What is AI advisory and why do organisations need it?

AI advisory helps organisations navigate the complex AI landscape to find real value beyond the hype. Most AI projects fail not because of technology, but because of context problems, coordination gaps, and capability issues. AI advisory addresses these practical blockers to help you build AI capabilities that actually work.

What is context engineering in AI?

Context engineering is the discipline of designing what AI knows, when it knows it, and how that knowledge is structured. It's about giving AI the right information at the right time. Most AI failures are context failures - the model is capable, but it doesn't have the information it needs to help you effectively.

What's the difference between AI tools and AI fluency?

AI tools are software you can access. AI fluency is the ability to think with AI - to know when and how to use it effectively, to structure problems for AI collaboration, and to evaluate AI outputs critically. Many teams have tool access but struggle to get consistent value because they lack genuine fluency.

How do skills-based AI systems differ from traditional AI agents?

Traditional multi-agent systems create separate AI agents for different tasks. Skills-based systems give one AI agent multiple skills - packaged expertise it can invoke as needed. Skills compound: every skill you create is available to everyone, forever. This approach is simpler to maintain and scales organisational intelligence.

Which AI model should my organisation use - Claude, GPT, or Gemini?

The best model depends on your specific use case, data sensitivity requirements, and integration needs. Claude excels at nuanced reasoning and safety. GPT has the largest ecosystem. Gemini offers strong multimodal capabilities and Google integration. We help organisations evaluate options against their actual requirements rather than following hype.

PANDIONSTUDIO

AI CAPABILITY • FOUNDATION

The Foundation

Strategy, data, sustainability, and the adoption landscape

Seven practical foundation areas that help AI work in the real world: direction, data, economics, privacy, sustainability, adoption, and risk.

Cross-pillar bridge: AI Foundation (here) · Markets and Compliance (Capability pillar) →

AT A GLANCE

The whole foundation in one view

Seven sections, grouped by where they sit in your AI thinking. Click any card to open the detail below.

Strategy & Governance

2 sections

Data & Readiness

3 sections

Responsible AI

2 sections

The decisions your organisation needs to make — AI strategy, governance frameworks, vendor selection, and policy.

FOUNDATION LENS FOR SMALL TEAMS

For a solo operator, micro-business, or small practice, foundation does not mean building an enterprise AI office. It means making a few explicit choices: which tools are approved, what stays private, who owns the working method, how much experimentation is affordable, and where human judgement must stay in the loop.

In 30 Seconds

AI Strategy answers: Where are we going with AI, and why? AI Governance answers: How do we get there safely and responsibly?

Most organisations need both – but many have one without the other. A strategy without governance creates risk. Governance without strategy creates bureaucracy.

Where we help: Connecting strategy to execution. Many organisations have AI strategies that never translate into capability. We bridge that gap through practical implementation – making decisions actionable while keeping governance embedded in workflows.

Two Distinct Disciplines

AI Strategy

“What are we trying to achieve with AI?”

• Vision: How AI fits your business direction
• Priorities: Which use cases matter most
• Investment: Where to allocate resources
• Roadmap: Sequencing and dependencies
• Measurement: How you'll know it's working
• Efficiency vs Opportunity: Are you using AI to cut costs or to expand capacity? Jensen Huang: “companies with imagination will do more with more.” Organisations using AI to expand what's possible outperform those focused purely on headcount reduction.

AI Governance

“How do we use AI safely and responsibly?”

• Policy: What's allowed, what's not
• Risk: Identifying and managing AI-specific risks
• Compliance: Regulatory requirements (EU AI Act, etc.)
• Accountability: Who decides what, and who's responsible
• Controls: Technical and procedural safeguards

What Organisations Need to Implement

Effective AI strategy and governance requires concrete components – not just documents.

Strategy Components

AI Vision Statement

Clear articulation of how AI supports business objectives – shared across leadership.

Use Case Portfolio

Prioritised list of AI applications with business cases and success criteria.

Investment Framework

Budget allocation, build vs buy decisions, and ROI measurement approach.

Capability Roadmap

Sequenced plan for building AI capability – technology, people, and process.

Governance Components

AI Policy

Clear expectations for AI use – what's permitted, what requires approval, what's prohibited.

Roles & Responsibilities

Who owns AI decisions across legal, tech, data, risk, and business functions.

