentinels and playbooks that define how agents are allowed to behave in your name.</p></blockquote><p>That model is <strong>not consulting slideware</strong>. It&#8217;s:</p><ul><li><p>codified judgement about risk appetite, fairness, conduct and resilience,</p></li><li><p>the institutional memory of how you handled prior incidents,</p></li><li><p>the logic that your auditors, supervisors and regulators will eventually interrogate.</p></li></ul><p>Treated properly, this behavioural model is <strong>IP</strong>, a capital asset, not IT plumbing.</p><p>Vendors and advisors have a role, but they won&#8217;t carry the responsibility for behaviour, LLMs are not deterministic, they&#8217;re probabilistic, and certainly not the liability when agentic systems misbehave and cause damage or loss of resources. The C-suite will.</p><p>That&#8217;s exactly why enterprises need to <strong>own and control the IP over their behavioural model</strong>. No matter what consulting firms sell you, you will be the one holding the bag when things go wrong, so you might as well own it outright, shape it to your values, and in many jurisdictions recognise it as R&amp;D and capture the corresponding tax incentives.</p><div><hr></div><h2><strong>6. The system dynamics view (for the modellers)</strong></h2><p>If you prefer to think in <strong>system dynamics</strong> terms, the story above can be sketched as a small set of stocks and feedback loops around O2C, P2P, the agentic fabric and C3.</p><p><strong>Core variables</strong></p><ul><li><p><strong>O2C agentic penetration</strong> &#8211; how much of the Order-to-Cash workflow is handled by agents.</p></li><li><p><strong>P2P agentic penetration</strong> &#8211; same for Procure-to-Pay.</p></li><li><p><strong>Realised business value</strong> &#8211; revenue quality, structural cost, resilience, working capital.</p></li><li><p><strong>Appetite to expand agents</strong> &#8211; willingness to deploy agents into more of the streams.</p></li><li><p><strong>Blind spots / complexity</strong> &#8211; concatenated decision complexity and system blind spots.</p></li><li><p><strong>New failure modes &amp; risk concentrations</strong> &#8211; novel ways things can go wrong and cluster.</p></li><li><p><strong>Incident frequency / severity</strong> &#8211; material mis-behaviours, near-misses, war-room events.</p></li><li><p><strong>C3 maturity</strong> &#8211; strength of command / control / comms (Sentinels, RoE logic, STOP actions, evidence, drills).</p></li><li><p><strong>Behavioural IP strength</strong> &#8211; clarity and ownership of the behavioural model.</p></li><li><p><strong>Behavioural trust</strong> &#8211; confidence from board, regulators and internal governance that behaviour is under control.</p></li><li><p><strong>Permitted autonomy / RoE looseness</strong> &#8211; how much freedom agents have to act in the live value streams.</p></li></ul><p><strong>Reinforcing loops you want (value flywheels)</strong></p><ul><li><p><strong>R1a &#8211; O2C value flywheel</strong></p><p>More O2C penetration &#8594; more realised value &#8594; more appetite to expand &#8594; more O2C penetration.</p></li><li><p><strong>R1b &#8211; P2P value flywheel</strong></p><p>More P2P penetration &#8594; more realised value &#8594; more appetite to expand &#8594; more P2P penetration.</p></li></ul><p>Together these form the <strong>&#8220;this is why we&#8217;re doing this&#8221;</strong> story.</p><p><strong>Balancing loop you can&#8217;t ignore (freeze / clampdown)</strong></p><ul><li><p>More O2C and P2P penetration &#8594; more blind spots and complexity &#8594; more new failure modes &#8594; more incidents &#8594; less behavioural trust &#8594; tighter RoE and less permitted autonomy &#8594; lower effective penetration.</p></li></ul><p>If you don&#8217;t deliberately build C3, this is how the story ends: <strong>a big incident, a regulatory shock, and a forced clampdown</strong> that freezes agents out of the streams just when you were starting to see value.</p><p><strong>Governance and learning loops (what you actually want to build)</strong></p><ul><li><p><strong>R4 &#8211; C3 learning &amp; stabilisation</strong></p><p>Incidents trigger investment in C3. Better C3 reduces incident severity, provides better evidence, and rebuilds behavioural trust, which justifies loosening RoE where the system is well-behaved and scaling agents in the right places.</p></li><li><p><strong>R5 &#8211; Behavioural IP / capital asset</strong></p><p>As C3 matures, your behavioural model becomes clearer and better documented. That strengthens trust with board, regulators and auditors, which in turn gives you more room to deploy agents without triggering a political or regulatory freeze.</p></li></ul><p>Put differently:</p><ul><li><p>the <strong>blue loops</strong> (R1a/R1b) explain why agentic AI is tempting;</p></li><li><p>the <strong>purple loop</strong> (B1) explains why it can blow up in your face;</p></li><li><p>the <strong>green and red loops</strong> (R4/R5) are the only reason you can scale agents without constantly slamming in the control rods.</p></li></ul><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!wCE0!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!wCE0!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 424w, https://substackcdn.com/image/fetch/$s_!wCE0!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 848w, https://substackcdn.com/image/fetch/$s_!wCE0!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 1272w, https://substackcdn.com/image/fetch/$s_!wCE0!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!wCE0!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic" width="1456" height="1029" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1029,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:117589,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/heic&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://thinkinginloops.substack.com/i/184158524?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!wCE0!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 424w, https://substackcdn.com/image/fetch/$s_!wCE0!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 848w, https://substackcdn.com/image/fetch/$s_!wCE0!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 1272w, https://substackcdn.com/image/fetch/$s_!wCE0!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F595a38a3-7a46-408e-9465-f075346ba1c2_1768x1250.heic 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><blockquote><p><strong>Figure &#8211; Agentic AI across Order-to-Cash and Procure-to-Pay as a feedback system</strong></p><p>Order-to-Cash and Procure-to-Pay agentic penetration sit at the bottom of the diagram. Each drives realised business value and appetite to expand agents, forming two reinforcing value flywheels (R1a O2C, R1b P2P). The same penetration increases blind spots and concatenated complexity, creating new failure modes and incidents. As incidents accumulate, behavioural trust (board, regulators, internal) erodes, permitted autonomy (Rules of Engagement looseness) tightens, and effective agentic penetration is throttled &#8211; the B1 &#8220;freeze / clampdown&#8221; loop.</p><p>C3 maturity (command, control and communications, Sentinels, RoE logic, STOP actions, evidence, drills) and the strength of the behavioural IP (the owned behavioural model of the firm) create two additional reinforcing loops (R4, R5). Incidents trigger investment in C3, which over time reduces incident severity and rebuilds trust; C3 also sharpens behavioural IP, which further stabilises trust. Together, these loops allow the C-suite to scale agents across O2C and P2P where they create value without losing control.</p></blockquote><h2><strong>7. What the C-suite should actually ask for</strong></h2><p>If you&#8217;re a CEO, CFO or COO reading this, you don&#8217;t need to become a system dynamics modeller. But you should be able to ask <strong>better questions</strong> than &#8220;what&#8217;s our agentic roadmap?&#8221;.</p><p>Here&#8217;s a starting checklist:</p><ol><li><p><strong>Value streams, not use cases</strong></p><ul><li><p><em>&#8220;Show me where agents touch Order-to-Cash and Procure-to-Pay, end-to-end. What decisions are they actually making?&#8221;</em></p></li></ul></li><li><p><strong>C3, not just models</strong></p><ul><li><p><em>&#8220;What is our C3 stack, Sentinels, RoE logic, STOP actions, evidence pipelines, drills? Who owns it?&#8221;</em></p></li></ul></li><li><p><strong>Rules of Engagement as control rods</strong></p><ul><li><p><em>&#8220;How are RoEs defined, adjusted and audited? What&#8217;s the change process when Sentinels recommend tightening or loosening?&#8221;</em></p></li></ul></li><li><p><strong>Incident definition and playbooks</strong></p><ul><li><p><em>&#8220;What counts as a &#8216;war-room-worthy&#8217; agentic incident? Who gets the call? What does the playbook say we do in the first 24 hours?&#8221;</em></p></li></ul></li><li><p><strong>Behavioural IP ownership</strong></p><ul><li><p><em>&#8220;Where is our behavioural model documented? Who signs off changes? How much of this is actually ours vs buried in vendor black boxes or consulting decks?&#8221;</em></p></li></ul></li><li><p><strong>Evidence for supervisors and auditors</strong></p><ul><li><p><em>&#8220;If a regulator walks in tomorrow and says &#8216;show me how your agents behave, and what you do when they misbehave&#8217;, what artefacts do we put on the table?&#8221;</em></p></li></ul></li><li><p><strong>Scaling discipline</strong></p><ul><li><p><em>&#8220;How fast are we allowed to ramp agentic penetration in O2C and P2P, given our current C3 maturity and trust envelope?&#8221;</em></p></li></ul></li></ol><p>If the answers are vague, heavily outsourced, or scattered across vendors, you don&#8217;t have an &#8220;agentic strategy&#8221;. You have a collection of experiments and a large, unpriced option on future governance headaches.</p><div><hr></div><p>The McKinsey agenda is broadly right on <em>where</em> CEOs should look.</p><p>The missing layer is <strong>how you keep control once you put agents into the flow</strong>, who owns the dials, what counts as an incident, what evidence you can show regulators, and what you must own as behavioural IP.</p><p>That&#8217;s the difference between an agentic age that compounds value, and one that ends with your board asking why the only plan was &#8220;ship the deck and hope&#8221;.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[When Agentic AI Goes Wrong]]></title><description><![CDATA[A C-Suite Playbook for Stop-Actions and &#8220;Break-Glass&#8221; Moments]]></description><link>https://thinkinginloops.substack.com/p/when-agentic-ai-goes-wrong</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/when-agentic-ai-goes-wrong</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Tue, 06 Jan 2026 10:14:42 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!-R30!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa6a266a0-3d49-4fb5-8a83-5599906ca258_144x144.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>You don&#8217;t really know your agentic AI strategy until something goes wrong.</p><p>Not a small bug. Not one bad answer.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>I mean situations where:</p><ul><li><p>credit is being mis-assigned at scale,</p></li><li><p>customers are being treated in ways you&#8217;d never sign off on,</p></li><li><p>or core processes (hiring, procurement, claims, collections, accounting) are clearly behaving &#8220;off-script&#8221;.</p></li></ul><p>In other words: an <strong>agentic incident</strong>.</p><p>Most enterprises are racing to design agents. Very few are designing how the <strong>C-suite runs the room</strong> when those agents misbehave.</p><p>This is not a technical runbook first. It&#8217;s a question of:</p><ul><li><p>who is in the room,</p></li><li><p>what they look at,</p></li><li><p>what rights they have to stop or slow the system,</p></li><li><p>and how they explain those decisions to the board, regulators and markets.</p></li></ul><p>This playbook is written from <strong>the C-suite chair</strong>, not from the SRE console.</p><div><hr></div><h2><strong>1. Why every agentic programme needs an &#8220;incident theory of operation&#8221;</strong></h2><p>If you deploy agents into money, customers or obligations, you are implicitly making four decisions, even if you&#8217;ve never written them down:</p><ol><li><p><strong>What counts as &#8220;bad enough&#8221; to be an incident?</strong></p><ul><li><p>A single egregious decision?</p></li><li><p>A pattern that crosses some harm or exposure threshold?</p></li><li><p>Anything that could plausibly trigger litigation, regulatory breach, or reputational damage, <strong>even if it&#8217;s profitable in the short term</strong>?</p></li></ul><p>The hardest calls won&#8217;t be &#8220;the agent failed and we lost money&#8221;. They&#8217;ll be dilemmas:</p></li></ol><blockquote><p>&#8220;Yes, the agent treated some customers or candidates in ways we wouldn&#8217;t publicly defend&#8230; but we gained 2% this quarter.&#8221;</p></blockquote><ol><li><p>If your definition of &#8220;incident&#8221; quietly excludes profitable misbehaviour, you&#8217;ve just told the system, and your people, that <strong>numbers beat norms</strong>. From a governance perspective, an episode where agents break your stated principles, create latent legal risk, or undermine trust <strong>is an incident</strong>, even if the P&amp;L looks better this quarter. The whole point of having thresholds and stop-actions is to make sure short-term uplift doesn&#8217;t blind you to long-term damage.</p></li><li><p><strong>Who is allowed to say &#8220;STOP&#8221;?</strong></p><ul><li><p>Is there any point where the system stops itself?</p></li><li><p>Can a Sentinel process trigger a stop-action that no single executive can quietly override?</p></li><li><p>Or is everything informal and ad hoc?</p></li></ul></li><li><p><strong>What happens in the first hour?</strong></p><ul><li><p>Who gets pulled into the war room (CEO, COO, CFO, CTO, CIO, CISO, Risk, Legal, Comms)?</p></li><li><p>What information do they see by default?</p></li><li><p>What decisions are they expected to make, and on what timescale?</p></li></ul></li><li><p><strong>How is this evidenced after the fact?</strong></p><ul><li><p>If a supervisor, regulator or plaintiff&#8217;s lawyer asks, &#8220;What did you know and when did you know it?&#8221;</p></li><li><p>Can you show:</p><ul><li><p>the behaviours,</p></li><li><p>the alerts,</p></li><li><p>the decisions,</p></li><li><p>and the remedial actions, end to end?</p></li></ul></li></ul></li></ol><p>Right now, in most organisations, the honest answer is:</p><blockquote><p>&#8220;We&#8217;ll figure it out when it happens.&#8221;</p></blockquote><p>That&#8217;s exactly what you <strong>cannot</strong> say once agents are allowed to act autonomously across thousands or millions of micro-decisions.</p><p>From a C-suite perspective, you want to be able to answer three simple questions <em>before</em> you scale:</p><ul><li><p>What events does the system treat as <strong>warning</strong>, <strong>incident</strong>, and <strong>break-glass</strong>?</p></li><li><p>Who owns the <strong>stop-actions</strong> and <strong>break-glass calls</strong>?</p></li><li><p>What <strong>telemetry and summaries</strong> land on the table in the first 30&#8211;60 minutes so those calls aren&#8217;t blind?</p></li></ul><p>You&#8217;re not designing dashboards. You&#8217;re designing <strong>who sweats, in what sequence, with what information, and what authority</strong>.</p><div><hr></div><h2><strong>2. Before you ever break the glass: governance, boundaries and contingencies</strong></h2><p>If you wait for the first serious agentic incident to design your governance, you&#8217;re already late.</p><p>From a C-suite point of view, there are three layers you want <em>in place</em> before any playbook is used:</p><ol><li><p><strong>Where agents are allowed to act, and where they aren&#8217;t.</strong></p></li><li><p><strong>What counts as drift, incident, and break-glass.</strong></p></li><li><p><strong>How compliance, risk, legal and security are wired into those choices.</strong></p></li></ol><p>Think of it as defining the <strong>operating envelope</strong> for agentic behaviour, with explicit boundaries and pre-agreed contingencies.</p><h3><strong>2.1 Map the terrain: where agents can touch value and obligations</strong></h3><p>This is not a technical list of microservices. It&#8217;s a <strong>business map</strong>:</p><ul><li><p>Which flows will agents touch that involve:</p><ul><li><p><strong>Money</strong> &#8211; pricing, discounts, credit, collections, procurement, hedging.</p></li><li><p><strong>People</strong> &#8211; hiring, promotion, terminations, customer treatment, support decisions.</p></li><li><p><strong>Obligations</strong> &#8211; contractual commitments, regulatory filings, audit evidence, safety decisions.</p></li></ul></li></ul><p>For each of these flows, the C-suite should be able to answer:</p><ul><li><p>Is this a <strong>no-go zone</strong> for autonomy (assistive only, human makes the call)?</p></li><li><p>Is this a <strong>shared-control zone</strong> (agent proposes, human approves under clear rules)?</p></li><li><p>Is this a <strong>delegated zone</strong> (agent acts within limits; humans review patterns, not every decision)?</p></li></ul><p>That&#8217;s your first line of defence: <strong>knowing where you&#8217;ve actually delegated judgement</strong>.</p><h3><strong>2.2 Define thresholds: from drift to incident to break-glass</strong></h3><p>Next, you need a <strong>simple, written classification</strong> that compliance and governance can live with:</p><ul><li><p><strong>Drift / yellow</strong></p><p>Behaviour is changing inside the allowed envelope (e.g., shift in average discount, call-handling patterns, candidate pass rates).</p><p>&#8594; Action: Sentinel monitoring, analysis, potential policy tweak. No war room.</p></li><li><p><strong>Incident / orange</strong></p><p>Behaviour crosses a line that could create <strong>harm, regulatory breach or control failure</strong> if left unchecked (e.g., cluster of unfair denials, anomalous credit decisions, suspicious contract terms).</p><p>&#8594; Action: Formal incident process, defined participants (COO, CTO, CIO, CISO, Risk, Legal), time-bound assessment and mitigation.</p></li><li><p><strong>Break-glass / red</strong></p><p>Behaviour is clearly <strong>unacceptable at scale</strong> or has already created a situation that:</p><ul><li><p>threatens <strong>cash flow or solvency</strong>,</p></li><li><p>undermines <strong>internal control over financial reporting</strong>,</p></li><li><p>or poses <strong>real regulatory, safety, security or licence-to-operate risk</strong>.</p><p>&#8594; Action: pre-authorised <strong>stop-actions</strong> on agents or flows, escalation to CEO and board chair / audit committee where required, engagement with regulators as appropriate, and integration with the broader security incident process if there&#8217;s any sign of compromise.</p></li></ul></li></ul><p>These thresholds are not a technical detail; they&#8217;re <strong>governance objects</strong>:</p><ul><li><p>Compliance, Legal and Security should help write them.</p></li><li><p>The board and audit / risk committees should see and endorse them.</p></li><li><p>The C-suite should rehearse them in tabletop exercises.</p></li></ul><h3><strong>2.3 Assign ownership: who signs off on what, before anything happens</strong></h3><p>Before any agent is deployed into a high-stakes flow, you want a <strong>clear, pre-agreed ownership map</strong>:</p><ul><li><p><strong>COO</strong> &#8211; owns where and how agents are embedded in operations, and what &#8220;pausing a flow&#8221; really means for business continuity.</p></li><li><p><strong>CFO</strong> &#8211; signs off on where agents can influence <strong>cash flow, P&amp;L and financial exposure</strong>, and what triggers &#8220;material weakness&#8221; / disclosure conversations.</p></li><li><p><strong>CTO</strong> &#8211; owns the <strong>behavioural fabric</strong>: agent policies, Sentinels, stop-actions, decision logs.</p></li><li><p><strong>CIO</strong> &#8211; owns <strong>observability, logging and evidence</strong>: can we reconstruct what happened, by whom, when?</p></li><li><p><strong>CISO / Security</strong> &#8211; owns the <strong>security posture of the agentic fabric</strong>: identity, access, isolation, supply chain, abuse detection, and integration with the wider security incident response.</p></li><li><p><strong>CRO / Compliance / Legal</strong> &#8211; define what is a <strong>reportable event</strong>, what timelines apply, and what documentation will be expected by regulators and auditors.