“We must do something with AI” is increasingly what passes for strategy in many boardrooms and in discussions among frontline employees.
Almost everyone feels the pressure to use AI – they’re just not sure what to do, where to start or where the greatest value lies. The desire to move at pace, however, is risky. Lacking any real structure to their approach, organisations end up with a form of tech chaos and compliance problems.
The organisations that make a real success of AI – in other words they don’t just implement it, they get value out of it – follow a different path. Like children maturing, they crawl, walk and then they run, in that order.
They treat AI adoption as a progression rather than a Big Bang event. This helps them build confidence, establish control and ensure their AI investment serves up outcomes they can measure.
The crawl phase - where it is safe to explore
The crawl phase is about creating the conditions for safe experimentation, rather than automating entire processes or deploying autonomous agents across the business. Policy has to come before scaling up, and organisations need to define where they use AI tools. They must decide which platforms to approve, the data they can share and how AI outputs are reviewed.
Governance frameworks must be instituted to ensure compliance obligations are met, along with the demands of data protection regulation and the protection of, and respect for, intellectual property.
Avoiding risky behaviour
This can all feel like grinding, frustrating bureaucracy to senior executives in a hurry to see AI investment deliver. Yet consider the alternatives. Public AI tools are known to create risk through data leakage, unmanaged prompts and a less-than-rigorous approach to the use of proprietary information.
The gaping holes in compliance are wide open before legal, cyber security or risk teams have a chance to assess them. In these instances, it is very easy for an organisation to find itself reacting to incidents rather than implementing a defined strategy. If, on the other hand, organisations take time to complete the crawl phase, their AI will have firm rather than shifting foundations.
This is the point at which AI should be tied to business priorities. AI projects are notorious for starting with the technology rather than the problem organisations need to solve. They can avoid this by identifying where AI can improve speed, decision-making, service delivery or operational resilience.
Walk in small steps to start with
The walk phase commences after governance is taken care of, moving into targeted application. An important consideration here is to focus on specific use cases rather than the enterprise-wide transformation that gets into the headlines. Use cases with defined boundaries, accountable owners and realistic prospects of success that can be measured should be the priority.
Practical examples include AI-assisted ticket triage to make IT more efficient, or predictive insights in finance, or workflow summarisation in operations. The intentionally narrow scope of these use cases means they are more likely to deliver value, help identify points of friction and redefine governance. They also offer a prime opportunity to observe how well human-AI interaction works and whether the balance is right. This is the stage where use cases likely to create more friction than benefit start to emerge and vice versa.
The arrival of agentic AI
It is also where agentic AI comes over the horizon, creating new opportunities, but raising the stakes. Agentic systems take action, make decisions, and respond to dynamic inputs with less direct human intervention.
For people running an organisation, that autonomy should be treated with caution, not merely a technical feature. What authority is being delegated? What systems can the agent access? What escalation path exists when something goes wrong? This walk phase gives organisations a chance to answer those questions before broader roll-out.
Up and running
The run phase is where AI is integral to business operations and not just a layer on top. With governance in place and the evidence from pilot projects with clear metrics to define value, internal buy-in is easier. The organisation can embed AI right into its workflows, achieving, for example, end-to-end process automation or orchestration across functions.
Decision intelligence – using predictive insights and scenarios based on trusted data – helps key people in the business make the right calls more often and much more quickly. AI changes from a brilliant productivity tool into an operational accelerator.
The hurdles – and how to surmount them
If it was this straightforward, why do so many organisations stumble? Primarily because they try to run before they can crawl. They treat AI as a technology project rather than a business strategy. The elements of governance, cyber security, workforce design, change management and executive accountability all must be addressed. Neglecting these elements undermines delivery.
They also become more important as maturity progresses, and AI systems gain access to more sensitive data and start interacting with business-critical workflows. Oversight, control and auditability all need to mature in parallel because regulatory scrutiny is likely to intensify.
AI is not simply about speed but trajectory. Organisations following the crawl, walk and run approach will move beyond implementation to operationalise AI strategically for real, long-term competitive advantage. There is little to be gained from cutting corners or trying to run too early.
Michael Gray
Michael Gray is Chief Technology Officer at Thrive, a global technology outsourcing provider specialising in cybersecurity, cloud solutions and traditional managed service provider services.