Risk Framework

AI-specific risk assessment – layered by use case risk level (internal vs customer-facing).

Technical Controls

Approved tools, data classification, access controls, and monitoring.

Decision Trace Logging

Record exceptions, approvals, and rationale so decisions are explainable and auditable.

Canonical Truth Contracts

Clear ownership of which systems are authoritative for critical metrics and records.

The Connecting Tissue

Working Groups

Cross-functional forums connecting strategy direction with governance requirements.

Leadership Fluency

Board and executive capability to set direction and govern effectively.

AI Compliance Frameworks

A distinct AI-specific compliance landscape is emerging alongside the established standards. These frameworks define what good looks like for AI governance, risk, and assurance.

ISO/IEC 42001

AI management systems standard. The first ISO certification specifically for organisations that develop, provide, or use AI. Sits alongside ISO 27001 in scope and structure.

EU AI Act

Risk-tiered AI regulation in the EU. Prohibited, high-risk, limited-risk, and minimal-risk categories, each with distinct obligations on providers, deployers, importers, and distributors.

NIST AI RMF

Voluntary AI risk management framework from NIST. Trustworthy AI characteristics: valid and reliable, safe, secure and resilient, accountable and transparent, explainable, privacy-enhanced, and fair.

OWASP LLM Top 10

LLM-specific security risks practitioners actually face: prompt injection, sensitive information disclosure, supply chain risks, training data poisoning, insecure output handling, and equivalents.

The cross-pillar question. What does AI use do to your existing compliance posture?

Most organisations are not starting from zero. ISO 27001, SOC 2, and GDPR are already in place. The live question is how AI use changes the evidence required for those existing frameworks, and where new AI-specific frameworks layer on top. This is now the most common compliance conversation we see in practice.

For the wider compliance picture (ISO 27001, SOC 2, GDPR, sector regimes), see Markets and Compliance.

Privacy by Architecture

Confidentiality is not just a legal concern. It is a trust and adoption barrier. If teams cannot prove how sensitive data is protected, AI use stalls or moves underground.

Technical Guarantees

• Data minimisation and selective retrieval
• Encryption in transit and at rest, with clear key ownership
• Auditable access controls and approved tool lists
• Clear data retention and deletion paths

Workflow Safeguards

• Informed consent for sensitive use cases
• Minimal identifiers and redaction by default
• Human review and accountability for outputs
• Usage logging and periodic audits

Policy promises are not enough. The bar is technical proof and repeatable safeguards that stand up to audit.

Governance as Enabler

The most effective organisations treat governance as a way to move faster, not slower.

Blocking Governance	Enabling Governance
Rules without clarity	Clear expectations everyone understands
Block external tools	Provide approved alternatives
Fear-based compliance	Education-based empowerment
Policies on shelves	Governance embedded in tools and workflows

When governance is done well, employees know exactly what's expected. They have approved tools that work. They feel safe to experiment within clear boundaries. Auditability comes from decision traces, not just policy documents. The result: more innovation, not less.

Trust Maturity: From Approval to Monitoring

Research into how people actually use AI agents reveals a clear maturity pattern. The shift from new to experienced AI use isn't “hands off” – it's “hands different.”

Early-Stage Teams

• Approve most AI actions manually
• Rarely interrupt or redirect
• Treat AI as subordinate needing oversight
• Default to short, safe, familiar tasks

Mature Teams

• Auto-approve 40% of routine actions
• Interrupt nearly twice as often on what matters
• Treat AI as a colleague they trust but actively steer
• Delegate complex, multi-step, hours-long work

What This Means for Governance

Governance frameworks need to evolve with trust maturity. A team using AI for the first time needs different guardrails than one that's been working with it for six months. Static, one-size-fits-all policies either restrict experienced teams or give too much latitude to new ones.

What people actually worry about: Anthropic's 81,000-person study (March 2026) found that unreliability (26.7%) is the #1 concern — ahead of job loss (22.3%), autonomy loss (21.9%), and cognitive atrophy (16.3%). This reframes governance priorities: trust infrastructure and quality assurance matter more than workforce protection theatre.

The most effective approach: tiered governance that matches the team's trust maturity. Low-risk tasks with clear boundaries can move to monitoring faster. High-stakes decisions keep human approval regardless of maturity.