</p></li></ul><p>None of this should be invented in the heat of battle. An agentic incident playbook that hasn&#8217;t seen:</p><ul><li><p>compliance review,</p></li><li><p>legal scrutiny,</p></li><li><p>security review,</p></li><li><p>and at least one board / audit-committee discussion,</p></li></ul><p>&#8230;isn&#8217;t really a playbook. It&#8217;s wishful thinking.</p><div><hr></div><h2><strong>3. Four classes of agentic incidents the C-suite should expect</strong></h2><p>Once you map where agents touch value and obligations, four broad classes of incident emerge.</p><h3><strong>3.1 Money: when agents bend cash flow and controls</strong></h3><p>This is where CFOs, treasurers and audit chairs should sit up.</p><p><strong>Financial control failure</strong></p><p>Imagine agents are allowed to propose and post accounting actions:</p><ul><li><p>reallocating costs,</p></li><li><p>adjusting reserves,</p></li><li><p>classifying revenue,</p></li><li><p>tuning provisions.</p></li></ul><p>Over a quarter, small misjudgements compound into patterns that your auditors later identify as a <strong>material weakness in internal control over financial reporting</strong>.</p><p>At that point, you&#8217;re not just fixing a bug. You&#8217;re into:</p><ul><li><p>audit-committee territory,</p></li><li><p>potential restatements,</p></li><li><p>and formal disclosure to the market that your controls failed, and that the failure was, in part, driven by autonomous systems acting under your name.</p></li></ul><p><strong>&#8220;We&#8217;ll never let agents do anything financial&#8221; (and why that isn&#8217;t an answer)</strong></p><p>You might be tempted to say:</p><blockquote><p>&#8220;We&#8217;ll never deploy agents to do anything financial.&#8221;</p></blockquote><p>People usually say that with a smile, as if the topic is closed.</p><p>But unpack it:</p><ul><li><p>You already let software make financial decisions, you just don&#8217;t call it &#8220;agents&#8221;:</p><ul><li><p>credit models approving or declining applications,</p></li><li><p>pricing engines changing discounts in real time,</p></li><li><p>fraud systems blocking or releasing transactions,</p></li><li><p>bots touching invoices, payments and reconciliations,</p></li><li><p>treasury algorithms allocating cash and hedges.</p></li></ul></li></ul><p>Agentic AI is simply the next step in that evolution: systems that don&#8217;t just <strong>score</strong>, but <strong>decide what to do next, which tool to call, and when to stop</strong>.</p><p>Even if you forbid agents from posting journal entries, they will still:</p><ul><li><p>decide who gets what price,</p></li><li><p>who gets extended what credit,</p></li><li><p>which invoices are prioritised or chased,</p></li><li><p>which contracts are renewed on what terms.</p></li></ul><p>All of that <strong>hits cash flow and risk</strong>, even if the general ledger is &#8220;human-only&#8221;.</p><p>So if your position is:</p><blockquote><p>&#8220;Agents will never touch anything financial,&#8221;</p></blockquote><p>you&#8217;re really saying one of three things:</p><ol><li><p>&#8220;We&#8217;ll only use agents on the <strong>safest, least valuable edges</strong> of the business.&#8221;</p></li><li><p>&#8220;We&#8217;ll pretend humans are in control, but in practice they&#8217;ll rubber-stamp whatever the agent proposes.&#8221;</p></li><li><p>&#8220;We haven&#8217;t thought through how agentic behaviour and money are already coupled in our system.&#8221;</p></li></ol><p>None of those is a strategy.</p><p>You don&#8217;t have to let agents post to the ledger. But you <strong>do</strong> have to decide:</p><ul><li><p>where agents are allowed to influence financial outcomes,</p></li><li><p>what stop-actions and Sentinels apply there,</p></li><li><p>and how quickly you&#8217;ll see if that behaviour is drifting into &#8220;material weakness&#8221; territory.</p></li></ul><div><hr></div><h3><strong>3.2 People: when agents amplify or expose unfairness</strong></h3><p>Here, the risk is less about immediate cash, more about <strong>fairness, dignity, liability &#8211; and reputation</strong>.</p><p>Examples:</p><ul><li><p>Hiring agents that quietly disadvantage certain groups or profiles.</p></li><li><p>Customer-service agents that treat complaints from some segments differently than others.</p></li><li><p>Collections or retention agents that cross ethical lines in persistence or tone.</p></li></ul><p>The incident threshold here is not just &#8220;someone complained&#8221;. It&#8217;s patterns:</p><ul><li><p>are there clusters of adverse outcomes around certain demographics, regions, or customer types?</p></li><li><p>is the agent amplifying bias, or acting as a counterweight to known human biases?</p></li></ul><p>Now add the legal horizon.</p><p>Regulators are already moving towards <strong>explicit frameworks for automated decisions in hiring and employment</strong> &#8211; fairness audits, transparency requirements, impact assessments, obligations to notify and sometimes <strong>self-report non-compliance</strong>. The direction of travel is clear:</p><ul><li><p>if you use automated systems in hiring and promotion, you&#8217;ll be expected to:</p><ul><li><p><strong>measure</strong> disparate impact,</p></li><li><p>keep <strong>evidence</strong> of how the system was designed, tested and monitored,</p></li><li><p>and act when unfair patterns are found, not just shrug and blame &#8220;the algorithm&#8221;.</p></li></ul></li></ul><p>When those frameworks harden (and they will, in the not-too-distant future), an agentic incident in hiring stops being a &#8220;HR issue&#8221; and becomes:</p><ul><li><p>a <strong>compliance problem</strong> (you failed to meet explicit obligations),</p></li><li><p>a <strong>legal problem</strong> (complaints and litigation have a stronger footing),</p></li><li><p>a <strong>board-level problem</strong> (reportable failures of your control framework),</p></li><li><p>and a <strong>reputational problem</strong> that can outlive the lawsuit.</p></li></ul><p>Once you are publicly associated with:</p><ul><li><p>discriminatory hiring practices,</p></li><li><p>unfair treatment of candidates or employees,</p></li><li><p>or &#8220;AI that screens people out for the wrong reasons&#8221;,</p></li></ul><p>you&#8217;re not just dealing with court filings; you&#8217;re dealing with:</p><ul><li><p>talent who quietly decide not to apply,</p></li><li><p>customers who don&#8217;t want to be associated with you,</p></li><li><p>and investors and partners who start to price in <strong>trust risk</strong>.</p></li></ul><p>In that world, weak or performative HR practices can get <strong>crushed by the legal weight</strong> of the new rules <em>and</em> by the reputational drag of public cases:</p><ul><li><p>&#8220;We didn&#8217;t know the agent was biased&#8221; won&#8217;t land well.</p></li><li><p>&#8220;The vendor told us it was fine&#8221; won&#8217;t land well.</p></li><li><p>&#8220;We never checked&#8221; will look like negligence.</p></li></ul><p>So the question for the C-suite is not:</p><blockquote><p>&#8220;Can agents help us reduce bias in hiring?&#8221;</p></blockquote><p>It&#8217;s:</p><ul><li><p>Where are agents already influencing who gets seen, shortlisted, interviewed and hired?</p></li><li><p>What <strong>fairness metrics</strong>, <strong>Sentinels</strong> and <strong>stop-actions</strong> do we have in place?</p></li><li><p>If a regulator, court, or journalist asks &#8220;Show us how you ensured this wasn&#8217;t unfair,&#8221; what will we actually put on the table?</p></li></ul><p>And critically:</p><blockquote><p>Sentinels are necessary, but they&#8217;re not sufficient. In high-stakes people flows, companies will have to <strong>test continuously for bias</strong>, scheduled fairness audits, back-testing decisions against relevant groups where the law allows, stress-testing models under different scenarios, and documenting what changed as a result. This needs to look less like a one-off AI project review and more like <strong>ongoing internal control testing</strong>, the way you treat financial controls under audit.</p></blockquote><p>An agentic incident in people flows is no longer just a PR blip. It&#8217;s where <strong>emerging legal frameworks, your HR practices, and your reputation collide</strong>, and in that collision, the law and public opinion will win.</p><div><hr></div><h3><strong>3.3 Licence-to-operate: regulators, safety and obligations</strong></h3><p>In safety-critical or highly regulated domains, some agents operate right on the edge of your licence to operate:</p><ul><li><p>recommendation engines in healthcare or insurance,</p></li><li><p>agents touching safety-relevant decisions in transportation or industrial settings,</p></li><li><p>systems that help prepare filings, disclosures or regulatory reports.</p></li></ul><p>The line between &#8220;smart automation&#8221; and &#8220;delegated responsibility&#8221; is thin here.</p><p>An incident isn&#8217;t just &#8220;the model was wrong&#8221;; it&#8217;s:</p><ul><li><p><strong>misleading a regulator</strong>,</p></li><li><p><strong>breaching a duty of care</strong>,</p></li><li><p>or creating a pattern of behaviour that makes your entire control framework look unreliable.</p></li></ul><div><hr></div><h3><strong>3.4 Security &amp; adversarial control: when someone else drives your agents</strong></h3><p>The last category is the one that can go <strong>thermonuclear</strong> fastest: incidents where agents aren&#8217;t just wrong; they&#8217;re being <strong>steered</strong>.</p><p>Agentic systems expand your <strong>attack surface</strong>:</p><ul><li><p>Agents that call tools and APIs can be manipulated via <strong>prompt injection</strong> or compromised data sources.</p></li><li><p>Connectors into CRM, ERP, ticketing, payment gateways or cloud consoles increase the blast radius of any <strong>credential theft or privilege escalation</strong>.</p></li><li><p>Training data, feedback loops, and reward functions can be <strong>poisoned</strong> so that &#8220;normal&#8221; optimisation quietly drifts into harmful territory.</p></li><li><p>Malicious insiders can change policies or thresholds so that agents &#8220;follow the rules&#8221; while doing things no sane governance process would approve.</p></li></ul><p>The result is a new class of security incident:</p><blockquote><p>Not &#8220;they exfiltrated our data&#8221;, but &#8220;they hijacked our agents and made them <em>decide</em> badly at scale.&#8221;</p></blockquote><p>Examples:</p><ul><li><p>Credit or pricing agents nudged to systematically approve marginal customers in one region, quietly increasing exposure.</p></li><li><p>Procurement or treasury agents steered to favour certain counterparties or terms.</p></li><li><p>Operational agents tricked into shutting down or degrading services under plausible pretexts.</p></li><li><p>Customer-facing agents made to give wrong, harmful or litigious advice while looking superficially compliant.</p></li></ul><p>This is the AI-era analogue of business email compromise, except instead of tricking one person into paying one fake invoice, you can steer <strong>many agents</strong> touching <strong>many flows</strong> for as long as it takes someone to notice.</p><p>From a C-suite angle, you should treat this as <em>both</em>:</p><ul><li><p>a <strong>security incident</strong> (SOC, CISO, threat intel, forensics), and</p></li><li><p>an <strong>agentic incident</strong> (COO, CFO, Risk, Legal, board).</p></li></ul><p>Key questions:</p><ul><li><p>How hard is it today to <strong>trick, jailbreak or override</strong> your agents via content, tools or connectors?</p></li><li><p>If an attacker compromised one identity or API key, which <strong>agents and actions</strong> could they drive?</p></li><li><p>Do your Sentinels and DLQs make <strong>adversarial patterns</strong> visible, or would they look like &#8220;weird but plausible&#8221; business behaviour for too long?</p></li><li><p>When an incident smells like adversarial control, how fast does the <strong>security incident process</strong> snap into place alongside the agentic playbook?</p></li></ul><p>This is where &#8220;thermonuclear&#8221; is not hyperbole:</p><ul><li><p>If someone else can bend agents that touch credit, pricing, procurement, trading, safety or customer treatment, they can create damage that looks <em>self-inflicted</em> from the outside, and that&#8217;s exactly how markets, regulators and courts will perceive it.</p></li></ul><div><hr></div><h2><strong>4. Stop-actions, Sentinels and DLQs &#8211; in business language</strong></h2><p>Under the hood, teams will talk about queues, pipelines and services. At your level, three concepts matter:</p><ol><li><p><strong>Stop-actions</strong> &#8211; what the system is allowed to halt, automatically or by order.</p></li><li><p><strong>Sentinels</strong> &#8211; processes that watch behaviour across agents and raise the flag.</p></li><li><p><strong>Dead-Letter Queues (DLQs)</strong> &#8211; where questionable decisions go to be quarantined and examined.</p></li></ol><h3><strong>4.1 Stop-actions: not just killing a service</strong></h3><p>A stop-action isn&#8217;t &#8220;turn off the cluster&#8221;.</p><p>It&#8217;s a <strong>business-level intervention</strong>, such as:</p><ul><li><p>stop approving <strong>new credit</strong> above a threshold until reviewed,</p></li><li><p>stop <strong>auto-renewals</strong> of contracts with certain clauses,</p></li><li><p>stop <strong>auto-declines</strong> in a hiring funnel for a given job family,</p></li><li><p>stop <strong>collections</strong> from using a certain script or channel.</p></li></ul><p>The design questions for the C-suite are:</p><ul><li><p>What stop-actions exist today for each high-stakes flow?</p></li><li><p>Who can trigger them: Sentinel, human, or both?</p></li><li><p>When they trigger, what exactly pauses &#8211; and what continues?</p></li></ul><h3><strong>4.2 Sentinels: the first reviewer, not the last</strong></h3><p>Given the volume and combinatorics of agent decisions, relying on humans to &#8220;spot problems&#8221; is brittle.</p><p>You need <strong>Sentinel processes</strong> whose job is to:</p><ul><li><p>cluster and analyse decisions across agents and time,</p></li><li><p>look for anomalies, drift and clusters of STOP events,</p></li><li><p>and escalate in a structured way when thresholds are crossed.</p></li></ul><p>In mature setups, a <strong>Sentinel LLM</strong> or analytics layer acts as the <em>first</em> reviewer:</p><ul><li><p>It ingests:</p><ul><li><p>decision logs,</p></li><li><p>context,</p></li><li><p>outcomes,</p></li><li><p>exceptions and complaints.</p></li></ul></li><li><p>It then:</p><ul><li><p>identifies where things look off,</p></li><li><p>links similar patterns across regions/teams/periods,</p></li><li><p>and produces <strong>summaries</strong> for humans:</p><ul><li><p>&#8220;Here is what is happening,&#8221;</p></li><li><p>&#8220;Here is how big it is,&#8221;</p></li><li><p>&#8220;Here is where it&#8217;s concentrated,&#8221;</p></li><li><p>&#8220;Here are three plausible explanations.&#8221;</p></li></ul></li></ul></li></ul><p>The point is not to have AI policing AI for vanity. It&#8217;s to avoid asking humans to read <strong>millions</strong> of micro-decisions without a lens.</p><p>For security and adversarial incidents, Sentinels need to be tuned to:</p><ul><li><p>detect <strong>unusual correlations</strong> across agents and flows,</p></li><li><p>flag patterns that look like <strong>coordinated manipulation</strong>,</p></li><li><p>and hand those to security teams as well as operations.</p></li></ul><h3><strong>4.3 DLQs: where the &#8220;bad stuff&#8221; goes, and why it matters</strong></h3><p>A <strong>Dead-Letter Queue (DLQ)</strong> is where decisions go when:</p><ul><li><p>a Sentinel or rule flags them as suspicious,</p></li><li><p>a stop-action kicks in,</p></li><li><p>or a downstream system rejects them.</p></li></ul><p>From a governance perspective, DLQs are gold:</p><ul><li><p>They show where the system is struggling.</p></li><li><p>They provide training and test data for better policies.</p></li><li><p>They become the <strong>evidence base</strong> for:</p><ul><li><p>internal audit,</p></li><li><p>regulators,</p></li><li><p>security forensics,</p></li><li><p>and your own post-mortems.</p></li></ul></li></ul><p>In a serious incident, one of the first questions should be:</p><blockquote><p>&#8220;What does the DLQ tell us? Are we looking at one weird outlier, or the visible tip of a pattern we&#8217;ve been quietly quarantining for months?&#8221;</p></blockquote><h3><strong>4.4 &#8220;Who checks the checker?&#8221; &#8211; layered defence and fail-safes</strong></h3><p>One of the easiest traps in agentic governance is to point at a single Sentinel, committee, or approval step and say:</p><blockquote><p>&#8220;That&#8217;s our safety layer.&#8221;</p></blockquote><p>It isn&#8217;t. It&#8217;s a single point of failure.</p><p>In high-stakes flows you want <strong>layers of defence</strong>, not just agent &#8594; Sentinel &#8594; human, but:</p><ul><li><p><strong>Primary agents</strong></p><p>&#8211; execute policies, take actions, write to logs with full context (inputs, tools used, outputs, timing).</p></li><li><p><strong>First-line Sentinels (L1)</strong></p><p>&#8211; watch patterns across agents, flag anomalies, push suspect items to DLQs and stop-actions.</p></li><li><p><strong>Second-line Sentinels (L2)</strong></p><p>&#8211; <em>watch the watchers</em>:</p><ul><li><p>monitor the behaviour of L1 Sentinels themselves,</p></li><li><p>check whether thresholds, bias tests and stop-actions are being applied consistently,</p></li><li><p>look for &#8220;silent failures&#8221; where the first line stopped raising its hand.</p></li></ul></li><li><p><strong>Human second line &#8211; risk, compliance, security</strong></p><p>&#8211; review Sentinel output as a <strong>portfolio</strong>, not case by case,</p><p>&#8211; challenge thresholds and blind spots (&#8220;why is nothing ever flagged in this region/product?&#8221;).</p></li><li><p><strong>Third line &#8211; internal audit</strong></p><p>&#8211; periodically test the whole chain end-to-end:</p><p>&#8220;Given our risk appetite and obligations, are the agents, Sentinels and stop-actions actually behaving like the control framework we think we have?&#8221;</p></li></ul><p>In other words: <em>who checks the checker</em> can&#8217;t be an afterthought.</p><h4><strong>Fail-safes: when the defence itself realises something is wrong</strong></h4><p>On top of that, you need <strong>fail-safes</strong>, conditions where the <em>layered defence</em> recognises that it might be compromised and <strong>initiates a stop-action on its own</strong>, without waiting for humans to notice.</p><p>Think of it as a &#8220;break glass on the control fabric&#8221; reflex. For example:</p><ul><li><p><strong>Meta-anomaly detection</strong></p><p>&#8211; sudden, unexplained drops in alert volume (&#8220;nothing has been flagged anywhere for 30 days&#8221;),</p><p>&#8211; abrupt config or policy changes to Sentinels / stop-action thresholds,</p><p>&#8211; loss of telemetry from key regions/systems,</p><p>&#8211; repeated failures of logging or DLQ writes.</p><p>Any of these can be treated as an incident in their own right:</p></li></ul><blockquote><p>&#8220;We no longer trust our <em>defences</em>.&#8221;</p></blockquote><ul><li><p><strong>Autonomous control-plane stop-action</strong></p><p>&#8211; when those meta-conditions are met, the control fabric is allowed to:</p><ul><li><p>degrade high-stakes flows to <strong>human-only</strong> decisions,</p></li><li><p>disable certain classes of agent actions (e.g., anything touching cash, contracts, safety),</p></li><li><p>freeze changes to policies and thresholds until a human-reviewed unlock.</p></li></ul></li><li><p><strong>WORM-style evidence capture</strong></p><p>&#8211; at the same time, the system:</p><ul><li><p>collects relevant logs, configs, policies and Sentinel outputs,</p></li><li><p>writes them into <strong>write-once, read-many (WORM)</strong> or otherwise immutable storage,</p></li><li><p>timestamps and versions these artefacts so they can&#8217;t be quietly edited later.</p></li></ul></li></ul><p>This isn&#8217;t overkill; it&#8217;s how you avoid losing the evidence you&#8217;ll need for:</p><ul><li><p>internal root-cause analysis,</p></li><li><p>regulators and supervisors,</p></li><li><p>auditors,</p></li><li><p>and, in the worst case, courts.</p></li></ul><p>For serious agentic programmes, the default should be <strong>defence in depth with a self-protecting control plane</strong>:</p><ul><li><p>multiple automated layers that don&#8217;t share the same failure modes,</p></li><li><p>multiple human layers (operations, risk/compliance, audit, security) with different incentives,</p></li><li><p>and a fail-safe that says:</p></li></ul><blockquote><p>&#8220;If our defences start behaving strangely, we slow down, save everything, and call in the grown-ups.