A reassuring finding: AI agents stop themselves to ask for clarification twice as often as humans interrupt them. The risk isn't that AI will “run away” with a task – it's that teams won't push AI far enough. Good governance enables that push.

Measuring AI ROI

Understanding what value you're pursuing – and how to measure it – is a strategic decision.

NEW — MARCH 2026

Efficiency AI vs Opportunity AI

Efficiency AI

Doing existing work faster, cheaper, or with fewer errors. Automation, summarisation, data processing. Measurable, often the starting point. ROI is relatively straightforward.

Opportunity AI

Doing things that weren't previously possible. New capabilities, new insights, new products. Harder to measure, often more valuable. ROI requires new frameworks because there's no baseline to compare against.

The strategic question: Most organisations start with Efficiency AI because it's easier to justify. But Opportunity AI is where the competitive advantage lives. The best strategies invest in both – using efficiency gains to fund opportunity exploration.

Types of AI Value

Efficiency Benefits

Easier to quantify, often the starting point:

• Time savings: Hours saved on routine tasks
• Cost reduction: Lower cost per output
• Increased output: More work with same resources
• Quality improvement: Fewer errors, better consistency

Strategic Benefits

Harder to measure, often more valuable:

• Better decisions: Right information at right time
• New capabilities: Doing what wasn't possible before
• Risk reduction: Early warnings, error catching
• Revenue growth: New streams or enhanced offerings

Practical Guidance

Start simple: Pick one or two use cases with clear baselines. Measure before and after. Learn what works before scaling.

Include all costs: Tools, training, integration time, ongoing maintenance. Many ROI calculations fail by underestimating total cost of ownership.

Be patient: Most AI value comes from compounding gains over time, not overnight transformation.

Track strategic value: Don't just measure hours saved. Document the decisions improved, capabilities gained, and risks avoided.

NEW — MARCH 2026

Workforce Planning: Automation vs New Task Creation

MIT research introduces a critical filter for workforce planning: are we automating existing tasks, or creating entirely new ones? Most AI strategy focuses on automation (doing existing work faster). But the transformative value often comes from new tasks that weren't possible before — roles, capabilities, and workflows that only exist because AI enables them.

Task Automation

Doing existing work faster or cheaper. Easier to measure, familiar territory.

New Task Creation

Work that didn't exist before AI. Harder to forecast, often more valuable.

Use this as a planning filter: for each AI initiative, ask whether you're automating or creating. Both matter, but the balance shapes your workforce strategy.

NEW — MARCH 2026

AI Economics: The Subsidised Era Is Ending

Inference costs are becoming a strategic planning input, not just a technical detail.

Token Budget Planning

AI usage has real, variable costs. Organisations need to budget for tokens the way they budget for cloud compute – with visibility, limits, and cost-per-outcome tracking.

Cost-Per-Outcome Frameworks

Not “how much per token” but “how much per code review, per report, per analysis.” The $15-25/PR backlash against Anthropic's code review pricing (March 2026) previews the conversations every organisation will have.

Multi-Model as Economics

Using the right model for each task isn't just technical preference – it's economic imperative. Model right-sizing will become a standard practice.

Strategic implication: AI usage costs scale with usage – more like cloud compute than software licences. Budget accordingly.

Late May 2026: The Subsidy Era Ends Across the Industry

Inside a single window in May 2026, every major provider moved usage-based pricing from optional to default. Anthropic shifted enterprise customers from the $200 flat plan to $20/seat plus token billing, and added a harness-boundary rule so Claude usage outside Anthropic-owned harnesses is billed per token. GitHub Copilot moved to usage-based pricing. OpenAI launched Guaranteed Capacity, a 1-3 year cloud-style commit deal for enterprises. Google Ultra dropped from $250 to $200 a month but added “compute-based usage limits that factor in the complexity of your prompt, the features you use, and the length of your chat,” with Anti Gravity and Flow moving to usage-limit models.

The scale of the subsidy is now visible. GitHub Copilot estimator screenshots circulating in late May showed sharp increases for some workloads against the previous flat-fee equivalent. These are not edge cases. They are what most knowledge-work AI usage actually costs to serve once compute is priced honestly.

“If you’re running a consulting business and you’re deploying Anthropic or OpenAI directly into your organisation — I’m looking at you, PwC and Accenture — you’re letting the fox into the henhouse. OpenAI and Anthropic are openly funding and starting competitors to you, while also using your usage to drive more success for them. Consulting businesses that understand this are adopting a control plane that allows them to arbitrate where tokens go and who generates tokens for them. Controlling the tokens is controlling the spice.”

— Chamath Palihapitiya, late May 2026

The argument is that multi-tool routing is not preference. It is architecture: the layer that decides which model gets which work, runs the cost and capability trade-offs, and prevents single-provider lock-in as commercial dynamics tighten. OpenAI’s Guaranteed Capacity is the same story from the other side — enterprises now think about token supply the way they think about cloud commit deals.

Practical implication for solo and small-business operators: the “free-tier behaviour” baseline you used through 2024-25 is the wrong planning input. Expect commit deals, rationing, and tiered access to keep tightening. The right move is a multi-tool stack that can route work to the cost-efficient middle (Composer 2.5, GPT-5.5 medium, Haiku, Gemini Flash where it works) and reserve top-tier models for high-stakes work.

Supply vs Demand: Why Prices Stay High

A useful calibration for solo operators concerned about the token scarcity narrative: global inference capacity (the supply of tokens) is estimated to be more than tripling each year. Global demand for tokens is growing by roughly 10x per year. A 3x supply expansion against a 10x demand expansion means providers can sell every token they produce, and prices stay high. This is not the picture of a collapsing market or a bubble; it is the picture of a market where genuine demand outstrips supply. Plan accordingly.

Practical implication: the cost pressure you feel is structural, not a temporary blip. Multi-tool routing and deliberate task-to-model matching are not enthusiast preferences; they are the rational economic response to a supply-constrained market.

May 2026 Update: Tokens Are Learning Spend Too

The token conversation has moved beyond budgeting. In the agent era, teams need to spend tokens to discover what agents can do, where workflows break, and what new work becomes possible. The governance question is not simply “how do we minimise usage?” It is “what are we learning per token spent?”

For small teams, the practical move is to set a monthly experiment budget and require a short learning note when a high-token workflow becomes reusable.

Cost per outcome

Track the cost of a useful report, review, analysis, workflow, or automation.

Learning per token

Capture experiments, failed attempts, reusable prompts, skills, rubrics, and changed workflows.

Goodhart guardrails

Do not reward raw consumption alone. Ask heavy users what they built, changed, and learned.

Late May 2026: Fast Mode and the Speed/Cost Trade-off

NEW — MAY 2026

The Opus 4.8 release (28 May 2026) made the speed/cost trade-off explicit: Fast Mode runs at 2.5x the speed of standard mode at double the price (£10/£50 per million tokens input/output, compared with the standard £5/£25). That is a deliberate design choice. You can buy speed, but it costs twice as many tokens to do it.

The routing decision this creates: Fast Mode is appropriate for latency-sensitive tasks where the result is reviewed by a person. For background or batch work where speed is irrelevant, standard mode is the better economic choice.

One practical note: Opus 4.6 Fast Mode is deprecated from 29 June 2026. Any workflow using /fast will default to Opus 4.8 Fast Mode from that date. If you have cost thresholds set on fast-mode usage, check them before the end of June.

Signal watch: the +50% increase to weekly usage limits for Pro, Max, Team, and Enterprise plans (through 13 July 2026) is a temporary expansion during a high-demand period, not a permanent baseline. Limits are real and managed. Plan usage habits around the permanent level, not the temporary window.

Agent Debt: A New Maintenance Problem

NEW — MAY 2026

A concept surfacing from practitioners in late May: “agent debt” — the AI-era equivalent of technical debt. Hacking together an agent workflow during the experimentation phase and never cleaning it up produces conflicting system prompts, polluted memory, and overlapping tools that generate inconsistent results and burn tokens unnecessarily. The shift from the subsidy era to honest token pricing makes this visible: workflows that were manageable at subsidised prices become clearly wasteful at real prices.

Practical response: if you built agent workflows during the early-2026 experimentation rush, audit them against what they actually cost and what they reliably produce. Clean system prompts, remove tool overlaps, and update memory files that have gone stale. One hour of maintenance is worth weeks of compounding inconsistency.