&#8221;</p></blockquote><p>If all your comfort rests on a single Sentinel or a single approval queue, you don&#8217;t have a control fabric.</p><p>You have a very polite single point of failure.</p><div><hr></div><h2><strong>5. Break-glass is not DR: the combinatorics of many agents</strong></h2><p>&#8220;Disaster recovery&#8221; is about <strong>infrastructure</strong>:</p><ul><li><p>region fails, switch to another;</p></li><li><p>system crashes, fail over to backup.</p></li></ul><p>&#8220;Break-glass&#8221; for agents is different.</p><p>The risk is not one big system falling over. It&#8217;s the <strong>combinatorics of many agents</strong> being given similar goals and patterns, and then:</p><ul><li><p>issuing STOPs in many places at once, or</p></li><li><p>all pushing in a direction that&#8217;s clearly unacceptable in hindsight, or</p></li><li><p>being <strong>coordinated (or hijacked)</strong> to act in harmful ways at the same time.</p></li></ul><p>If enough high-leverage agents are stopped, you can effectively:</p><ul><li><p>stop shipments,</p></li><li><p>freeze approvals,</p></li><li><p>stall collections,</p></li><li><p>or halt onboarding.</p></li></ul><p>The business doesn&#8217;t &#8220;go down&#8221;. It <strong>locks up</strong>.</p><p>A few distinctions the C-suite needs to make explicit:</p><ul><li><p>What is a <strong>break-glass event</strong> in agentic terms?</p><p>&#8211; Not &#8220;the app is down&#8221;, but:</p><ul><li><p>&#8220;We no longer trust this pattern of decisions; we must halt this behaviour to prevent further damage.&#8221;</p></li></ul></li><li><p>Who can break the glass?</p><p>&#8211; CEO only?</p><p>&#8211; COO + CFO + CTO + CISO acting together?</p><p>&#8211; Automatically when certain metrics cross agreed thresholds?</p></li><li><p>What does breaking the glass actually do?</p><p>&#8211; Suspend specific agents or flows?</p><p>&#8211; Force everything back to human-only decisions?</p><p>&#8211; Automatically initiate a board-level, regulator and security-incident notification?</p></li></ul><p>CEOs should also understand that the <strong>combinatorics</strong> cut the other way: if a Sentinel (or a compromised Sentinel) decides to issue stop-actions to many agents at once, you can unintentionally bring the business to a standstill.</p><p>This is <strong>not</strong> &#8220;fail over to the secondary region and carry on&#8221;. It&#8217;s closer to:</p><blockquote><p>&#8220;We are choosing, or being forced, to stop parts of the business because continuing with this behaviour is worse than taking the hit.&#8221;</p></blockquote><p>That&#8217;s why <strong>break-glass conditions</strong> need to be pre-agreed, not invented under pressure.</p><div><hr></div><h2><strong>6. Running the war room: who&#8217;s in, what they see, what they decide</strong></h2><p>When a serious agentic incident hits, you don&#8217;t want a random Zoom.</p><p>You want a <strong>pre-defined choreography</strong>.</p><h3><strong>6.1 Who&#8217;s in the room</strong></h3><p>At minimum:</p><ul><li><p><strong>CEO</strong> &#8211; owns the overall risk posture and public narrative.</p></li><li><p><strong>COO</strong> &#8211; owns operations and the practical meaning of stopping / slowing flows.</p></li><li><p><strong>CFO</strong> &#8211; owns cash flow, financial exposure, and potential need for disclosure.</p></li><li><p><strong>CTO</strong> &#8211; owns the behavioural fabric and agent policies.</p></li><li><p><strong>CIO</strong> &#8211; owns infrastructure, logs, observability.</p></li><li><p><strong>CISO / Security</strong> &#8211; owns incident classification as security vs non-security, forensics, and linkage to the wider cyber playbook.</p></li><li><p><strong>CRO / Risk / Compliance</strong> &#8211; interpret exposure vs risk appetite and regulatory thresholds.</p></li><li><p><strong>General Counsel / Legal</strong> &#8211; advise on disclosure, liability, notifications.</p></li><li><p><strong>Comms / IR</strong> &#8211; prepare and align internal and external messaging if needed.</p></li></ul><h3><strong>6.2 What they should see in the first 30&#8211;60 minutes</strong></h3><p>Not raw logs. Curated views:</p><ul><li><p><strong>Sentinel summary</strong></p><p>&#8211; what is happening, since when, where concentrated, scale of impact.</p><p>&#8211; does it look like drift, error, or a <strong>coordinated / adversarial pattern</strong>?</p></li><li><p><strong>Metrics frames</strong></p><p>&#8211; estimated impact on:</p><ul><li><p>customers,</p></li><li><p>cash flow,</p></li><li><p>P&amp;L,</p></li><li><p>key risk indicators.</p></li></ul></li><li><p><strong>DLQ snapshot</strong></p><p>&#8211; representative examples of quarantined decisions, showing:</p><ul><li><p>what the agent did,</p></li><li><p>why it was flagged,</p></li><li><p>and the pattern across those events.</p></li></ul></li><li><p><strong>Control, obligation &amp; security view</strong></p><p>&#8211; are any regulatory thresholds likely to be crossed?</p><p>&#8211; could this indicate control failure (e.g., financial reporting, fairness, safety)?</p><p>&#8211; are there signs of <strong>compromise or adversarial control</strong>?</p></li></ul><h3><strong>6.3 Decisions the room must make</strong></h3><p>Within that first hour, the war room should aim to answer:</p><ul><li><p>Do we <strong>let flows continue</strong>, with targeted mitigation?</p></li><li><p>Do we <strong>partially stop</strong> specific agents / regions / products?</p></li><li><p>Do we <strong>break the glass</strong> on certain behaviours entirely?</p></li><li><p>Is this <strong>purely an internal governance failure</strong>, or also a <strong>security incident</strong>?</p></li><li><p>Who do we need to <strong>notify</strong>:</p><ul><li><p>internally,</p></li><li><p>at board level,</p></li><li><p>with regulators / supervisors,</p></li><li><p>potentially in the market,</p></li><li><p>and, in adversarial cases, in the <strong>security ecosystem</strong> (ISACs, peers, law enforcement)?</p></li></ul></li></ul><p>The aim isn&#8217;t to solve everything in one sitting. It&#8217;s to make <strong>bounded, documented decisions</strong> with:</p><ul><li><p>clear rationale,</p></li><li><p>owners,</p></li><li><p>and next review points.</p></li></ul><div><hr></div><h2><strong>7. Practising before it&#8217;s real: drills and fault injection</strong></h2><p>None of this works if it&#8217;s theoretical.</p><p>Just as resilience teams use chaos engineering and fault injection to test infrastructure, agentic programmes should use <strong>behavioural fault injection</strong>:</p><ul><li><p>simulate agents misbehaving in controlled ways,</p></li><li><p>trigger Sentinels and stop-actions,</p></li><li><p>run the war room on synthetic incidents.</p></li></ul><p>From a C-suite angle, that means:</p><ul><li><p>running <strong>tabletop exercises</strong>:</p><ul><li><p>&#8220;It&#8217;s 10am, and your Sentinel says credit agents have quietly extended &#8364;100m more exposure than policy allows. Walk me through the next two hours.&#8221;</p></li><li><p>&#8220;It&#8217;s Q4, and your quarterly bias audit shows your hiring agent has been systematically down-ranking a certain profile for six months. What do you do in the next 48 hours?&#8221;</p></li><li><p>&#8220;Your security team believes an attacker has hijacked prompts and tools for a subset of procurement agents. Some deals look &#8216;too good&#8217;. What happens in the next 24 hours?&#8221;</p></li></ul></li><li><p>asking after each drill:</p><ul><li><p>Did we have the right people in the room?</p></li><li><p>Were the thresholds and stop-actions clear?</p></li><li><p>Did the telemetry support the decisions, or did we fly blind?</p></li><li><p>Would we be comfortable defending these decisions to a supervisor, court or regulator?</p></li><li><p>In the adversarial scenario, did the <strong>security and agentic playbooks</strong> actually line up?</p></li></ul></li></ul><p>These are <strong>epistemic tests</strong> for your governance and security posture, not just for your models.</p><div><hr></div><h2><strong>8. What boards, supervisors and auditors will ask after the first big incident</strong></h2><p>If (when) a serious agentic incident becomes public, expect three lines of questioning.</p><p><strong>From the board / audit &amp; risk committees:</strong></p><ul><li><p>Did we understand where agents were deployed into high-stakes flows?</p></li><li><p>Did we endorse the thresholds between drift, incident and break-glass?</p></li><li><p>Did we see evidence of drills, telemetry and playbooks beforehand?</p></li><li><p>What did management know, when, and what did they do?</p></li></ul><p><strong>From supervisors and regulators:</strong></p><ul><li><p>How were agents governed compared to other critical systems?</p></li><li><p>What monitoring and Sentinel capabilities were in place?</p></li><li><p>When did you first detect the behaviour, and what did you do?</p></li><li><p>Do you have <strong>traceability and logs</strong> that show the chain of decisions, stop-actions and (where relevant) security findings?</p></li></ul><p><strong>From auditors and, potentially, courts:</strong></p><ul><li><p>Did agent behaviour contribute to <strong>material misstatements</strong>, unfair treatment, control failures, or security breaches?</p></li><li><p>Was your incident response in line with your own documented policies and with industry norms?</p></li><li><p>Have you changed anything, policies, thresholds, deployment, security posture, as a result?</p></li></ul><p>The underlying meta-question is simple:</p><blockquote><p>&#8220;Did you treat agentic AI as a serious, governed, <em>secured</em> behavioural system, or as a clever add-on you hoped wouldn&#8217;t cause trouble?&#8221;</p></blockquote><div><hr></div><h2><strong>9. The quiet test of seriousness</strong></h2><p>Any agentic deployment can produce a shiny demo.</p><p>The real test of seriousness is whether:</p><ul><li><p>you&#8217;ve mapped where agents touch <strong>money, people, obligations and security-sensitive actions</strong>,</p></li><li><p>you&#8217;ve defined <strong>drift / incident / break-glass</strong> in terms that compliance, security and the board can sign off on,</p></li><li><p>you know <strong>who is in the room</strong> and <strong>what they see</strong> when something goes wrong,</p></li><li><p>and you&#8217;ve run at least one <strong>drill</strong> where everyone sweated a little.</p></li></ul><p>Because in the end, any agentic incident is <strong>potentially a war room</strong>, and in adversarial cases, potentially a <strong>thermonuclear</strong> one.</p><p>The choice is whether that war room is improvised or built on an operating model you designed on purpose.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Do All Enterprises Need a CTO?]]></title><description><![CDATA[Why the Title Is Optional but the Capability Isn&#8217;t]]></description><link>https://thinkinginloops.substack.com/p/do-all-enterprises-need-a-cto</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/do-all-enterprises-need-a-cto</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Sat, 03 Jan 2026 17:15:35 GMT</pubDate><enclosure url="https://substack-post-media.s3.amazonaws.com/public/images/1e5c66f9-31b7-4e73-a01b-cff5d1ec2341_1024x1536.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>&#8220;Do we really need a CTO?&#8221;</p><p>I hear that question a lot from boards and CEOs.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><blockquote><p>Just as often, I hear the opposite: &#8220;We need a CTO <strong>now</strong>&#8221; &#8211; said with urgency, but without a clear vision of what that actually means in practice. Is it a senior engineer with a fancier title? A rebadged CIO? A visionary storyteller? Or the person who will really own the long-horizon technology bets of the firm?</p></blockquote><p>And increasingly, it&#8217;s asked in the context of AI and now <strong>agentic AI</strong>.</p><p>My answer is deliberately uncomfortable:</p><blockquote><p>Not every enterprise needs a <strong>CTO title</strong>.</p><p>But every serious enterprise now needs a <strong>CTO-shaped capability</strong>.</p><p>And if you&#8217;re going agentic, that capability becomes non-optional.</p></blockquote><p>The problem isn&#8217;t the three-letter acronym on a business card.</p><p>The problem is when <strong>no one in the C-suite is explicitly responsible for the long-horizon, architecture-level consequences of technology bets</strong>.</p><div><hr></div><h2><strong>1. Role vs capability</strong></h2><p>We confuse two very different questions:</p><ul><li><p>&#8220;Do we need a <strong>CTO role</strong>?&#8221;</p><p>&#8211; org chart, politics, reporting lines, turf.</p></li><li><p>&#8220;Do we need <strong>CTO capability</strong>?&#8221;</p><p>&#8211; someone who can:</p><ul><li><p>understand where the business is going,</p></li><li><p>understand where technology <em>could</em> go,</p></li><li><p>connect the two in a structured roadmap,</p></li><li><p>and argue for those bets in the same grammar as the CFO and CEO.</p></li></ul></li></ul><p>The title is negotiable.</p><p>The capability is not.</p><p>In some firms:</p><ul><li><p>A single person wears both <strong>CIO and CTO</strong> hats effectively.</p></li><li><p>In others, a strong <strong>Head of Product</strong> plus a deeply technical <strong>VP Engineering</strong> together cover what a classic CTO would do.</p></li></ul><p>That can work.</p><p>Where it <em>doesn&#8217;t</em> work is when:</p><ul><li><p>the &#8220;CIO&#8221; is really a head of IT operations (keep the lights on, manage vendors, control cost), and</p></li><li><p>there is <strong>no one</strong> in the C-suite:</p><ul><li><p>thinking in architectures and technology trade-spaces,</p></li><li><p>scanning the research and market horizon,</p></li><li><p>mapping capabilities to business and financial outcomes,</p></li><li><p>and protecting the long-term integrity of the system.</p></li></ul></li></ul><p>That&#8217;s how you get:</p><ul><li><p>beautiful strategy decks,</p></li><li><p>short-term cost cutting,</p></li><li><p>and a slowly compounding mass of technical debt and missed opportunities.</p></li></ul><div><hr></div><h2><strong>2. Where a CTO is non-negotiable</strong></h2><p>There are at least three environments where CTO capability is not a luxury; it&#8217;s structural.</p><h3><strong>2.1 When technology is the product</strong></h3><p>If you are:</p><ul><li><p>a SaaS platform,</p></li><li><p>a fintech,</p></li><li><p>a data/AI or infra provider,</p></li><li><p>or any business where the tech stack <em>is</em> the value proposition&#8230;</p></li></ul><p>&#8230;then not having a CTO-shaped function is like running a pharma company with no one accountable for the drug pipeline.</p><p>You might survive for a while on legacy products and good sales, but you&#8217;re not really steering the engine that creates future value.</p><h3><strong>2.2 When you run a complex system-of-systems</strong></h3><p>Banks, airlines, energy grids, telcos, healthcare networks, large manufacturers: these are not &#8220;IT plus business&#8221;. They are <strong>systems of systems</strong>.</p><p>In that world, someone needs to own:</p><ul><li><p><strong>architecture</strong> &#8211; how all the parts fit together and fail together;</p></li><li><p><strong>safety and resilience</strong> &#8211; which dependencies are acceptable and which are existential;</p></li><li><p><strong>technology roadmapping</strong> &#8211; not next quarter&#8217;s upgrades, but 3&#8211;10 years of capability evolution.</p></li></ul><p>Expecting a purely operational CIO to do this on the side, while they fight outages, vendors and budgets, is fantasy.</p><h3><strong>2.3 When you go agentic in high-stakes flows</strong></h3><p>If you start deploying <strong>agentic AI</strong> into places that touch:</p><ul><li><p>cash (payments, credit, pricing, trading),</p></li><li><p>obligations (contracts, compliance, audit),</p></li><li><p>safety (healthcare, transportation, critical infrastructure),</p></li><li><p>or core customer journeys (hiring, claims, terminations),</p></li></ul><p>you are no longer just managing software.</p><p>You are designing and operating a <strong>behavioural system</strong>:</p><ul><li><p>how the firm reasons about risk vs revenue,</p></li><li><p>what it does under uncertainty,</p></li><li><p>when it says yes/no,</p></li><li><p>how it treats people when no human is watching.</p></li></ul><p>That behavioural model is both <strong>strategic IP</strong> and a <strong>licence-to-operate question</strong>.</p><p>If you don&#8217;t have a CTO-shaped function owning the <strong>architecture and evolution of that behavioural system</strong>, vendors will fill the vacuum, and you will still hold the liability when something goes wrong.</p><div><hr></div><h2><strong>3. Where it can be merged (and where that&#8217;s dangerous)</strong></h2><p>Can the CTO and CIO roles be combined? Sometimes, yes.</p><p>A <strong>combined CIO/CTO</strong> can make sense when:</p><ul><li><p>you&#8217;re mid-market rather than hyperscale,</p></li><li><p>technology is important but not the primary product,</p></li><li><p>and you can find one person who genuinely spans:</p><ul><li><p>architecture and horizon scanning,</p></li><li><p>operations and security,</p></li><li><p>and value storytelling to the board.</p></li></ul></li></ul><p>The danger isn&#8217;t combining the titles.</p><p>The danger is <strong>conflating the jobs</strong>:</p><ul><li><p>labelling someone &#8220;CIO/CTO&#8221; but measuring them purely on:</p><ul><li><p>uptime,</p></li><li><p>cost containment,</p></li><li><p>incident volume,</p></li><li><p>ticket closure rate.</p></li></ul></li></ul><p>Then being surprised when:</p><ul><li><p>the architecture stagnates,</p></li><li><p>the AI strategy is vendor-shaped,</p></li><li><p>and there is no credible technology roadmap behind the strategy slideware.</p></li></ul><p>The litmus test is simple:</p><blockquote><p>Is anyone in the C-suite explicitly accountable for the long-term architecture, technology trade-offs and behavioural consequences of your tech bets?</p></blockquote><p>If not, you don&#8217;t have CTO capability, regardless of how many titles you&#8217;ve printed.</p><div><hr></div><h2><strong>4. A note on Enterprise Architects: essential, but not the CTO</strong></h2><p>One important clarification: <strong>Enterprise Architect (EA) &#8800; CTO</strong>.</p><p>The EA role is critical, but it&#8217;s not the same job.</p><p>Roughly:</p><ul><li><p><strong>Enterprise Architect</strong></p><ul><li><p>works <em>inside</em> the organisation&#8217;s strategic and financial frame,</p></li><li><p>designs and maintains the <strong>system-of-systems architecture</strong> (domains, interfaces, standards, patterns),</p></li><li><p>translates business and technology strategy into <strong>models, principles and guardrails</strong>,</p></li><li><p>drives consistency across platforms and programmes,</p></li><li><p>usually reports into a CIO/CTO or head of architecture.</p></li></ul><p>In TOGAF-style organisations, this is also where <strong>ADM, Architecture Building Blocks (ABBs) and Solution Building Blocks (SBBs)</strong> live: the EA function owns the method, the building blocks and the architecture repository.</p></li><li><p><strong>CTO-shaped function</strong></p><ul><li><p>decides <strong>which capabilities</strong> the enterprise should build at all, and in what order,</p></li><li><p>owns the <strong>technology trade space</strong> and long-horizon roadmap (what bets, what timing, what to kill),</p></li><li><p>connects that roadmap to <strong>capital allocation</strong> with the CFO/CEO,</p></li><li><p>is accountable for the <strong>behavioural and architectural consequences</strong> of big tech bets (including agentic AI),</p></li><li><p>operates at <strong>board and C-suite level</strong>, not just in design forums.</p></li></ul></li></ul><p>You can compress it to two sentences:</p><blockquote><p><strong>EA</strong>: &#8220;Given our strategy, this is how our systems should be structured and evolve (ADM, ABB/SBB, patterns, principles).&#8221;</p><p><strong>CTO</strong>: &#8220;Given our market and capital, these are the capabilities and technology bets we will (or will not) fund on top of that fabric.&#8221;</p></blockquote><p>A strong EA function without a CTO-shaped owner of the technology portfolio leaves you with beautiful diagrams but unclear bets.</p><p>A CTO-shaped function without strong EAs leaves you with big strategic intentions and fragile, ad-hoc implementations.</p><p>They&#8217;re complementary. But they are <strong>not</strong> interchangeable, and rebranding an EA as &#8220;CTO&#8221; doesn&#8217;t magically give you the capital-grade decision making the role is supposed to carry.