EMERGING

Emerging Governance Challenges

2026 has surfaced governance challenges that most frameworks don't yet address.

Capability Diffusion Is the Bottleneck

NEW: MAY 2026

OpenAI, Anthropic, and Google are all building or expanding forward-deployed engineering and consulting capacity. That is a strategic signal: the models are powerful enough, but organisations cannot absorb the capability without help redesigning workflows, data access, governance, and operating rhythm.

Concrete proof landed in late May 2026: Anthropic announced joint centres of excellence with Accenture, Deloitte, and PwC, and committed to training and certifying 30,000 PwC professionals on Claude. Even AGI-believing labs now treat diffusion work as essential. As one observer put it: “Anthropic knows they are weeks away from AGI, which is why they are working with Accenture, Deloitte, PwC…”

Governance response: Treat deployment support as part of the AI stack. A small business does not need a forward-deployed engineer, but it does need the same function: one accountable person who translates tools into workflows, documents what works, and keeps verification loops alive. Solo operators are already doing what the labs are paying the Big Four to teach.

AI-as-Layoff-Alibi Discipline

NEW: MAY 2026

Companies will increasingly cite AI when announcing layoffs. Sometimes that will be true. Sometimes AI will be a convenient cover for overhiring, market contraction, margin pressure, or management restructuring. Coinbase and Cloudflare made this narrative discipline visible: the public explanation is not always the whole operational story.

Governance response: Ask for business context before accepting AI displacement claims. Compare usage evidence, revenue pressure, hiring history, operating model changes, and role-level workflow redesign. AI impact is real, but lazy attribution produces bad strategy.

AI Is Officially Political

Vendor selection is now policy risk. Government contracts have been revoked overnight based on CEO statements (the Dario Amodei memo incident, March 2026). Blue Rose Research data shows AI ranked 29th of 39 tracked issues but rising faster than any other. 72% of voters fear wage depression, 77% fear industry elimination. Even Trump voters choose “protect jobs” over “keep innovating” by 2:1. The Pentagon vs Anthropic dispute is now in federal court — Judge Rita Lynn called Pentagon conduct “troubling.”

Governance response: Vendor neutrality as a principle. Multi-vendor capability as risk management. Political risk is now a vendor selection criterion, not just a policy footnote.

White House AI Legislative Framework

NEW — MARCH 2026

The White House released a 6-point AI legislative framework. Key positions: no new regulatory body (sector-specific approach using existing agencies), strong state preemption push (federal floor for AI rules), IP and copyright deferred to courts, and a workforce section that observers called “hand-wavy.” Dean Ball described it as “an opening move in a multidimensional public negotiation.” Meanwhile, states are acting independently — NY chatbot restrictions, CA AI bills, a 291-page federal bill from Blackburn. No resolution expected before midterms; 12-18 months of compliance uncertainty.

Governance response: Track state-level AI regulation where you operate. Federal preemption is aspirational, not enacted. Prepare for a patchwork compliance landscape through at least 2027.

Agent Compliance Precedent

The Amazon vs Perplexity dispute is setting legal precedent for how AI agents access third-party services. Key distinction: first-party agents vs third-party agents.

Governance response: Audit agent access patterns. Ensure agents operate within ToS boundaries.

Memory Portability

As AI agents accumulate context and memory about your organisation, that data becomes strategically significant. Data portability regulations may extend to AI memory and context.

Governance response: Vendor-agnostic context architecture. Own your knowledge layer.

Security Governance: Lessons from Recent Industry Breaches

NEW — MARCH 2026

Internal AI tool deployments at sophisticated organisations have been linked to security incidents exposing confidential client data. The root causes have not been exotic: basic API security, data classification, and access controls missing or under-specified before internal tools went live.

Governance response: AI security isn't optional or “phase 2.” Basic API security, data classification, and access controls must be in place before internal AI tools go live. If sophisticated firms can miss this, so can you.

The “Tilly Tax”: AI Displacement Compensation

NEW — MARCH 2026

Hollywood unions are negotiating a fee for studios that use AI-generated actors instead of human performers. Named after Tilly Norwood — an AI actress created by Particle 6 Productions — this is the first formal AI displacement compensation mechanism to move from concept to the negotiation table.