</p><div><hr></div><h2><strong>5. The job-market distortion: when &#8220;CTO&#8221; means everything, nothing &#8211; and sometimes &#8220;cheap&#8221;</strong></h2><p>There&#8217;s one more reason this whole conversation is so messy:</p><blockquote><p>In the job market, &#8220;CTO&#8221; now means almost anything, which makes it very hard to talk clearly about what the role <em>should</em> be.</p></blockquote><p>A few common archetypes:</p><ul><li><p><strong>The lead engineer with a C-title</strong></p><p>In early-stage startups, &#8220;CTO&#8221; often means &#8220;the first engineer who wrote most of the code&#8221;. That&#8217;s fine at 5&#8211;10 people, but the skills needed to scale teams, manage architecture trade-offs and argue capital allocation to a board are completely different.</p></li><li><p><strong>The rebadged CIO</strong></p><p>In more traditional firms, &#8220;CTO&#8221; sometimes just means &#8220;CIO, but we wanted a more modern title&#8221;. The mandate is still uptime, vendors and cost control, with no explicit accountability for long-horizon architecture or new capability creation.</p></li><li><p><strong>The sales/evangelism CTO (&#8220;field CTO&#8221;)</strong></p><p>On the vendor side, a &#8220;CTO&#8221; might actually be a pre-sales or evangelism role: brilliant at explaining product and building trust, but not responsible for the internal architecture or technology portfolio of the customer.</p></li><li><p><strong>The VP Engineering in disguise</strong></p><p>In some scale-ups, &#8220;CTO&#8221; is effectively the top delivery and engineering manager: responsible for teams, sprints, quality, but not for market-facing technology strategy or the capital agenda.</p></li></ul><p>None of these are &#8220;wrong&#8221; roles. Titles evolve; context matters.</p><p>The problem is what happens when boards and CEOs generalise from them:</p><ul><li><p>&#8220;We had a CTO before; it didn&#8217;t fix our architecture/AI/data mess.&#8221;</p></li><li><p>&#8220;Our CTO is very hands-on and busy shipping; why do we need another senior tech role?&#8221;</p></li><li><p>&#8220;We hired a visionary CTO; why is nothing changing in operations or capital allocation?&#8221;</p></li></ul><p>Underneath, there was <strong>never a match</strong> between the label and the actual capability:</p><ul><li><p>you wanted someone to own the <strong>behavioural and architectural consequences</strong> of your tech bets,</p></li><li><p>but you hired a great engineer, a great operations lead, or a great evangelist, and expected them to do a different job.</p></li></ul><p>There&#8217;s also a very human side-effect to this title inflation:</p><blockquote><p>When you take on a mismatched &#8220;CTO&#8221; role, the next move can be a humbling one.</p></blockquote><p>If your &#8220;CTO&#8221; role was really:</p><ul><li><p>a lead engineer job,</p></li><li><p>or a delivery VP job,</p></li><li><p>or a pre-sales evangelist job,</p></li></ul><p>then your next, <em>healthy</em> role in a more mature organisation might be:</p><ul><li><p>Senior / Principal Engineer,</p></li><li><p>Senior Product Manager / Head of Product,</p></li><li><p>or Engineering Director / VP Engineering.</p></li></ul><p>Those are excellent, high-impact jobs. But on paper, it looks like a &#8220;downgrade&#8221;:</p><blockquote><p>CTO &#8594; Senior Developer</p><p>CTO &#8594; Senior Product Manager</p></blockquote><p>People carry that as quiet shame, when in reality the problem wasn&#8217;t their competence, it was that the original &#8220;CTO&#8221; title never matched the scope of the work.</p><p>And then there&#8217;s the blunt compensation reality we don&#8217;t talk about enough.</p><p>In most mid- to large-scale European enterprises, a <strong>true CTO-shaped role</strong>, owning architecture, long-horizon bets, capital-grade roadmapping and board-level accountability, typically sits in the <strong>&#8364;300k&#8211;&#8364;500k total compensation</strong> range (base + bonus, sometimes equity) depending on size, sector and complexity.</p><p>If you&#8217;re being offered a &#8220;CTO&#8221; title in a grown-up organisation for <strong>&#8364;85k&#8211;&#8364;100k</strong> with no meaningful equity or upside, that is not a capital-A <em>Chief</em> role. It&#8217;s a strong signal that:</p><ul><li><p>the scope is closer to Senior/Principal Engineer, Engineering Manager or Senior Product than true C-suite, or</p></li><li><p>the company wants <strong>CTO-level accountability on mid-level pay and limited authority</strong>.</p></li></ul><p>In practice, you should run away from that second category. It almost guarantees a setup where you&#8217;re accountable without levers, which is a fast track to chronic frustration or, worse, visible failure for problems you were never empowered to fix.</p><p>That doesn&#8217;t mean you should never take a &#8220;stretch&#8221; role, early-stage startups can be exceptions when equity is real and the mandate is clear, but you should go in with your eyes open and, in many cases, <strong>negotiate the title down</strong> to what the role really is: Head of Engineering, Director of Technology, Principal Engineer, Senior Product Director.</p><p>That way scope and pay are aligned, you&#8217;re not carrying artificial &#8220;CTO&#8221; baggage on your CV, and your next move doesn&#8217;t look like a step down from &#8220;C-level&#8221; to the role you were actually doing all along.</p><p>Until that match is made explicit, &#8220;CTO&#8221; will continue to mean everything and nothing, and both enterprises and individuals will keep paying the price for mismatched roles dressed up with shiny titles.</p><div><hr></div><h2><strong>6. Where innovation really starts: the CTO &#8596; business &#8596; marketing loop</strong></h2><p>Innovation doesn&#8217;t come from the IT stack. It comes from the <strong>horizon</strong>:</p><ul><li><p>where customer needs,</p></li><li><p>competitive moves,</p></li><li><p>regulatory shifts,</p></li><li><p>and new technologies intersect.</p></li></ul><p>The CTO&#8217;s job is to sit at that intersection.</p><p>A competent CTO-shaped function does at least four things:</p><ol><li><p>Scans the business context</p><p>&#8211; strategy, P&amp;L pressures, customer friction, market positioning.</p></li><li><p>Scans the outside world</p><p>&#8211; technology, research, standards, emerging patterns.</p></li><li><p>Connects the two into non-incremental possibilities</p><p>&#8211; &#8220;What could we do that we simply can&#8217;t do today?&#8221;</p><p>&#8211; Not just faster processes, but <strong>new capabilities and offerings</strong>.</p></li><li><p>Shapes those possibilities into capabilities and roadmaps</p><p>&#8211; with timing, dependencies, risks and options, not just wish-lists.</p></li></ol><p>Crucially, the CTO doesn&#8217;t do this alone.</p><h3><strong>6.1 Why marketing is a strategic ally</strong></h3><p>If you take this seriously, <strong>marketing</strong> stops being just comms and campaigns.</p><p>Marketing becomes:</p><ul><li><p>the <strong>market-side truth detector</strong>:</p><ul><li><p>Are customers actually asking for this?</p></li><li><p>How big is the reachable segment if we build it?</p></li><li><p>What does willingness-to-pay look like?</p></li></ul></li><li><p>a co-author of the <strong>opportunity model</strong>:</p><ul><li><p>Which capabilities unlock new segments or geographies?</p></li><li><p>What&#8217;s the realistic uplift in ARPU, lifetime value, or win-rate?</p></li><li><p>How fast could new tech diffuse in your ecosystem?</p></li></ul></li></ul><p>Put differently:</p><blockquote><p>The CTO frames what&#8217;s technically possible.</p><p>Marketing tests where there is real demand.</p><p>The CFO and CEO decide which of those possibilities become capital bets.</p></blockquote><p>A CTO without marketing is guessing.</p><p>A marketing team without a CTO is wish-listing.</p><p>The CFO is stuck reconciling both, or saying no.</p><div><hr></div><h2><strong>7. A brief word on TRL and ATRA (without the jargon)</strong></h2><p>When you talk about roadmaps, especially with boards, it helps to have a simple language for maturity and value.</p><p>Two tools from systems engineering are useful here.</p><h3><strong>7.1 TRL &#8211; Technology Readiness Levels</strong></h3><p>TRL is a simple 1&#8211;9 scale that answers: <strong>&#8220;How real is this?&#8221;</strong></p><p>Roughly:</p><ul><li><p>1&#8211;3: ideas and lab-level experiments.</p></li><li><p>4&#8211;6: prototypes and pilots in relevant environments.</p></li><li><p>7&#8211;9: proven in operation and scaled.</p></li></ul><p>It forces honest conversations:</p><ul><li><p>Are we arguing about a TRL 3 science project or a TRL 7 capability that just needs rollout?</p></li><li><p>What will it take, in time and money, to move from 3 &#8594; 6 &#8594; 9?</p></li></ul><h3><strong>7.2 ATRA &#8211; Advanced Technology Roadmap Architecture</strong></h3><p>ATRA, developed by Prof. Olivier de Weck at MIT, is a structured way to make technology roadmaps <strong>investment-grade</strong>, not just pretty timelines. It essentially helps you answer four questions in a disciplined way:</p><ol><li><p>Where are we today?</p><p>&#8211; technology and competitive baseline.</p></li><li><p>Where could we go?</p><p>&#8211; the full trade space of possibilities and scenarios.</p></li><li><p>Where should we go?</p><p>&#8211; the subset that makes sense given strategy, market and constraints.</p></li><li><p>Where are we going?</p><p>&#8211; the chosen portfolio of projects and investments over time.</p></li></ol><p>You don&#8217;t need to show the board the entire ATRA machinery.</p><p>But a CTO-shaped function that thinks this way will produce roadmaps that:</p><ul><li><p>map capabilities to <strong>figures of merit</strong> (performance, cost, risk, sustainability, etc.),</p></li><li><p>compare candidate paths,</p></li><li><p>and align bets with <strong>capital allocation</strong> instead of hoping for leftover budget.</p></li></ul><p>That&#8217;s a very different level of conversation from &#8220;here is our three-year IT plan&#8221;.</p><div><hr></div><h2><strong>8. CTO &#8596; CFO / CEO: from tech roadmap to capital allocation</strong></h2><p>Once you have the <strong>CTO &#8596; business &#8596; marketing</strong> loop generating real possibilities, those ideas still need to survive contact with finance.</p><p>This is where many good strategies die.</p><p>A CTO-shaped function needs to do more than describe architectures; it must express those roadmaps in the same decision grammar the CFO and CEO use, and that grammar starts with <strong>cash flow and honest numbers</strong>.</p><ul><li><p><strong>Timing of value</strong></p><p>&#8211; near-term (0&#8211;12 months) vs 24&#8211;36 month horizon (when do cash flows actually move?).</p></li><li><p><strong>Value mechanisms</strong></p><p>&#8211; revenue growth, margin improvement, <strong>cash-flow effects</strong> (working capital, capex/opex mix), risk reduction, licence-to-operate.</p></li><li><p><strong>Risk and confidence bands</strong></p><p>&#8211; not point estimates, but &#8220;low / base / high&#8221; with assumptions (including downside scenarios for cash-flow impact).</p></li><li><p><strong>Portfolio view</strong></p><p>&#8211; how the set of bets moves enterprise value and <strong>cash-flow resilience</strong>, not just isolated ROI slides.</p></li></ul><p>This is where tools like NPV and risk-adjusted portfolio thinking belong&#8212;not as academic exercises, but as a common language:</p><blockquote><p>&#8220;Here is the range of <strong>cash flows</strong> this capability could unlock; here is the risk envelope; here&#8217;s how it compares to other uses of capital.&#8221;</p></blockquote><p>A CTO who can&#8217;t have that conversation is stuck in &#8220;cost centre&#8221; land, no matter how visionary they are.</p><div><hr></div><h2><strong>9. The agentic twist: who owns the behavioural system?</strong></h2><p>All of this becomes more acute with agentic AI.</p><p>When you go agentic, you are not just deploying another model. You are:</p><ul><li><p>encoding decision styles,</p></li><li><p>delegating micro-decisions at scale,</p></li><li><p>and allowing systems to <strong>select their own routes</strong> to goals.</p></li></ul><p>Agents:</p><ul><li><p>decide what to do next,</p></li><li><p>which tools to call,</p></li><li><p>what data to pull,</p></li><li><p>and when to stop because they &#8220;believe&#8221; they&#8217;ve reached the goal.</p></li></ul><p>That means you are, in effect, creating a <strong>behavioural model of the firm</strong>.</p><p>Questions that suddenly become very real:</p><ul><li><p>What decision style are we encoding &#8211; conservative vs aggressive?</p></li><li><p>How do agents trade off profit vs trust vs safety?</p></li><li><p>Who owns the <strong>guardrails</strong> and stop conditions?</p></li><li><p>What happens when agents disagree, or when they trigger stop-actions en masse?</p></li></ul><p>Vendors and advisors have a role, but they won&#8217;t carry the responsibility for behaviour, or the liability when agentic systems misbehave and cause damage.</p><p>This is exactly where a CTO-shaped function is existential:</p><ul><li><p>designing the <strong>agentic fabric</strong> (tools, orchestration, safety layers, Sentinels),</p></li><li><p>ensuring the behavioural model is <strong>coherent with the firm&#8217;s values and risk appetite</strong>,</p></li><li><p>and working with CFO, COO, CRO, legal and audit on <strong>incidents, evidence, and recovery</strong>.</p></li></ul><p>In that world, the important question isn&#8217;t &#8220;Do we need a CTO title?&#8221;</p><p>It&#8217;s:</p><blockquote><p>Who is accountable for the architecture and evolution of our behavioural system, and do they have a seat at the capital allocation table?</p></blockquote><p>If the answer is &#8220;no one in particular&#8221; or &#8220;sort of the CIO, when they&#8217;re not fighting outages&#8221;, you&#8217;ve answered your own question.</p><div><hr></div><h2><strong>10. So&#8230; do all enterprises need a CTO?</strong></h2><p>If by <em>CTO</em> you mean <strong>a box on the org chart</strong>, no.</p><ul><li><p>Some small and mid-sized firms can get by with a strong combined CIO/CTO.</p></li><li><p>Some digital natives embed the role across product and engineering leadership.</p></li></ul><p>If by <em>CTO</em> you mean <strong>a capability</strong>, then yes:</p><ul><li><p>Every serious enterprise needs someone who can connect <strong>business, market and technology horizons</strong>,</p></li><li><p>shape that into <strong>capability roadmaps</strong> grounded in disciplined thinking (TRLs, ATRA-style),</p></li><li><p>work with marketing to test <strong>where there is real demand</strong>,</p></li><li><p>and sit with CFO/CEO to turn it into a <strong>risk-aware capital portfolio</strong>, especially if agentic AI is in scope.</p></li></ul><p>The title is optional.</p><p>The work is not.</p><p>If you look around your C-suite and can&#8217;t clearly point to who is doing that work, you don&#8217;t have a &#8220;lean org&#8221;. You have a <strong>structural blind spot</strong>.</p><p>And in the age of agentic systems, that&#8217;s not just a missed opportunity.</p><p>It&#8217;s a risk you may only fully recognise when it&#8217;s already too late.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Why So Many Tech Strategies Die at the CFO’s Desk]]></title><description><![CDATA[(And How to Change the Conversation)]]></description><link>https://thinkinginloops.substack.com/p/why-so-many-tech-strategies-die-at</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/why-so-many-tech-strategies-die-at</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Thu, 01 Jan 2026 09:25:50 GMT</pubDate><enclosure url="https://substack-post-media.s3.amazonaws.com/public/images/deb5d843-d1ff-4d97-818e-00769e4fb3fe_1024x1536.webp" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Most technology strategies don&#8217;t die in architecture diagrams.</p><p>They die at the <strong>CFO line</strong>.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The pattern is familiar:</p><ul><li><p>The CTO and their teams bring genuinely good ideas, new platforms, data foundations, agentic AI, automation.</p></li><li><p>The CEO wants growth, differentiation, resilience.</p></li><li><p>The CFO has to protect the P&amp;L, the balance sheet and the covenant stack.</p></li></ul><p>On paper, everyone is aligned.</p><p>In practice, the conversation collapses into:</p><ul><li><p>&#8220;How much will it cost?&#8221;</p></li><li><p>&#8220;What&#8217;s the ROI?&#8221;</p></li><li><p>&#8220;What can we cut this year?&#8221;</p></li></ul><p>Tech ends up framed as a <strong>cost bucket</strong> instead of a <strong>capital allocation decision</strong>.</p><p>It&#8217;s not that tech people don&#8217;t care about value. It&#8217;s that we rarely speak in the financial grammar the CFO and CEO need to make decisions that <em>stick</em>.</p><p>Instead of risk-adjusted cash flows, we talk about architectures, roadmaps, &#8220;capabilities&#8221;, &#8220;modernisation&#8221;, &#8220;innovation&#8221; and &#8220;keeping up with the market&#8221;.</p><p>Boards and CFOs don&#8217;t allocate capital to <em>concepts</em>.</p><p>They allocate capital to <strong>value stories</strong> with timing, risk and measurable impact.</p><div><hr></div><h2><strong>1. The missing &#8220;decision grammar&#8221;</strong></h2><p>At the heart of the problem is a missing interface:</p><blockquote><p>Tech has its own metrics; finance and strategy have theirs; there&#8217;s no robust translation layer in between.</p></blockquote><p>On the technology side, we talk about:</p><ul><li><p>latency, throughput, scalability, resilience, technical debt, Technology Readiness Levels (TRL), cloud cost, AI performance&#8230;</p></li></ul><p>On the finance/strategy side, decisions are made using a different grammar:</p><ul><li><p>timing of value &#8211; next quarter, next 12 months, 24&#8211;36 month horizon</p></li><li><p>margin levers &#8211; gross margin, operating margin, unit economics</p></li><li><p>revenue levers &#8211; new products, upsell, cross-sell, market entry</p></li><li><p>risk and confidence bands &#8211; downside scenarios, variance, probability, covenant impact, capital at risk</p></li></ul><p>If you can&#8217;t express a tech initiative in that second grammar, you&#8217;re effectively asking:</p><blockquote><p>&#8220;Trust me, it&#8217;s important.&#8221;</p></blockquote><p>That might work for a one-off pilot. It doesn&#8217;t hold for a multi-year, multi-million portfolio, and it certainly doesn&#8217;t hold for something as disruptive as <strong>agentic AI</strong>.</p><p>This is where a lot of tech people quietly fail:</p><ul><li><p>they never <strong>quantify the financial equation</strong> clearly enough</p></li><li><p>so the CFO can&#8217;t defend it,</p></li><li><p>the CEO can&#8217;t attach it to the investor story,</p></li><li><p>and the initiatives either get sliced to death, or live forever as under-funded science experiments.</p></li></ul><div><hr></div><h2><strong>2. How tech leaders sabotage themselves (without realising)</strong></h2><p>Let&#8217;s be blunt. We (as tech people) often make this worse.</p><h3><strong>2.1 Selling features, not cash flows</strong></h3><p>We describe:</p><ul><li><p>&#8220;a unified data platform&#8221;,</p></li><li><p>&#8220;agentic workflows&#8221;,</p></li><li><p>&#8220;real-time decisioning&#8221;,</p></li><li><p>&#8220;end-to-end automation&#8221;.</p></li></ul><p>What the CFO hears is:</p><blockquote><p>&#8220;A large request for spend with fuzzy benefits.&#8221;</p></blockquote><p>If we can&#8217;t show how those features translate into:</p><ul><li><p>faster revenue,</p></li><li><p>higher margin,</p></li><li><p>lower risk,</p></li><li><p>or reduced cost of capital&#8230;</p></li></ul><p>&#8230;then we&#8217;re asking them to underwrite faith, not value.</p><h3><strong>2.2 No horizon discipline</strong></h3><p>We mix:</p><ul><li><p>things that pay back in 6&#8211;12 months (automation, cost take-out, specific use cases),</p></li><li><p>with things that only make sense at 24&#8211;36 months (platform rebuilds, deep AI bets, heavy refactoring).</p></li></ul><p>Without clear horizon separation, the portfolio looks like a blob of spend instead of a <strong>ladder of value over time</strong>.</p><h3><strong>2.3 No risk/confidence bands</strong></h3><p>We present point estimates:</p><ul><li><p>&#8220;This will save X% cost.&#8221;</p></li><li><p>&#8220;This will generate Y in new revenue.&#8221;</p></li></ul><p>The CFO knows that&#8217;s fiction.</p><p>What they want is:</p><ul><li><p>a range (&#8220;low / base / high&#8221;),</p></li><li><p>the assumptions behind it,</p></li><li><p>and a sense of <strong>how confident we are</strong> in each.</p></li></ul><p>If we don&#8217;t bring that, the CFO has to supply their own pessimism, and the numbers get haircut into irrelevance.</p><h3><strong>2.4 Ignoring the downside story</strong></h3><p>We focus on upside.</p><p>But a large part of the CFO/CEO job is <strong>downside containment</strong>:</p><ul><li><p>What&#8217;s the worst that can happen?</p></li><li><p>How does this affect capital, risk, reputation, regulators?</p></li><li><p>What if it works technically but fails organisationally?</p></li></ul><p>If we don&#8217;t tell a credible downside story, and how we&#8217;re managing it, we leave a hole, and that hole gets filled with a default &#8220;no&#8221;.</p><h3><strong>2.5 Treating finance like a gate, not a design partner</strong></h3><p>Sometimes tech leaders show up at the <strong>end</strong> with a fully baked plan and ask:</p><blockquote><p>&#8220;Can we have the money?&#8221;</p></blockquote><p>By then, the structure is fixed. The ask is rigid. There&#8217;s no room for the CFO to shape it.</p><p>Instead of being a <strong>co-designer of value and risk</strong>, finance becomes a <strong>brake</strong>.</p><div><hr></div><h2><strong>3. The missing waypoint: CTO &#8596; Business, where real innovation starts</strong></h2><p>There&#8217;s another gap that quietly kills technology value long before it reaches the CFO&#8217;s desk:</p><blockquote><p>Innovation doesn&#8217;t come from the IT stack. It comes from the business and the horizon &#8211; and the CTO is supposed to sit exactly at that interface.</p></blockquote><p>Most organisations blur three very different things:</p><ul><li><p><strong>Incremental improvements</strong></p><p>&#8211; product managers tuning features and journeys</p><p>&#8211; CIO teams improving reliability, cost, security and tooling</p></li><li><p><strong>Horizon innovation</strong></p><p>&#8211; new business models, new categories, new forms of advantage</p><p>&#8211; things the company simply <em>cannot do</em> with its current architecture and stack</p></li><li><p><strong>Capital allocation</strong></p><p>&#8211; which ideas become funded, staged bets with an actual path to value</p></li></ul><p>Incremental improvements absolutely matter. They keep the machine running and make it smoother. But they are, by design, <strong>close to the current business</strong>. That&#8217;s the natural territory of product management and the CIO.</p><p>The <strong>CTO&#8217;s unique job</strong> is different:</p><ul><li><p>scan the <strong>business context</strong> &#8211; strategy, customer needs, competitive moves, regulatory changes</p></li><li><p>scan the <strong>outside world</strong> &#8211; market, research, emerging tech, horizon signals</p></li><li><p>connect those into <strong>non-incremental possibilities</strong> &#8211; &#8220;what could we do that we simply can&#8217;t do today?&#8221;</p></li><li><p>and shape those possibilities into a <strong>roadmap of capabilities</strong> that can be matured over time, not random experiments</p></li></ul><p>That&#8217;s the <strong>CTO &#8596; Business endpoint</strong>:</p><p>where &#8220;we could never do this before&#8221; becomes &#8220;we have a credible path to this capability, with known steps and risks.&#8221;</p><p>But that&#8217;s only half the journey.</p><p>Those capability roadmaps then have to reach the <strong>CTO &#8596; CFO / CEO endpoint</strong>:</p><ul><li><p>What does this new capability do to <strong>revenue, margin, risk and licence to operate</strong>?</p></li><li><p>Over what <strong>time horizon</strong>?</p></li><li><p>With what <strong>confidence bands</strong>?</p></li><li><p>And how does it sit in the <strong>portfolio</strong> vs everything else we could spend money on?</p></li></ul><p>This is exactly where many CTOs lose the room:</p><ul><li><p>They do the horizon scanning.</p></li><li><p>They sketch the capability roadmap and the maturity ladder.</p></li><li><p>But they never fully translate that into the <strong>financial planning and upside story</strong> the CFO and CEO need to keep those ideas alive past the first budget cycle.</p></li></ul><p>The result is predictable:</p><ul><li><p>non-incremental ideas get squeezed out by nearer, easier incremental asks</p></li><li><p>&#8220;innovation&#8221; is reduced to pilots and POCs that never scale</p></li><li><p>and the organisation quietly concludes that &#8220;big tech bets don&#8217;t pay off here&#8221;</p></li></ul><p>A functioning <strong>CTO &#8596; Business &#8596; CFO/CEO chain</strong> is the antidote:</p><ul><li><p>Ideas sourced from genuine business and market needs, not from tech for its own sake.</p></li><li><p>A CTO who can turn those into <strong>matured capability roadmaps</strong>.</p></li><li><p>And a CFO/CEO interface that expresses them as <strong>capital deployment choices</strong>, not science projects.</p></li></ul><p>Without that chain, even the best agentic AI story is just another glossy slide waiting to die at the budget meeting.</p><div><hr></div><h3><strong>3.1 A short note on TRL and ATRA (and why they matter)</strong></h3><p>When I talk about maturing capabilities over time, I&#8217;m leaning on two concepts from systems engineering:</p><ul><li><p><strong>Technology Readiness Levels (TRLs)</strong> &#8211; a simple scale (often 1&#8211;9) that describes how mature a technology is, from basic concept and lab prototype, through pilots and demonstrators, all the way to proven, operational use. It forces you to be explicit about <em>where</em> an idea really is: whiteboard sketch, lab test, limited deployment, or industrialised at scale.</p></li><li><p><strong>ATRA &#8211; Advanced Technology Roadmap Architecture</strong> &#8211; a 12-element framework developed by Prof. Olivier de Weck at MIT for building &#8220;investment-grade&#8221; technology roadmaps. ATRA ties together figures of merit, competitive benchmarking, technical and financial models, and a portfolio of R&amp;D projects so you can answer four core questions:</p><ol><li><p>Where are we today?</p></li><li><p>Where could we go?</p></li><li><p>Where should we go?</p></li><li><p>Where are we going?</p></li></ol></li></ul><p>Why does this matter for CTO &#8596; CFO conversations?</p><p>Because TRLs and ATRA give you <strong>structure</strong>:</p><ul><li><p>TRL language tells the CFO exactly how speculative each bet is.</p></li><li><p>ATRA gives you a disciplined way to link strategy, technology trade space, market/competition, and the <strong>financial model of the &#8220;delta&#8221;</strong>, the incremental value vs the baseline.</p></li></ul><p>You don&#8217;t have to show the board the whole ATRA engine. But having it behind your roadmap makes the difference between &#8220;vision slide&#8221; and &#8220;this is an investment-grade portfolio&#8221;.</p><div><hr></div><h3><strong>3.2 Why marketing belongs in the loop</strong></h3><p>There&#8217;s one more endpoint that&#8217;s often missing from the picture: <strong>marketing</strong>.</p><p>If you&#8217;re serious about turning technology into enterprise value, marketing is not just a comms function; it&#8217;s a <strong>strategic ally</strong> in the financial equation.</p><p>Marketing can:</p><ul><li><p>validate, from the <strong>market side</strong>, whether the capability you&#8217;re proposing has real pull:</p><ul><li><p>What are customers actually asking for?</p></li><li><p>How big is the reachable segment if we build this?</p></li><li><p>What&#8217;s the realistic uplift in win-rate, ARPU, lifetime value?</p></li></ul></li><li><p>help quantify the upside beyond existing clients:</p><ul><li><p>new segments this capability unlocks,</p></li><li><p>markets you can now enter,</p></li><li><p>the brand and trust lift from, say, transparent agentic governance.</p></li></ul></li></ul><p>In ATRA terms, marketing is critical in answering two of the four core questions:</p><ul><li><p><strong>&#8220;Where could we go?&#8221;</strong> &#8211; scanning demand, competitors, and diffusion patterns to map the opportunity space.</p></li><li><p><strong>&#8220;Where should we go?&#8221;</strong> &#8211; helping select the options where there is enough willingness-to-pay and market momentum to justify serious investment.</p></li></ul><p>Put differently:</p><blockquote><p>The CTO frames what&#8217;s technically possible; marketing tests where there is <em>real demand</em>; the CFO and CEO decide which of those possibilities become capital bets.</p></blockquote><p>When marketing is absent, you get tech-driven roadmaps that don&#8217;t land.</p><p>When they&#8217;re in the loop, you get <strong>demand-backed technology portfolios</strong> the CFO can actually believe.</p><div><hr></div><h2><strong>4. Building the CTO &#8596; CFO / CEO interface</strong></h2><p>So what does &#8220;good&#8221; look like?</p><p>Here&#8217;s the shift:</p><blockquote><p>From: &#8220;Here&#8217;s our tech strategy; can you fund it?&#8221;</p><p>To: &#8220;Here&#8217;s our <strong>capital deployment strategy for technology</strong>, expressed in the same grammar you use for the rest of the business.&#8221;</p></blockquote><p>Concretely, that means a few things.</p><h3><strong>4.1 Move from projects to a technology portfolio</strong></h3><p><em><strong>Stop pitching isolated initiatives.</strong></em></p><p>Frame:</p><ul><li><p>a <strong>portfolio</strong> of tech bets &#8211; say 6&#8211;12 significant initiatives</p></li><li><p>grouped by <strong>horizon</strong>:</p><ul><li><p>Horizon 1 (0&#8211;12 months): cash-flow impact, cost take-out, specific use cases</p></li><li><p>Horizon 2 (12&#8211;36 months): platform evolution, data foundations, agentic capabilities</p></li><li><p>Horizon 3 (option bets): experiments and proofs-of-value for new business models</p></li></ul></li></ul><p>For each initiative, answer:</p><ul><li><p>What is the <strong>value mechanism</strong>?</p><p>&#8211; revenue growth</p><p>&#8211; margin improvement</p><p>&#8211; risk reduction / avoided loss</p><p>&#8211; licence-to-operate / regulator readiness</p></li><li><p>When does that value <strong>start</strong> and <strong>mature</strong>?</p></li><li><p>How does it <strong>interlock</strong> with other initiatives?</p></li></ul><p>This alone puts you much closer to how the CFO thinks about capital allocation.</p><h3><strong>4.2 Use explicit financial levers (including NPV)</strong></h3><p>Speak in levers, not abstractions.</p><p>Instead of:</p><blockquote><p>&#8220;Agentic AI will improve customer support.&#8221;</p></blockquote><p>Say:</p><blockquote><p>&#8220;Agentic support should enable us to:</p><p>&#8211; absorb 30&#8211;40% volume growth with the same headcount (opex),</p><p>&#8211; reduce average resolution time by X%,</p><p>&#8211; and reduce revenue at risk from unresolved or mishandled incidents by Y%.&#8221;</p></blockquote><p>Tie it back to:</p><ul><li><p>unit economics (per customer, per ticket, per transaction), and</p></li><li><p>the <strong>P&amp;L line items</strong> that move.</p></li></ul><p>Then, for the portfolio, go one step further and do what finance actually does:</p><ul><li><p>map the expected cash flows over time for each initiative,</p></li><li><p>apply sensible discount rates and downside scenarios,</p></li><li><p>and talk about <strong>risk-adjusted NPV at the portfolio level</strong>, not just isolated ROI slides.</p></li></ul><p>You don&#8217;t need a 200-line DCF per project in the board pack.</p><p>You do need to show that you&#8217;ve thought in those terms and can defend the assumptions.</p><h3><strong>4.3 Attach risk &amp; confidence bands</strong></h3><p>For each initiative, bring:</p><ul><li><p>a <strong>base case</strong>,</p></li><li><p>a <strong>conservative case</strong> (CFO default),</p></li><li><p>an <strong>ambitious case</strong> if appropriate.</p></li></ul><p>And be explicit:</p><ul><li><p>where the uncertainty comes from,</p></li><li><p>what you&#8217;ll measure first to validate or invalidate the assumptions,</p></li><li><p>what you&#8217;ll <strong>stop</strong> if the early signals are bad.</p></li></ul><p>You&#8217;re now treating the portfolio as a set of <strong>hypotheses with risk envelopes</strong>, not certainties with hand-waving.</p><h3><strong>4.4 Wire in milestones that finance actually cares about</strong></h3><p>Most tech roadmaps are milestones like:</p><ul><li><p>environment live</p></li><li><p>migration complete</p></li><li><p>feature X shipped</p></li></ul><p>Those are necessary, but <strong>not sufficient</strong>.</p><p>Add milestones that look like:</p><ul><li><p>first reduction in manual effort for a specific team</p></li><li><p>first measurable improvement in a key ratio (margin, churn, NPS, SLA compliance)</p></li><li><p>first regulator-facing demonstration or audit of a new capability (for agentic / AI risk)</p></li></ul><p>Now the CFO and CEO can see <strong>when</strong> value starts to materialise, not just when tech is &#8220;done&#8221;.</p><div><hr></div><h2><strong>5. Mini-case: an agentic FP&amp;A capability framed as capital deployment</strong></h2><p>To make this concrete, imagine you&#8217;re proposing an <strong>agentic FP&amp;A and continuous budgeting</strong> capability.</p><p>Bad version (how it usually shows up):</p><blockquote><p>&#8220;We want to use AI agents to automate forecasting, planning and budget revisions across the group. It&#8217;ll be more real-time and efficient.&#8221;</p></blockquote><p>Good version, using the full chain:</p><h3><strong>5.1 CTO &#8596; Business (and Marketing)</strong></h3><p>From strategy + business:</p><ul><li><p>Pressure to respond faster to market shifts, inflation, FX, demand swings.</p></li><li><p>Current annual/budget cycles are too slow and political.</p></li><li><p>FP&amp;A teams are stuck in spreadsheet grind instead of scenario design.</p></li></ul><p>From <strong>Marketing</strong>:</p><ul><li><p>Evidence that customers are changing buying behaviour faster than current planning cycles can absorb.</p></li><li><p>Signals on emerging segments, price sensitivity and product mix that are getting lost between CRM and static budgets.</p></li></ul><p>CTO response:</p><ul><li><p>Proposes an <em>agentic FP&amp;A fabric</em> that continuously ingests commercial and operational data, marketing signals and external indicators, generates rolling forecasts, and surfaces scenario options to leadership, without replacing governance or GAAP, but <strong>changing the tempo and quality</strong> of financial insight.</p></li></ul><h3><strong>5.2 Capability roadmap (TRL-aware, ATRA-style)</strong></h3><ul><li><p>Phase 1 (low TRL &#8594; internal pilot): consolidate data feeds (sales, marketing, operations, cost drivers) + build baseline forecast models for one BU.</p></li><li><p>Phase 2 (raising TRL): introduce agents that propose monthly forecast updates and variance analyses, still human-in-the-loop.</p></li><li><p>Phase 3 (higher TRL, selective autonomy): agents proactively surface &#8220;opportunity cards&#8221; and &#8220;risk cards&#8221; (e.g. underperforming segments, capacity constraints, margin compression) for leadership review across the group.</p></li></ul><p>In <strong>ATRA language</strong>, you&#8217;ve:</p><ul><li><p>mapped <strong>where we are today</strong> (current planning, forecast accuracy, competitive benchmark),</p></li><li><p>explored <strong>where we could go</strong> (continuous planning, agentic FP&amp;A, reuse for audit/compliance),</p></li><li><p>selected <strong>where we should go</strong> (specific capabilities and segments based on marketing + finance evidence),</p></li><li><p>and shown <strong>where we are going</strong> via a staged roadmap and portfolio of FP&amp;A + data projects.</p></li></ul><h3><strong>5.3 Capital deployment story (CTO &#8596; CFO / CEO)</strong></h3><ul><li><p><strong>Value mechanisms:</strong></p><ul><li><p>reduced planning cycle time (from quarterly wars to continuous),</p></li><li><p>earlier detection of margin compression and demand shocks,</p></li><li><p>better capital deployment (capex/opex) with fewer surprises.</p></li></ul></li><li><p><strong>Horizon:</strong></p><ul><li><p>Year 1: cost and cycle-time savings in FP&amp;A and better forecast accuracy for a pilot BU.</p></li><li><p>Years 2&#8211;3: group-wide adoption, improved capital efficiency, lower cost of &#8220;strategy error&#8221; (late reactions).</p></li></ul></li><li><p><strong>Risk / confidence bands:</strong></p><ul><li><p>conservative: FP&amp;A efficiency + modest accuracy gains, limited to one BU;</p></li><li><p>base: efficiency + accuracy + fewer forecast misses across 2&#8211;3 key business units;</p></li><li><p>stretch: reuse of the same stack later for <strong>agentic audit and compliance</strong> (agents that can trigger internal audits, assemble evidence and spot under-compliance patterns automatically).</p></li></ul></li><li><p><strong>NPV and portfolio view:</strong></p><ul><li><p>multi-year cash-flow improvements and cost savings rolled into a risk-adjusted NPV range,</p></li><li><p>clear view of where this sits versus other Horizon 2 bets in the overall technology portfolio.</p></li></ul></li><li><p><strong>Downside story:</strong></p><ul><li><p>risk of over-relying on agent outputs &#8594; mitigated with clear &#8220;recommend vs decide&#8221; boundaries,</p></li><li><p>risk of model drift &#8594; mitigated with monitoring, Sentinels and a defined incident playbook,</p></li><li><p>risk of governance gaps &#8594; mitigated with explicit role for CFO, CRO and Internal Audit in approving autonomy levels.</p></li></ul></li></ul><p>Now the CFO and CEO see:</p><ul><li><p>a <strong>business-driven</strong> capability (not a tech toy),</p></li><li><p>a clear maturity path with TRL-style stepping stones,</p></li><li><p>marketing-backed demand and upside,</p></li><li><p>concrete levers on both sides of the balance sheet (growth + resilience vs cost and risk),</p></li><li><p>and a governance story they can defend to the board and, if needed, regulators.</p></li></ul><p>That&#8217;s a completely different conversation from &#8220;we want to try AI in finance&#8221;.</p><div><hr></div><h2><strong>6. So what is this really about?</strong></h2><p>This started from a personal objective:</p><blockquote><p>I want to strengthen the CTO &#8596; CFO / CEO interface so technology is governed as an enterprise value engine, not a cost centre.</p></blockquote><p>But the broader point is simple:</p><ul><li><p>If you&#8217;re a tech leader and you can&#8217;t express your strategy in <strong>financial and risk terms</strong>, your strategy doesn&#8217;t exist in the room where capital is allocated.</p></li><li><p>If you can, you stop being &#8220;the person who wants more budget&#8221; and become <strong>a peer in the capital allocation conversation</strong>.</p></li></ul><p>And if you add the missing links, the <strong>CTO &#8596; Business horizon</strong>, <strong>Marketing as a market-side ally</strong>, and a portfolio view built on TRLs, ATRA thinking and risk-adjusted NPV, you&#8217;re no longer pitching tech from a vacuum. You&#8217;re:</p><ul><li><p>sourcing ideas from genuine business and market needs,</p></li><li><p>maturing them into capability roadmaps,</p></li><li><p>and landing them at the CFO/CEO line as <strong>structured, demand-backed, risk-aware capital bets</strong> instead of hopeful experiments.</p></li></ul><p>For many of us with deep technical or architectural roots, this is the next stretch:</p><p>Not just learning a bit of finance jargon,</p><p>but starting to think of ourselves as <strong>designers of value portfolios</strong>, not just systems.</p><p>That&#8217;s the bridge that turns good technology into <strong>enterprise value that sticks</strong>,agentic ai, ai strategy, technology leadership, cto, cfo, enterprise value, capital allocation, atra, technology roadmapping, systems thinking at the CFO line, at the CEO line, and eventually at the board and regulator line as well.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Agentic AI and the Outer Ring of Power – Part 3]]></title><description><![CDATA[Building a System That Survives First Contact with the courts]]></description><link>https://thinkinginloops.substack.com/p/agentic-ai-and-the-outer-ring-of-6fe</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/agentic-ai-and-the-outer-ring-of-6fe</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Tue, 23 Dec 2025 09:53:02 GMT</pubDate><enclosure url="https://substack-post-media.s3.amazonaws.com/public/images/464201c3-6684-4112-960b-5458c96c6d31_1024x1536.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2><strong>Agentic AI, Regulators and Courts</strong></h2><p>In Part 1 of this series, I argued that an AI-literate CEO in an agentic enterprise has to hold three concurrent views:</p><ol><li><p><strong>Growth &amp; opportunity</strong> &#8211; where agents genuinely open new products, markets and cost curves.</p></li><li><p><strong>Capital &amp; narrative</strong> &#8211; how to give the board and investors a disciplined story and roadmap, not hand-waving.</p></li><li><p><strong>Risk, trust &amp; licence to operate</strong> &#8211; how to keep risk within bounds for regulators, ESG, customers and employees while delegating the right amount of authority to the C-suite and, through them, to the human+agent fabric.</p></li></ol><p>In Part 2, I turned the lens to the <strong>board</strong> and offered 12 questions to ask before saying &#8220;yes&#8221; to an agentic strategy &#8211; including how to wire <strong>real-time governance</strong>, internal audit and event-based reporting for &#8220;war-room-level&#8221; incidents.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This final part looks at the <strong>outermost ring</strong>:</p><blockquote><p>What happens when your agents meet <strong>regulators, supervisors, auditors and courts</strong>?</p></blockquote><p>Because no matter how much internal governance you put in place, at some point you will face:</p><ul><li><p>a <strong>regulator, supervisor or auditor</strong> asking:</p><p>&#8220;Show me how this works, and why it&#8217;s safe.&#8221;</p></li><li><p>or a <strong>court</strong> asking:</p><p>&#8220;Why did your system behave this way, and who is responsible for the harm?&#8221;</p></li></ul><p>This article is about designing your agentic system so that, when that day comes, you have something coherent to say.</p><div><hr></div><h2><strong>A quick disclaimer</strong></h2><p>I&#8217;m not a lawyer and this isn&#8217;t legal advice.</p><p>I&#8217;m writing from the perspective of a systems and architecture practitioner who cares about how organisations behave under supervision. The goal is not to interpret statutes, but to help CEOs, boards and operators think about how their agentic systems will look when regulators, auditors and courts start asking hard questions.</p><div><hr></div><h2><strong>1. Why regulators and courts care about agents</strong></h2><p>Regulators are not obsessed with models. They are obsessed with:</p><ul><li><p><strong>who is harmed</strong>,</p></li><li><p><strong>how often</strong>,</p></li><li><p><strong>how badly</strong>,</p></li><li><p><strong>whether you knew or should have known</strong>,</p></li><li><p>and <strong>what you did about it</strong>.</p></li></ul><p>Agentic AI matters to them because it changes three things at once:</p><ol><li><p><strong>Locus of decision-making</strong></p><p>Decisions that used to be made by named humans (with signatures, job titles and training) are now partially or fully made by goal-seeking systems.</p></li><li><p><strong>Scale and speed</strong></p><p>When an agentic system is mis-configured, biased or drifting, it doesn&#8217;t produce one bad decision. It can produce thousands or millions before anyone notices.</p></li><li><p><strong>Opacity</strong></p><p>The path from input to decision becomes harder to reconstruct:</p><ul><li><p>multiple tools and models,</p></li><li><p>prompts, policies and guardrails,</p></li><li><p>dynamic routing based on context.</p></li></ul></li></ol><p>From a regulator&#8217;s point of view, that is not &#8220;just another IT risk&#8221;. It is a potential <strong>conduct risk, systemic risk and governance failure</strong> all rolled into one.</p><p>Courts see the same thing through a different lens:</p><ul><li><p>duty of care;</p></li><li><p>foreseeability;</p></li><li><p>adequacy of controls;</p></li><li><p>clarity of accountability.</p></li></ul><p>That is the frame you should design for.</p><div><hr></div><h2><strong>2. A note on emergent behaviour</strong></h2><p>With classic automation, behaviour is mostly what you designed: if the flow breaks, you can usually trace it back to a rule or a line of code.</p><p>With agentic systems, especially many agents interacting, you get something different: <strong>emergent behaviour</strong>. Patterns no one explicitly programmed, arising from:</p><ul><li><p>scaled deployment (&#8220;design once, deploy everywhere&#8221;),</p></li><li><p>agents interacting with each other and with humans,</p></li><li><p>incentives that quietly reward certain shortcuts or trade-offs.</p></li></ul><p>Some of that emergence is positive: new ways of serving customers, spotting risk or saving cost. Some of it won&#8217;t be.</p><p>In low-stakes settings, you can afford to let emergence happen and tune it away afterwards.</p><p>In <strong>high-cost domains</strong> &#8211; credit, safety, healthcare, critical infrastructure, regulated services &#8211; that isn&#8217;t enough. You need a capability to <strong>continuously explore and predict behavioural patterns while agents are operating</strong>, not just once during UAT:</p><ul><li><p>shadow and sandbox environments,</p></li><li><p>replay streams and scenario runs,</p></li><li><p>agent-based simulations for critical flows,</p></li><li><p>Sentinel models watching for early signatures of problematic patterns (for example, systematic shortcuts on obligations that quietly increase margin).</p></li></ul><p>Regulators and courts will care less about whether behaviour was &#8220;emergent&#8221; and more about whether you <strong>anticipated, monitored and bounded it in real time</strong>, given the stakes.</p><div><hr></div><h2><strong>3. How regulators are likely to think about agentic AI</strong></h2><p>Different sectors have different rulebooks, but the pattern is similar.</p><p>Regulators will look at agentic systems through at least four lenses:</p><h3><strong>3.1 Outcomes</strong></h3><ul><li><p>Are customers, citizens, counterparties or markets being harmed?</p></li><li><p>Are there patterns of:</p><ul><li><p>unfairness or discrimination,</p></li><li><p>exclusion or denial of access,</p></li><li><p>mis-selling or unsuitable recommendations,</p></li><li><p>unsafe behaviour,</p></li><li><p><strong>systematic shortcuts on obligations when doing so improves margin or short-term KPIs</strong>?</p></li></ul></li></ul><h3><strong>3.2 Controls and governance</strong></h3><ul><li><p>Did you have a plausible <strong>governance framework</strong> for design, deployment, monitoring and incident response &#8211; including how you would <strong>anticipate and handle emergent behaviour at scale</strong>, not just single-point failures?</p></li><li><p>Do the board and senior management <strong>continuously understand, review and re-authorise</strong> how and where agents are used as behaviour and risk profiles change &#8211; or was there just a one-off approval when the pilot looked safe?</p></li></ul><h3><strong>3.3 Explainability and traceability</strong></h3><ul><li><p>For a contested decision or incident, can you reconstruct:</p><ul><li><p>what the system saw,</p></li><li><p>what it did,</p></li><li><p>what tools it called,</p></li><li><p>what Sentinels and STOPs fired,</p></li><li><p>where humans were in (or out of) the loop?</p></li></ul></li><li><p>Can you explain not just a single odd decision, but <strong>the pattern behind it</strong>, for example, why a class of customers or transactions started to be treated differently over time?</p></li></ul><h3><strong>3.4 Honesty and reporting</strong></h3><ul><li><p>Did you identify and escalate issues in a timely way?</p></li><li><p>Did you inform regulators appropriately when something material went wrong?</p></li><li><p>Did you remediate and learn, or reboot and forget?</p></li></ul><p>You can already see the pattern: this is less about the cleverness of your agents and more about whether your overall system behaves like a <strong>responsible, supervised entity</strong>.</p><div><hr></div><h2><strong>4. The early fault lines: where things will likely break first</strong></h2><p>You can&#8217;t predict the exact first cases, but you can predict the <strong>shape</strong> of early disputes.</p><h3><strong>4.1 &#8220;The model did it&#8221;</strong></h3><p>The classic non-defence:</p><blockquote><p>&#8220;The model behaved in an unexpected way. We didn&#8217;t intend this.&#8221;</p></blockquote><p>Regulators and courts will ask:</p><ul><li><p>Who approved deploying this model in this workflow?</p></li><li><p>Who set the <strong>risk appetite</strong>?</p></li><li><p>Who defined where agents could <strong>decide-and-act</strong> vs &#8220;recommend only&#8221;?</p></li><li><p>What testing, red-teaming or evaluation did you perform beforehand?</p></li><li><p>What monitoring did you have in place to catch this earlier?</p></li></ul><p>If the answer is &#8220;We trusted the vendor&#8221; or &#8220;It was a lab experiment that escaped into production&#8221;, expect trouble.</p><div><hr></div><h3><strong>4.2 Outsourcing the behavioural model</strong></h3><p>The second fault line:</p><blockquote><p>&#8220;Our vendor/consultant designed the prompts, policies and guardrails. We just used their solution.&#8221;</p></blockquote><p>From a legal and supervisory point of view:</p><ul><li><p>You can outsource <strong>work</strong>.</p></li><li><p>You cannot outsource <strong>responsibility</strong>.</p></li></ul><p>If the behavioural model of your agents (how they act, escalate, stop) is effectively a black box controlled by third parties, you&#8217;ve created <strong>opaque risk without clear levers</strong>. Regulators and courts will still treat the firm as the responsible entity.</p><div><hr></div><h3><strong>4.3 &#8220;Black box&#8221; behaviour vs explainability</strong></h3><p>You may not be required to fully explain every layer of every model, but you will likely be required to:</p><ul><li><p>explain <strong>design intent</strong> &#8211; what the system was supposed to do, and not do, in this context;</p></li><li><p>show <strong>policy mappings</strong> &#8211; how your risk appetite and obligations are translated into prompts, thresholds and guardrails;</p></li><li><p>provide <strong>traces</strong> &#8211; for a given incident, show inputs, decisions, tool calls, Sentinel events, STOPs and overrides.</p></li></ul><p>If your agentic system cannot produce intelligible traces and policy mappings, you are asking regulators and courts to trust a black box in domains where they have fiduciary and public-interest duties. That is not a good bet.</p><div><hr></div><h3><strong>4.4 Drift, combinatorics and failure to monitor</strong></h3><p>Every learning system drifts, and in agentic setups, drift plus <strong>combinatorics of many agents</strong> is where emergent behaviour really bites.</p><p>If your monitoring and <strong>live scenario/simulation capability</strong> are weak, you risk:</p><ul><li><p>gradual erosion of fairness or prudence,</p></li><li><p>silent degradation of safety buffers and checks,</p></li><li><p><strong>emergent strategies</strong> where agents (or the system around them) discover that softening certain checks or obligations improves margin, volumes or short-term KPIs.</p></li></ul><p>A regulator or court will ask:</p><ul><li><p>What indicators did you track for drift and entropy?</p></li><li><p>Who was responsible for acting on them?</p></li><li><p>What thresholds or STOP conditions did you define?</p></li><li><p>Did you have any way of exploring and probing likely patterns <strong>while the system was live</strong>, not only in a pre-deployment sandbox?</p></li></ul><p>If you treated agentic behaviour as &#8220;set and forget&#8221;, you&#8217;re in trouble.</p><div><hr></div><h3><strong>4.5 Incident under-reporting and delayed reporting</strong></h3><p>Another likely pattern:</p><ul><li><p>serious agentic incidents treated as local &#8220;bugs&#8221; or &#8220;engineering issues&#8221;;</p></li><li><p>late or partial disclosure to regulators;</p></li><li><p>no clear internal classification of &#8220;this is now a war-room-level event&#8221;.</p></li></ul><p>If regulators discover material agentic failures <strong>after the fact</strong> through audits, complaints or whistleblowers, they will reasonably ask:</p><ul><li><p>Did you fail to detect the issue?</p></li><li><p>Did you detect it but not classify it as material?</p></li><li><p>Did you classify it as material but not inform us?</p></li></ul><p>None of those answers is attractive.</p><div><hr></div><h3><strong>4.6 Break-glass and blast radius</strong></h3><p>When multiple agents receive STOP or QUARANTINE signals at once, or when a Sentinel detects a systemic pattern, you may face:</p><ul><li><p>halted credit decisions,</p></li><li><p>paused payments,</p></li><li><p>blocked account actions,</p></li><li><p>suspended customer communications.</p></li></ul><p>Regulators will care about:</p><ul><li><p>how you <strong>stabilise</strong> the system;</p></li><li><p>how you <strong>prioritise</strong> who gets served and who waits;</p></li><li><p>how you <strong>communicate</strong> with impacted customers and markets;</p></li><li><p>whether your &#8220;break-glass&#8221; actions create <strong>new harms</strong> (for example, mass wrongful denials or missed regulatory deadlines).</p></li></ul><p>If your break-glass plan is &#8220;turn it off and hope for the best&#8221;, you&#8217;ve shifted from controlled risk to <strong>thermonuclear blast radius</strong>.</p><div><hr></div><h2><strong>5. What regulators will expect to see in a mature agentic system</strong></h2><p>This is not about perfection. It is about <strong>credible seriousness</strong>.</p><p>Here are the kinds of artefacts and practices a mature, regulator-ready organisation should be able to show.</p><h3><strong>5.1 An inventory of agents and flows</strong></h3><ul><li><p>A maintained inventory of:</p><ul><li><p>where agents run,</p></li><li><p>what classes of decisions they influence or take,</p></li><li><p>their autonomy levels,</p></li><li><p>which obligations (legal, regulatory, contractual) are in play.</p></li></ul></li><li><p>Risk classification per flow:</p><ul><li><p>low, medium, high impact;</p></li><li><p>customer-facing vs internal;</p></li><li><p>reversible vs irreversible decisions.</p></li></ul></li></ul><div><hr></div><h3><strong>5.2 Design intent and policy mapping</strong></h3><ul><li><p>Documentation that shows, in plain language:</p><ul><li><p>why an agent exists,</p></li><li><p>what goal(s) it pursues,</p></li><li><p>what it is explicitly <strong>not allowed</strong> to do.</p></li></ul></li><li><p>Mappings from:</p><ul><li><p>laws, regulations and internal policies &#8594;</p></li><li><p>risk appetite statements and limits &#8594;</p></li><li><p>concrete prompts, thresholds, guardrails and Sentinel rules.</p></li></ul></li></ul><p>It doesn&#8217;t need to be academic. It does need to be coherent and traceable.</p><div><hr></div><h3><strong>5.3 Testing, evaluation and red-teaming</strong></h3><ul><li><p>Evidence of:</p><ul><li><p>pre-deployment testing (functional and non-functional),</p></li><li><p>adversarial red-teaming for abuse and misuse,</p></li><li><p>scenario testing for edge cases and stress conditions.</p></li></ul></li><li><p>Clear <strong>acceptance criteria</strong> for go-live:</p><ul><li><p>what had to be true before the agent was allowed into production,</p></li><li><p>who signed off.</p></li></ul></li></ul><div><hr></div><h3><strong>5.4 Monitoring, Sentinels and Dead Letter Queues</strong></h3><ul><li><p>Telemetry that tracks:</p><ul><li><p>key performance figures of merit (accuracy, latency, cost),</p></li><li><p>risk-relevant metrics (bias, error rates in protected or high-risk segments, override rates),</p></li><li><p>Sentinel events (warnings, STOPs, QUARANTINEs),</p></li><li><p>DLQ volume and content.</p></li></ul></li><li><p>Active processes that:</p><ul><li><p>review Sentinel and DLQ activity,</p></li><li><p>tune policies and thresholds,</p></li><li><p>feed findings into risk, compliance and internal audit.</p></li></ul></li></ul><p>Critically, this needs to support <strong>real-time governance</strong>, not just quarterly hindsight: some events must trigger <strong>immediate escalation</strong> to senior management and, for material incidents, to the board.</p><div><hr></div><h3><strong>5.5 Independent assurance</strong></h3><ul><li><p>A role for <strong>internal audit</strong> that goes beyond &#8220;we checked there is a policy&#8221;:</p><ul><li><p>independent testing of agentic behaviour in high-risk flows,</p></li><li><p>assessment of effectiveness of guardrails and Sentinels,</p></li><li><p>challenge of management&#8217;s view on maturity.</p></li></ul></li><li><p>Where appropriate, third-party reviews that look at both:</p><ul><li><p>technical robustness, and</p></li><li><p>governance/evidentiary posture.</p></li></ul></li></ul><div><hr></div><h3><strong>5.6 Customer and market disclosures</strong></h3><ul><li><p>Clear, honest communication about:</p><ul><li><p>where customers are interacting with agents vs humans,</p></li><li><p>what recourse mechanisms exist,</p></li><li><p>how to contest decisions.</p></li></ul></li></ul><p>In some sectors this will be codified; in others it will be about trust and reputational prudence.</p><div><hr></div><h2><strong>6. Designing for court: being evidentiary from day one</strong></h2><p>One practical way to think about this:</p><blockquote><p>Design your agentic system as if every major decision or incident might one day be replayed in front of a judge, regulator or parliamentary committee.</p></blockquote><p>That doesn&#8217;t mean logging everything forever. It does mean:</p><ul><li><p>For <strong>high-impact flows</strong>, you can reconstruct:</p><ul><li><p>the input context (with appropriate privacy controls),</p></li><li><p>the chain of thought and actions (tools, APIs, systems),</p></li><li><p>Sentinel and STOP events,</p></li><li><p>human approvals and overrides.</p></li></ul></li><li><p>You can show:</p><ul><li><p>how the system behaved <strong>before</strong> the incident,</p></li><li><p>how it behaved <strong>during</strong>,</p></li><li><p>what you changed <strong>afterwards</strong>.</p></li></ul></li><li><p>You can answer:</p><ul><li><p>&#8220;What did you know?&#8221;</p></li><li><p>&#8220;When did you know it?&#8221;</p></li><li><p>&#8220;What did you do once you knew?&#8221;</p></li></ul></li></ul><p>You&#8217;re not just explaining a single odd decision. You&#8217;re often explaining <strong>how a pattern emerged</strong>, across thousands of micro-decisions, from the way your agents, data and incentives interacted.</p><p>That is the difference between &#8220;we were surprised&#8221; and <strong>&#8220;we were in control, and here&#8217;s the evidence&#8221;</strong>.</p><div><hr></div><h2><strong>7. A practical checklist: how to be regulator- and court-ready</strong></h2><p>To make this concrete, here is a short checklist you can run internally.</p><h3><strong>7.1 Governance and accountability</strong></h3><ul><li><p>Do we have a named <strong>executive owner</strong> for agentic AI overall?</p></li><li><p>Do COO, CFO, CTO, CIO, Risk, Compliance and Internal Audit have <strong>updated mandates</strong> that explicitly mention agents?</p></li><li><p>Has the <strong>board</strong> explicitly discussed and approved where agents are allowed in core workflows, and do they revisit that as behaviour and scale evolve?</p></li></ul><div><hr></div><h3><strong>7.2 Inventory and classification</strong></h3><ul><li><p>Do we have an <strong>up-to-date inventory</strong> of agents and agentic workflows?</p></li><li><p>Are flows classified by <strong>impact, reversibility and regulatory relevance</strong>?</p></li></ul><div><hr></div><h3><strong>7.3 Behavioural model and IP</strong></h3><ul><li><p>Do we <strong>own and control</strong> the behavioural model (prompts, policies, guardrails, Sentinels)?</p></li><li><p>Are we treating it as <strong>strategic IP and a capital asset</strong>, not opaque vendor configuration?</p></li></ul><div><hr></div><h3><strong>7.4 Monitoring, emergence and real-time governance</strong></h3><ul><li><p>Do we track key <strong>drift and entropy indicators</strong> and act on them?</p></li><li><p>Do we have a way to <strong>simulate and stress-test agentic behaviour on an ongoing basis</strong> (sandbox environments, replay streams, agent-based simulations) &#8211; not just once before go-live?</p></li><li><p>Do we have a defined <strong>incident taxonomy</strong> and &#8220;war-room&#8221; criteria for agentic failures?</p></li><li><p>Are there <strong>event-based triggers</strong> that notify senior management and the board when something material happens?</p></li></ul><div><hr></div><h3><strong>7.5 Break-glass and continuity</strong></h3><ul><li><p>Do we have a documented <strong>break-glass plan</strong> for widespread STOP/QUARANTINE events?</p></li><li><p>Do we know <strong>which flows get sacrificed first</strong>, and who has the authority to make that call?</p></li><li><p>Do we know what minimum <strong>regulator and board reporting</strong> we will provide within 24&#8211;48 hours?</p></li></ul><div><hr></div><h3><strong>7.6 Evidentiary posture</strong></h3><ul><li><p>For a high-stakes flow, can we <strong>replay a contested decision end-to-end</strong>?</p></li><li><p>Can we show:</p><ul><li><p>design intent,</p></li><li><p>policy mapping,</p></li><li><p>testing and monitoring,</p></li><li><p>incident response,</p></li><li><p>and independent assurance?</p></li></ul></li></ul><p>If the answer to several of these is &#8220;no&#8221;, that doesn&#8217;t mean you stop everything. It means you have a <strong>roadmap for getting ready</strong> before regulators and courts force you to.</p><div><hr></div><h2><strong>8. Closing the loop on the outer ring</strong></h2><p>Across these three articles, the picture is:</p><ul><li><p>The <strong>CEO</strong> needs to hold growth, capital and risk in tension while deciding what kind of organisation they are building in an agentic world.</p></li><li><p>The <strong>Board</strong> needs to consciously authorise the use of agents as a behavioural system, not a tech toy &#8211; with real-time governance, not just quarterly hindsight.</p></li><li><p><strong>Regulators, supervisors, auditors and courts</strong> will ultimately judge whether your agentic system behaves like a responsible actor, or like an unsupervised experiment at scale.</p></li></ul><p>The common thread:</p><blockquote><p>You are not just &#8220;using AI&#8221;.</p><p>You are designing, governing and owning a <strong>behavioural system</strong> that acts in your name, at scale and at speed.</p></blockquote><p>For that, you&#8217;ll still need qualified legal counsel in your jurisdiction and sector.</p><p>But you also need an <strong>internal systems view of agentic behaviour</strong>, one that treats emergence, evidence and governance as first-class design constraints, not afterthoughts. That&#8217;s what this series is about.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Agentic AI and the Outer Ring of Power – Part 2]]></title><description><![CDATA[12 Questions Before the board should approve]]></description><link>https://thinkinginloops.substack.com/p/agentic-ai-and-the-outer-ring-of</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/agentic-ai-and-the-outer-ring-of</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Thu, 11 Dec 2025 12:18:04 GMT</pubDate><enclosure url="https://substack-post-media.s3.amazonaws.com/public/images/8a4ec5eb-d2b1-46cb-824f-86abcf173b2a_1024x1536.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2><strong>Agentic AI and the Board</strong></h2><p>In Part 1 of this series, I argued that an AI-literate CEO in an agentic enterprise has to hold three concurrent views:</p><ol><li><p><strong>Growth &amp; opportunity</strong> &#8211; where agents genuinely open new products, markets and cost curves.</p></li><li><p><strong>Capital &amp; narrative</strong> &#8211; how to give the board and investors a disciplined story and roadmap, not hand-waving.</p></li><li><p><strong>Risk, trust &amp; licence to operate</strong> &#8211; how to keep risk within bounds for regulators, ESG, customers and employees while delegating the right amount of authority to the C-suite and, through them, to the human+agent fabric.</p></li></ol><p>This article turns the lens outward to the <strong>board</strong>.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Most boards are now hearing some version of:</p><blockquote><p>&#8220;We&#8217;re piloting agents to automate X, Y, Z. The upside is huge.&#8221;</p></blockquote><p>The problem isn&#8217;t the upside.</p><p>The problem is the <strong>missing questions</strong>.</p><p>Agentic AI is not just &#8220;better automation&#8221;. It is:</p><ul><li><p>systems that are goal-seeking and route-choosing,</p></li><li><p>chaining tools, data and decisions,</p></li><li><p>operating at a speed and scale no committee can track in real time.</p></li></ul><p>When a board approves &#8220;going agentic&#8221;, it is implicitly signing off on a new <strong>substrate of value and risk</strong>.</p><p>This article is about how to do that consciously.</p><div><hr></div><h2><strong>1. Why this belongs on the board agenda at all</strong></h2><p>Boards don&#8217;t oversee transformers, prompts or CUDA kernels. They never go line-by-line through an ERP or a core banking system either.</p><p>Agentic AI belongs on the board agenda because it changes:</p><ul><li><p><strong>How</strong> the firm takes decisions that move cash, risk and reputation.</p></li><li><p><strong>Who</strong> (or what) is allowed to act in the firm&#8217;s name.</p></li><li><p><strong>What kind of incidents and liabilities</strong> become possible when those systems misbehave.</p></li></ul><p>You&#8217;re not approving a tool.</p><p>You&#8217;re authorising a new <strong>behavioural system</strong> inside the firm.</p><p>That cuts directly across the board&#8217;s core responsibilities:</p><ul><li><p>Strategy and business model.</p></li><li><p>Risk and internal control.</p></li><li><p>Capital allocation.</p></li><li><p>Culture, conduct and licence to operate.</p></li></ul><p>That&#8217;s why agentic AI requires explicit <strong>endorsement and oversight</strong>, not just a line item in the CIO report.</p><div><hr></div><h2><strong>2. How a board should use this question set</strong></h2><p>This is not a quiz for the CTO and it&#8217;s not a compliance checklist.</p><p>It&#8217;s a way for the <strong>board to discharge its core duties</strong> in an agentic world:</p><ul><li><p><strong>Strategy &amp; value creation</strong> &#8211; are we using agents where they genuinely change the game?</p></li><li><p><strong>Risk, resilience &amp; licence to operate</strong> &#8211; do we understand the new failure modes, blast radius and regulatory exposure?</p></li><li><p><strong>Capital allocation &amp; oversight</strong> &#8211; are we treating the agentic fabric as an asset with owners and metrics, or as magic dust sprinkled over slides?</p></li><li><p><strong>Governance in time</strong> &#8211; are we hearing about agentic behaviour when it <em>matters</em> (event-based), or only as a retrospective story at the next quarterly pack?</p></li></ul><p>Practically, you can use the questions to:</p><ul><li><p><strong>Frame a dedicated agentic session</strong></p><p>Invite the CEO, COO, CFO, CTO, CIO, CRO, General Counsel, and Head of Internal Audit. Divide the questions: &#8220;Which ones are you on the hook for?&#8221;</p></li><li><p><strong>Assess maturity</strong></p><p>For each question, mark:</p><ul><li><p><strong>Red</strong> &#8211; no answer, or pure aspiration.</p></li><li><p><strong>Amber</strong> &#8211; partial answer, pilots, or siloed practice.</p></li><li><p><strong>Green</strong> &#8211; clear position, operating practice, and evidence.</p></li></ul></li><li><p><strong>Drive follow-up</strong></p><p>For every red/amber:</p><ul><li><p>Who is accountable?</p></li><li><p>What is the 90-day plan?</p></li><li><p>What trade-offs or investments need board approval?</p></li><li><p>What events should trigger <strong>real-time reporting</strong> to the chair or audit/risk committee, not just a paragraph in next quarter&#8217;s report?</p></li></ul></li></ul><h3><strong>Real-time governance vs quarterly hindsight</strong></h3><p>Traditional board oversight runs on a quarterly cadence: papers, packs, committees.</p><p>Agentic behaviour doesn&#8217;t. It runs continuously.</p><p>The board does <strong>not</strong> need a live console. It <strong>does</strong> need to insist on:</p><ul><li><p>a small set of <strong>event-based triggers</strong> where the chair or audit/risk committee is notified <em>when it happens</em>, not three months later</p><p>(for example: exposures breaching a limit, systemic compliance failures, repeated Sentinel STOPs in a critical flow);</p></li><li><p>a clear distinction between <strong>&#8220;operational incidents&#8221;</strong> that stay within management, and <strong>&#8220;governance-level incidents&#8221;</strong> that automatically surface to the board;</p></li><li><p>a standing <strong>dashboard for audit/risk</strong> with:</p><ul><li><p>counts and clusters of STOPs,</p></li><li><p>quarantined transactions,</p></li><li><p>significant changes to behavioural policies or risk dials,</p></li><li><p>key drift/entropy indicators.</p></li></ul></li></ul><p>The question isn&#8217;t &#8220;Should the board be in the loop?&#8221;</p><p>It&#8217;s: <strong>&#8220;On what events, and how fast?&#8221;</strong></p><p>You are not expected to design agents.</p><p>You <em>are</em> expected to insist on non-hand-wavy answers <strong>before</strong> you delegate decisions to them.</p><div><hr></div><h2><strong>3. The 12 questions</strong></h2><h3><strong>1. Where do we actually want agents to exist in our business?</strong></h3><ul><li><p>Which domains are <strong>in scope</strong> (support, procurement, FP&amp;A, <strong>internal audit, compliance</strong>, operations, risk, HR&#8230;)?</p></li><li><p>Which are <strong>explicitly out of scope</strong> for now (safety-critical, reputation-critical, or deeply human relationship work)?</p></li><li><p>Is there a <strong>map</strong> of &#8220;agentic zones&#8221; vs &#8220;human-only zones&#8221; &#8211; or just a list of pilots and vendor demos?</p></li></ul><p>If the board can&#8217;t see the map, it&#8217;s already flying blind.</p><div><hr></div><h3><strong>2. What decisions are we delegating &#8211; and at what elevation?</strong></h3><ul><li><p>Are agents handling <strong>micro-decisions</strong> (retrieval, drafting, checks)&#8230;</p></li><li><p>&#8230;or <strong>elevated decisions</strong> (who gets hired, which contract terms we accept, which customers get credit, which deals we pursue, how budgets get shaped)?</p></li><li><p>Where does <strong>advice stop</strong> and <strong>decide-and-act</strong> begin?</p></li></ul><p>The board doesn&#8217;t need to micromanage individual flows, but it does need to know <strong>which classes of decisions</strong> are now agent-influenced or agent-led.</p><div><hr></div><h3><strong>3. Who owns risk appetite in an agentic world?</strong></h3><ul><li><p>Who sets how <strong>aggressive vs conservative</strong> agents are allowed to be in:</p><ul><li><p>approvals and exceptions,</p></li><li><p>pricing and discounts,</p></li><li><p>credit and underwriting,</p></li><li><p>escalations and collections,</p></li><li><p>compliance alerts and internal audit triggers?</p></li></ul></li><li><p>Is this explicitly owned by the <strong>COO/CFO and risk</strong>, or quietly tuned by technical teams and vendors?</p></li><li><p>Is there a documented <strong>&#8220;risk dial&#8221;</strong> per domain, or just default model behaviour?</p></li></ul><p>If no one owns the dials, the dials will be owned by whoever has access to the prompt templates.</p><div><hr></div><h3><strong>4. What is the business case beyond &#8220;efficiency slides&#8221;?</strong></h3><ul><li><p>Where does agentic AI unlock <strong>genuinely new possibility space</strong> &#8211; things the firm simply couldn&#8217;t do before?</p></li><li><p>Where are we just doing <strong>classic optimisation</strong> (faster workflows, fewer people) dressed up in trendy language?</p></li><li><p>Are we seeing <strong>both sides of the balance sheet</strong>:</p><ul><li><p>growth and cost improvements,</p></li><li><p><em>and</em> the cost of new failure modes, incidents, litigation, regulatory sanctions and reputational damage?</p></li></ul></li></ul><p>If the business case only has an upside slide and no credible downside analysis, it&#8217;s not ready for approval.</p><div><hr></div><h3><strong>5. Do we have a coherent agentic fabric, or just clever point solutions?</strong></h3><ul><li><p>Is there a <strong>shared fabric</strong> of:</p><ul><li><p>models,</p></li><li><p>tools and APIs,</p></li><li><p>Sentinels and critics,</p></li><li><p>dead-letter queues (DLQs),</p></li><li><p>telemetry and evaluation</p><p>that new use cases plug into?</p></li></ul></li><li><p>Or are we deploying <strong>isolated agents</strong> per vendor, per department, per project?</p></li><li><p>If we drew our &#8220;agentic architecture&#8221; on a single page, would it look like a <strong>system</strong> &#8211; or like a vendor salad?</p></li></ul><p>Point solutions can be impressive. They&#8217;re also hard to govern. The board should be able to see the fabric.</p><div><hr></div><h3><strong>6. Who owns the behavioural model of the firm?</strong></h3><p>Agents don&#8217;t just run on weights and tokens. They run on the <strong>behavioural model</strong> the company wraps around them:</p><ul><li><p>prompts and templates,</p></li><li><p>policies, thresholds and guardrails,</p></li><li><p>critics, Sentinels and escalation rules.</p></li></ul><p>Key questions:</p><ul><li><p>Do we <strong>own and control</strong> that behavioural logic &#8211; can we inspect it, change it, and defend it?</p></li><li><p>Or is it effectively outsourced to vendors and consulting firms?</p></li><li><p>Are we treating this as <strong>strategic IP and a capital asset</strong>, or as invisible plumbing?</p></li></ul><p>Vendors and advisors have a role. But they won&#8217;t carry the responsibility for behaviour, LLMs are probabilistic, not deterministic, and they certainly won&#8217;t carry the liability when agentic systems misbehave.</p><p>If the behavioural model isn&#8217;t treated as IP, the firm is handing someone else the steering wheel for its future.</p><div><hr></div><h3><strong>7. How do we detect when the system is drifting or entropying?</strong></h3><p>All learning systems drift. Embeddings age. Data shifts. Incentives move.</p><ul><li><p>What telemetry tells us that:</p><ul><li><p>outputs are becoming noisier,</p></li><li><p>reasoning is slipping,</p></li><li><p>previously safe behaviours are degrading?</p></li></ul></li><li><p>Do we have a notion of <strong>&#8220;too much entropy&#8221;</strong>:</p><ul><li><p>a point where certain agents must be re-embedded,</p></li><li><p>retrained,</p></li><li><p>or temporarily constrained?</p></li></ul></li><li><p>Who is accountable for <strong>watching those curves</strong> and acting on them, and how do findings route into <strong>risk, compliance and internal audit</strong>, not just engineering?</p></li></ul><p>If drift and entropy are nobody&#8217;s problem, they will quietly become everybody&#8217;s problem.</p><div><hr></div><h3><strong>8. What is our plan for agentic incidents?</strong></h3><p>When a critical agent misbehaves, is that treated as:</p><ul><li><p>&#8220;just a bug&#8221;,</p></li><li><p>or as a <strong>potential war-room event</strong> until proven otherwise?</p></li></ul><p>For example: would the board be comfortable hearing, three months after the fact:</p><blockquote><p>&#8220;Last quarter our credit agents under-signed an extra 100m in exposure. Everything is fine, we rebooted the system.&#8221;</p></blockquote><p>Probably not.</p><p>Boards should insist that <strong>any material agentic incident is treated as a war-room candidate</strong> from the moment it is detected, not as a line item in a quarterly slide.</p><p>Basic board-level expectations:</p><ul><li><p>For a major incident, we can reconstruct:</p><ul><li><p>what the agent saw,</p></li><li><p>what it decided,</p></li><li><p>which tools it called,</p></li><li><p>how critics and Sentinels responded,</p></li><li><p>where human approvals were (or were not) in the loop.</p></li></ul></li><li><p>We have:</p><ul><li><p>a <strong>taxonomy of incidents</strong> (behavioural vs infrastructure vs data vs policy),</p></li><li><p>named <strong>owners</strong> for each class,</p></li><li><p>clear <strong>escalation paths</strong> up to the C-suite and, when material, to the board.</p></li></ul></li><li><p>There are defined <strong>event-based triggers</strong> where the chair or audit/risk committee is informed <strong>in real time</strong>, not at the end of the quarter:</p><ul><li><p>exposure beyond a set threshold,</p></li><li><p>systemic bias or compliance failures,</p></li><li><p>repeated Sentinel STOPs in critical flows,</p></li><li><p>any agentic incident that internal audit classifies as <strong>&#8220;material&#8221;</strong>.</p></li></ul></li></ul><p>The board, typically through the <strong>audit and risk committee</strong>, should also see how <strong>internal audit</strong> will use agentic logs and Sentinel decisions as raw material for independent assurance, rather than being bypassed by automated flows.</p><div><hr></div><h3><strong>9. How does this change the COO, CFO, CTO and CIO mandates?</strong></h3><p>Agentic AI doesn&#8217;t just add tasks. It <strong>changes roles</strong>.</p><p>A board should be able to see that, on paper:</p><ul><li><p>The <strong>COO</strong> now runs a mixed human+agent fabric, not just &#8220;operations&#8221;.</p></li><li><p>The <strong>CFO</strong> is accountable for where agents touch <strong>cash, P&amp;L, balance sheet and honest numbers</strong>, pricing, credit, FP&amp;A, <strong>internal audit and compliance reporting</strong> (for example GAAP/IFRS accounts, regulatory filings, capital and liquidity metrics).</p></li><li><p>The <strong>CTO</strong> owns the design and evolution of the <strong>agentic fabric</strong>, architectures, figures of merit, and the R&amp;D portfolio behind it.</p></li><li><p>The <strong>CIO</strong> owns the safe running of that fabric in production, deployment, observability, incidents, war rooms, security and data protection.</p></li></ul><p>The <strong>Head of Internal Audit</strong> should have a clear mandate to:</p><ul><li><p>audit agentic behaviour,</p></li><li><p>challenge the adequacy of guardrails and Sentinels,</p></li><li><p>and report independently to the audit committee on the effectiveness of controls around agents.</p></li></ul><p>If the job descriptions haven&#8217;t changed but the reality has, you&#8217;re relying on individual heroics, not governance.</p><div><hr></div><h3><strong>10. Are we building internal capability, or renting it?</strong></h3><p>Boards should be wary of the &#8220;consultants will handle it&#8221; reflex.</p><ul><li><p>Do we have internal people who can:</p><ul><li><p>design agentic workflows,</p></li><li><p>implement guardrails and Sentinel logic,</p></li><li><p>interpret telemetry and incidents,</p></li><li><p>and continuously evolve the fabric?</p></li></ul></li><li><p>Do <strong>risk, compliance and internal audit</strong> have enough AI literacy to:</p><ul><li><p>understand how agents behave,</p></li><li><p>challenge design choices,</p></li><li><p>and design independent checks?</p></li></ul></li><li><p>Or are we depending on external firms who <strong>won&#8217;t carry the liability</strong> when something goes wrong?</p></li><li><p>Are we using vendors and advisors to <strong>accelerate capability building</strong>, or to <strong>substitute</strong> for a capability we&#8217;re unwilling to build?</p></li></ul><p>In many jurisdictions, the work of designing and governing your behavioural model is also <strong>R&amp;D</strong>, something that can be capitalised and may qualify for tax incentives. Renting it out is not just a risk decision; it&#8217;s a capital allocation decision.</p><div><hr></div><h3><strong>11. How will this play in front of a regulator or a court?</strong></h3><p>Agentic AI will not live in a legal vacuum for long.</p><p>Boards should insist on a simple thought experiment:</p><ul><li><p>If a regulator or court asks &#8220;Why did your system behave this way?&#8221;, can we:</p><ul><li><p>show the design intent,</p></li><li><p>show the policies and risk appetite,</p></li><li><p>show the traces,</p></li><li><p>show what internal audit concluded,</p></li><li><p>show what we changed afterwards?</p></li></ul></li></ul><p>Or would we be forced to say, &#8220;The model did something unexpected&#8221;?</p><p>Early cases in many sectors will likely be <strong>landmark cases</strong>. You want to be the firm that can tell a coherent, evidenced story, not the one pleading opacity.</p><div><hr></div><h3><strong>12. What is our break-glass plan?</strong></h3><p>Traditional DR/BCP assumes:</p><ul><li><p>something breaks,</p></li><li><p>you fail over to a backup,</p></li><li><p>the business resumes.</p></li></ul><p>Agentic incidents don&#8217;t always work that way.</p><p>If a wave of agents receives <strong>STOP</strong> or <strong>QUARANTINE</strong> signals at once, because a Sentinel flagged drift, or an upstream data feed corrupted, or a systemic pattern was detected, then:</p><ul><li><p>which flows pause?</p></li><li><p>which decisions are delayed?</p></li><li><p>which customers, regulators or markets are affected?</p></li><li><p>who decides when to <strong>break the glass</strong> and:</p><ul><li><p>downgrade autonomy,</p></li><li><p>roll back a behavioural change,</p></li><li><p>or temporarily suspend agentic flows?</p></li></ul></li></ul><p>Boards don&#8217;t need a console view.</p><p>But they should know:</p><ul><li><p><strong>what gets sacrificed first</strong>,</p></li><li><p><strong>who owns that decision</strong>, and</p></li><li><p><strong>what minimum reporting they expect within 24&#8211;48 hours</strong> when autonomy has to be dialled down in anger &#8211; not as a post-mortem, but as a live governance update.</p></li></ul><div><hr></div><h2><strong>4. What &#8220;good&#8221; looks like from the board&#8217;s side</strong></h2><p>A mature board posture around agentic AI doesn&#8217;t mean every box is green.</p><p>It means:</p><ul><li><p>The <strong>CEO</strong> can explain the overall agentic strategy through the three views: growth, capital, risk/trust.</p></li><li><p>The <strong>COO, CFO, CTO, CIO and Head of Internal Audit</strong> each know which of the 12 questions they own, and can show working, not just slides.</p></li><li><p>The board has:</p><ul><li><p>a clear <strong>map of where agents live</strong>,</p></li><li><p>a visible <strong>agentic fabric</strong> (not just scattered tools),</p></li><li><p>evidence of <strong>internal capability building</strong> across tech, risk, compliance and audit,</p></li><li><p>and a credible <strong>plan for drift, incidents, war rooms and break-glass events</strong>, with event-based triggers for real-time reporting.</p></li></ul></li></ul><p>Most importantly, &#8220;agentic AI&#8221; stops being a marketing label and becomes:</p><blockquote><p>A behavioural system that the firm designs, governs and owns, and that the board consciously chooses to authorise within a defined envelope.</p></blockquote><div><hr></div><h2><strong>5. What&#8217;s next &#8211; Regulators and Courts</strong></h2><p>This article is <strong>Part 2</strong> of <em>Agentic AI and the Outer Ring of Power</em>.</p><ul><li><p><strong>Part 1</strong> looked at the <strong>CEO</strong>: holding growth, capital and risk in tension while delegating to a human+agent fabric.</p></li><li><p><strong>Part 2</strong> (this piece) gives boards a concrete question set to turn &#8220;agentic strategy&#8221; from hype into governance.</p></li><li><p><strong>Part 3</strong> will look at <strong>Regulators and Courts</strong>: emerging expectations, likely fault lines in early cases, and why outsourcing your behavioural model is a liability, not a shortcut.</p></li></ul><p>If you sit on a board, the key message is simple:</p><p>You don&#8217;t need to design agents.</p><p>But you do need to <strong>own the decision</strong> to let them act in your name, with your eyes open, and your governance wired for real time, not just quarterly hindsight.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Agentic AI and the CEO]]></title><description><![CDATA[Leading a Business That Delegates Decisions to Machines]]></description><link>https://thinkinginloops.substack.com/p/agentic-ai-and-the-ceo</link><guid isPermaLink="false">https://thinkinginloops.substack.com/p/agentic-ai-and-the-ceo</guid><dc:creator><![CDATA[Philippe Xanthopoulos]]></dc:creator><pubDate>Wed, 10 Dec 2025 12:17:34 GMT</pubDate><enclosure url="https://substack-post-media.s3.amazonaws.com/public/images/8c86f6bc-55fd-4026-a398-6c43e5b7809b_1024x1536.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><strong>Agentic AI and the Outer Ring of Power &#8211; Part 1</strong></p><p>This article kicks off a new 3-part series on <strong>agentic AI and the outer ring of power</strong>:</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><ul><li><p><strong>Part 1 &#8211; The CEO:</strong> how to grow the business, keep capital confident, and manage risk and licence to operate when decisions are increasingly delegated to machines.</p></li><li><p><strong>Part 2 &#8211; The Board:</strong> the questions a serious board should ask <em>before</em> it approves &#8220;agentic AI&#8221; as a strategy.</p></li><li><p><strong>Part 3 &#8211; Regulators and Courts:</strong> what happens when your agents meet supervision, jurisprudence and ESG expectations.</p></li></ul><p>The earlier series (business case, use cases, governance, plus COO/CFO/CTO/CIO) looked <strong>inside the firm</strong>: how the agentic fabric is designed and run.</p><p>This new series looks at the <strong>outer ring</strong>:</p><p>who ultimately signs off on delegating decisions to non-human actors, what they should demand in return, and how they stay inside a defensible envelope when things go wrong.</p><div><hr></div><p>Most CEOs today are hearing the same pitch in different slideware:</p><blockquote><p>&#8220;Agents will automate huge chunks of work, improve productivity, and free people up for higher-value tasks.&#8221;</p></blockquote><p>There&#8217;s truth in that. But once you move from simple automation to <strong>agentic AI</strong> &#8211; systems that are goal-seeking, tool-using and route-choosing &#8211; the CEO&#8217;s job changes in some deep ways.</p><blockquote><p><strong>You&#8217;re no longer just approving a tech initiative; you&#8217;re signing up to fundamentally change the internal DNA of how your company works, while keeping the business and value proposition recognisable to your customers and investors.</strong></p></blockquote><p>In an agentic enterprise, a CEO really needs to hold <strong>three concurrent views</strong>:</p><ol><li><p>A <strong>growth and opportunity view</strong> &#8211; how agentic AI can grow the business, open new products and markets, and reshape the cost base.</p></li><li><p>A <strong>capital and narrative view</strong> &#8211; how to keep the board and investors confident that this isn&#8217;t just hype: a clear strategy, roadmap, numbers, and a credible story about where autonomy will actually create value.</p></li><li><p>A <strong>risk, trust and licence-to-operate view</strong> &#8211; how to keep risk within bounds for regulators, ESG and society, while protecting customer and employee trust, costs and profits, by delegating the <em>right amount</em> of authority and responsibility to the C-suite and, through them, to the human+agent fabric.</p></li></ol><p>The job is not to pick one of these three; it&#8217;s to hold all three in tension and design a delegation chain where the COO, CFO, CTO and CIO each own their piece of the agentic system, with clear guardrails, telemetry and &#8220;break glass&#8221; conditions.</p><p>This piece is about that job.</p><div><hr></div><h2><strong>1. Baseline CEO &#8211; before agents</strong></h2><p>Across industries, a CEO&#8217;s role clusters around a few pillars:</p><ul><li><p>Set direction and narrative</p><p>&#8211; mission, strategy, &#8220;where we&#8217;re going and why&#8221;.</p></li><li><p>Allocate capital</p><p>&#8211; where money, talent and attention go.</p></li><li><p>Choose and align the top team</p><p>&#8211; who runs product, operations, finance, tech.</p></li><li><p>Shape culture and risk appetite</p><p>&#8211; what&#8217;s tolerated, rewarded, and never acceptable.</p></li><li><p>Represent the firm externally</p><p>&#8211; markets, regulators, investors, partners.</p></li></ul><p>Agentic AI doesn&#8217;t remove any of that.</p><p>It changes the <strong>system</strong> you&#8217;re steering underneath.</p><div><hr></div><h2><strong>2. View 1 &#8211; Growth and opportunity</strong></h2><p>Agentic AI isn&#8217;t just a cost story. If you treat it purely as &#8220;efficiency&#8221;, you&#8217;ll miss most of the upside.</p><h3><strong>2.1 Where does agentic AI create new possibility space &#8211; and a new trade space?</strong></h3><blockquote><p>Beyond automating tasks, a CEO should be asking where agentic AI opens up a <strong>new possibility space</strong>, and, inside it, a <strong>new trade space</strong> of products, service levels and cost structures that simply weren&#8217;t reachable before.</p></blockquote><ul><li><p>What products or services become <strong>viable only with agents</strong>?</p><p>&#8211; for example: 24/7 &#8220;mini-COO&#8221; services for SMEs, hyper-personalised support at scale, always-on procurement scouts, real-time FP&amp;A copilots.</p></li><li><p>Where could agents let us serve <strong>new segments</strong>?</p><p>&#8211; rural or low-infrastructure markets using small, local or 1-bit models that work offline or with unreliable connectivity;</p><p>&#8211; high-touch segments that can&#8217;t be reached with current headcount.</p></li><li><p>Where can we <strong>reshape our cost curve</strong> so that new lines of business make sense?</p></li></ul><p>If the answer to &#8220;What can we do now that we <em>could not</em> do before?&#8221; is fuzzy, it&#8217;s not strategy yet &#8211; it&#8217;s experimentation.</p><h3><strong>2.2 Agentic is not just optimisation</strong></h3><p>Classic automation:</p><ul><li><p>takes an existing process,</p></li><li><p>removes human touches,</p></li><li><p>makes the &#8220;river&#8221; straighter and faster.</p></li></ul><p>Agentic AI:</p><ul><li><p>lets you dig <strong>entirely new channels</strong> &#8211; new decision paths, new ways of combining internal and external data, new forms of always-on analysis and sensing.</p></li></ul><p>As CEO, you need to call out explicitly:</p><ul><li><p>&#8220;Here are the <strong>three to five</strong> places where agents change the game for our strategy,&#8221;</p></li><li><p>and &#8220;Here are the domains where agents are <em>strictly</em> optimisation and we&#8217;ll treat them as such.&#8221;</p></li></ul><h3><strong>2.3 Questions to ask in the growth lens</strong></h3><ul><li><p>Which revenue lines or products will be <strong>non-competitive</strong> in 3&#8211;5 years if we <em>donn&#8217;t</em> build agentic capabilities?</p></li><li><p>Where can agents <strong>amplify our best people</strong> (sales, product, operations) rather than just cut cost?</p></li><li><p>Where do small/local models (including low-precision and 1-bit) give us <strong>strategic reach</strong> &#8211; offline, at the edge, in underserved markets?</p></li></ul><div><hr></div><h2><strong>3. View 2 &#8211; Capital and narrative (board and investors)</strong></h2><p>Boards and investors don&#8217;t need a lecture on transformers. They need:</p><ul><li><p>a story that is <strong>strategic, not faddish</strong>,</p></li><li><p>a roadmap that is <strong>disciplined, not hand-wavy</strong>,</p></li><li><p>and a sense that you understand both <strong>upside and blast radius</strong>.</p></li></ul><h3><strong>3.1 From &#8220;AI programme&#8221; to agentic fabric as asset</strong></h3><p>You&#8217;re deciding whether the <strong>agentic fabric</strong>:</p><ul><li><p>is a side initiative in IT, or</p></li><li><p>becomes a long-term <strong>capital asset</strong> &#8211; something you invest in, govern and measure, like any major platform.</p></li></ul><p>That means being able to sketch, at board level:</p><ul><li><p>what the <strong>fabric</strong> is (models, tools, Sentinels, DLQs, evaluation, telemetry),</p></li><li><p>what <strong>figures of merit</strong> you care about (coverage of high-value flows, cost per decision, incident rates, explainability),</p></li><li><p>how it links to <strong>R&amp;D and product roadmaps</strong>, not just &#8220;efficiency projects&#8221;.</p></li></ul><h3><strong>3.2 Owning the behavioural model as IP</strong></h3><p>Investors understand IP.</p><p>The behavioural model of the firm &#8211; the prompts, policies, critics, guardrails that encode &#8220;how we do things here&#8221; &#8211; is <strong>company IP</strong>:</p><ul><li><p>you don&#8217;t share it lightly,</p></li><li><p>you don&#8217;t outsource it casually,</p></li><li><p>you expect a return on it over years.</p></li></ul><p>As CEO, your narrative to the board should make it clear that:</p><ul><li><p>vendors and advisors help <em>accelerate</em>,</p></li><li><p>but the <strong>behavioural logic</strong> is something you own, shape and can defend.</p></li></ul><h3><strong>3.3 Questions to ask in the capital lens</strong></h3><ul><li><p>If we capitalised this agentic fabric as an asset, what would we say are its <strong>figures of merit</strong> and its <strong>R&amp;D roadmap</strong>?</p></li><li><p>Where are we <strong>renting capability</strong> from vendors instead of building a core competence? Is that intentional and time-bounded?</p></li><li><p>Can we draw a <strong>clear line</strong> from agentic investment to:</p><ul><li><p>specific growth levers,</p></li><li><p>specific cost levers,</p></li><li><p>and specific risk reductions?</p></li></ul></li></ul><div><hr></div><h2><strong>4. View 3 &#8211; Risk, trust and licence to operate</strong></h2><p>This is where the CEO&#8217;s personal responsibility is most exposed.</p><p>Agentic AI changes:</p><ul><li><p>how you can fail,</p></li><li><p>how fast you can fail,</p></li><li><p>and how visible that failure will be to regulators, courts and the public.</p></li></ul><h3><strong>4.1 The delegation chain</strong></h3><p>In an agentic enterprise, delegation looks like:</p><blockquote><p>Board &#8594; CEO &#8594; C-suite (COO, CFO, CTO, CIO, etc.) &#8594; <strong>human+agent fabric</strong></p></blockquote><p>You&#8217;re not only delegating to executives. You&#8217;re implicitly delegating to:</p><ul><li><p>the <strong>agents</strong> they design and run,</p></li><li><p>the <strong>guardrails and Sentinels</strong> that are supposed to keep behaviour acceptable,</p></li><li><p>the <strong>incident playbooks</strong> that determine how you respond.</p></li></ul><p>The risk question becomes:</p><ul><li><p>&#8220;Have I delegated <strong>enough authority</strong> for them to use agents meaningfully&#8230;</p></li><li><p>&#8230;and <strong>enough structure</strong> for them to stay inside an envelope we can defend?&#8221;</p></li></ul><h3><strong>4.2 Internal and external trust</strong></h3><p>You&#8217;re balancing:</p><ul><li><p><strong>External trust</strong></p><p>&#8211; regulators, supervisors, ESG, media, public opinion.</p></li><li><p><strong>Internal trust</strong></p><p>&#8211; employees (what happens to my job, autonomy, dignity?),</p><p>&#8211; customers (am I being treated fairly, or optimised against?).</p></li></ul><p>Agentic systems will:</p><ul><li><p>tempt you to <strong>optimise aggressively</strong>,</p></li><li><p>surface <strong>awkward truths</strong> in logs and traces,</p></li><li><p>create <strong>ambiguous fault lines</strong> (&#8220;model vs human vs policy&#8221;).</p></li></ul><p>You need to be clear where you will <em>not</em> optimise, even if the model says you can.</p><h3><strong>4.3 Agentic incidents and war rooms</strong></h3><p>You should assume:</p><ul><li><p>Every serious agentic incident is <strong>potential war-room material</strong>.</p></li><li><p>Early cases in your sector will likely be <strong>jurisprudential</strong> (precedent-setting).</p></li></ul><p>As CEO, you want to see:</p><ul><li><p>that there is a <strong>taxonomy of incidents</strong>,</p></li><li><p>that <strong>traces and explanations</strong> exist for high-impact flows,</p></li><li><p>that there is a <strong>break-glass plan</strong> if multiple agents start issuing STOPs (and what that does to business continuity).</p></li></ul><h3><strong>4.4 Questions to ask in the risk lens</strong></h3><ul><li><p>If a regulator or court asks &#8220;Why did your system behave this way?&#8221;, can we show:</p><ul><li><p>design intent,</p></li><li><p>policies,</p></li><li><p>traces,</p></li><li><p>and corrective actions?</p></li></ul></li><li><p>Who has the authority to <strong>change dials</strong> (risk appetite, autonomy levels, tool scopes), and who signs off?</p></li><li><p>What is our <strong>break-glass scenario</strong> if many agents STOP at once? Who decides, and what gets sacrificed first?</p></li></ul><div><hr></div><h2><strong>5. What remains stubbornly human for the CEO</strong></h2><p>Even in a deeply agentic enterprise, there are things you cannot offload:</p><ul><li><p><strong>Choosing the game you play</strong></p><p>&#8211; markets, missions, values, what you refuse to do.</p></li><li><p><strong>Setting upper bounds on risk appetite</strong></p><p>&#8211; especially where cash, customers and safety intersect.</p></li><li><p><strong>Taking accountability</strong></p><p>&#8211; you can&#8217;t blame &#8220;the model&#8221; in front of a regulator or parliament; you approved the system that used it.</p></li><li><p><strong>Protecting the human core</strong></p><p>&#8211; how people are treated;</p><p>&#8211; what you reward in leaders when agentic shortcuts are tempting.</p></li></ul><p>Agentic AI is a force multiplier. It multiplies your best decisions &#8211; and your blind spots.</p><div><hr></div><h2><strong>6. The first 90 days of an AI-literate CEO</strong></h2><p>If you took over a company that&#8217;s &#8220;going agentic&#8221;, here&#8217;s a concrete sketch.</p><h3><strong>6.1 Weeks 1&#8211;3: Get the map</strong></h3><ul><li><p>Ask for a <strong>one-page map</strong> of:</p><ul><li><p>where agents are live,</p></li><li><p>where they&#8217;re planned,</p></li><li><p>what autonomy level they have,</p></li><li><p>where they touch cash, customers, compliance.</p></li></ul></li><li><p>Ask each of COO, CFO, CTO, CIO:</p><ul><li><p>&#8220;In your world, where do agents exist today, and what&#8217;s your biggest worry?&#8221;</p></li></ul></li></ul><h3><strong>6.2 Weeks 4&#8211;6: Clarify roles and ownership</strong></h3><ul><li><p>Convene an <strong>Agentic Governance session</strong> with COO, CFO, CTO, CIO, Risk, Legal.</p></li><li><p>Agree on:</p><ul><li><p>who owns <strong>risk appetite</strong> per domain,</p></li><li><p>who owns the <strong>behavioural model</strong> (policies, critics, Sentinels),</p></li><li><p>who owns <strong>incidents and war rooms</strong>.</p></li></ul></li><li><p>Update C-suite <strong>role definitions</strong> explicitly for an agentic context.</p></li></ul><h3><strong>6.3 Weeks 7&#8211;9: Set red lines and expectations</strong></h3><ul><li><p>Define, at exec + board level:</p><ul><li><p>domains where agents are <strong>never fully autonomous</strong>,</p></li><li><p>domains where <strong>delegate-and-act</strong> is acceptable,</p></li><li><p>preconditions for moving from <strong>pilot to production</strong>.</p></li></ul></li><li><p>Ask for:</p><ul><li><p>a draft <strong>agentic incident playbook</strong>,</p></li><li><p>a plan for <strong>traces and explainability</strong> in high-stakes flows,</p></li><li><p>a view on <strong>regulatory expectations</strong> in your sector.</p></li></ul></li></ul><h3><strong>6.4 Weeks 10&#8211;12: Anchor in capital and narrative</strong></h3><ul><li><p>Tie <strong>agentic investment</strong> into strategy and capital allocation:</p><ul><li><p>which initiatives are strategic bets vs &#8220;nice-to-have&#8221; automations,</p></li><li><p>which parts of the fabric you expect to treat as <strong>capital assets</strong>.</p></li></ul></li><li><p>Communicate internally:</p><ul><li><p>what agentic AI means <em>here</em>,</p></li><li><p>how it links to mission and values,</p></li><li><p>what it means (and doesn&#8217;t) for people&#8217;s roles.</p></li></ul></li><li><p>Communicate externally, carefully:</p><ul><li><p>your high-level stance on AI,</p></li><li><p>your commitments on safety and integrity,</p></li><li><p>your intent to <strong>own and govern</strong> behaviour, not outsource it.</p></li></ul></li></ul><div><hr></div><h2><strong>7. How this ties into the rest of the series</strong></h2><p>This CEO piece is the <strong>keystone</strong> in the outer ring:</p><ul><li><p>The COO article drills into running the mixed human+agent fabric day-to-day.</p></li><li><p>The CFO article goes into agents at the intersection of growth, cost and &#8220;honest numbers&#8221;.</p></li><li><p>The CTO/CIO article explains who designs the agentic fabric and who runs it safely.</p></li><li><p><strong>Part 2</strong> of this outer-ring series will focus on the <strong>Board</strong>: a practical question set boards can use to probe whether &#8220;going agentic&#8221; is strategy or wishful thinking.</p></li><li><p><strong>Part 3</strong> will look at <strong>Regulators and Courts</strong>: early jurisprudence, what &#8220;explainable enough&#8221; is likely to mean, and why outsourcing your behavioural model is a liability, not a shortcut.</p></li></ul><p>As CEO, your job is to align all of that to those three views:</p><ul><li><p>growth and opportunity,</p></li><li><p>capital and narrative,</p></li><li><p>risk, trust and licence to operate.</p></li></ul><p>And to be the one who says:</p><blockquote><p>&#8220;We&#8217;re not just buying agentic tools. We are designing, governing and owning a behavioural system that acts in our name. Show me that we deserve that responsibility.&#8221;</p></blockquote><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://thinkinginloops.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading Philippe's Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item></channel></rss>