Governance response: Every sector will face this conversation. Whether it's called a “Tilly Tax,” an automation levy, or a transition fund — organisations using AI to replace roles need a position on workforce impact before unions or regulators define one for them.

UK AI Copyright Task Force

NEW — MARCH 2026

The UK government has established a task force on AI-generated content, working on labelling best practices and transparency standards. An interim report is expected by autumn 2026. This sits alongside existing debates on training data rights and IP ownership.

Governance response: UK organisations should track this actively. Labelling and provenance requirements are likely to become compliance obligations. Build transparency into AI-generated content workflows now, rather than retrofitting later.

The Governance Enforcement Gap

In creative industries, writers are signing declarations that they haven't used AI — while privately using it extensively. The same pattern is emerging across professional services, journalism, and consulting. Policies exist, but enforcement is performative.

Governance response: Realistic governance beats theatrical governance. Policies that acknowledge AI use and set quality standards work better than blanket bans that everyone quietly ignores. The question isn't “did you use AI?” — it's “is the output good enough?”

Agentic Judgment as Governance Signal

NEW — MAY 2026

Opus 4.8 (28 May 2026) is reported to be 4x less likely than its predecessor to let a significant flaw pass without flagging it, and more likely to push back on plans it judges to be unsound. This has direct governance relevance: the agent is taking on more of the verification role.

The governance implication is not that human review becomes optional. It is that the agent is a more active participant in catching errors, which changes how review workflows should be designed. A model that challenges a plan mid-task is surfacing a decision point, not a failure. Build review checkpoints that can receive a challenge and route it to a human, rather than treating all agent output as finished work.

Governance response: Treat agent pushback as signal, not obstruction. Update review loops to capture flagged issues, not just final outputs.

Dynamic Workflows and the Human-on-the-Loop Pattern

NEW — MAY 2026

Two features in research preview as of late May 2026 signal the next shift in how agentic work is structured. Dynamic Workflows lets Claude coordinate a fleet of parallel subagents within a single session, useful for large tasks like multi-document analysis, codebase-wide checks, or phased research (Max, Team, and Enterprise plans currently). Agent View adds background dispatch: you kick off an agent, it works while you focus elsewhere, and you return only when it flags a decision.

For solo operators, this is a meaningful shift in work pattern. The human role moves from step-by-step prompting to staging the task, setting the success condition, and monitoring progress rather than driving it. That is a governance question as much as a workflow question: who defines what “done” looks like, and who reviews it when the fleet returns?

Governance response: Before delegating to background agents, define the completion condition, the review criteria, and the escalation path. The /goal pattern (available now on any Opus 4.8 plan) is a good place to build this habit before Dynamic Workflows becomes broadly available.

Token Tax: Emerging Policy Debate

WATCH — MAY 2026

In a single week in late May 2026, the concept of a tax on AI token usage moved from fringe to mainstream policy discourse. Elizabeth Warren published an op-ed in Time calling for AI taxation. A Michigan Senate candidate included a token tax in her platform. Mark Cuban proposed 50 cents per million tokens at the provider level. DuckDuckGo’s CEO called for a 10% surcharge matched to employer payroll contributions. Anthropic’s own CEO floated 3% of revenue going to government redistribution.

The first-principles argument is coherent: when AI agents perform work that humans previously performed, the existing tax framework creates a fiscal preference for automation (human labour carries a 35% average tax burden; AI inference carries none). Some form of fiscal parity mechanism will be debated seriously over the next 2-3 years. The token mechanism specifically has strong technical objections (tokenizer endogeneity, 200x annual price declines, geographic routing). Consumption-based approaches at the point of final use are likely to be more technically defensible.

Governance response: no action required now. Signal-watch: any token-cost mechanism would most likely reach small operators through higher provider prices, not direct filing obligations. For those with a stake in AI adoption remaining affordable, the conversation is worth following and engaging with constructively.

How We Help, and Who We Route To

AI governance is a senior, specialist discipline. Pandion works alongside it, not in place of it. Where ongoing compliance leadership, certification, or independent assurance is required, we recommend specialist partners.

Our own focus is making AI governance decisions actionable: turning frameworks into the working method, the context systems, and the team fluency that hold up in day-to-day use.

Recommended specialist disciplines

The partners we look for. Named referral partners are added as relationships are established.

AI governance partner

Senior specialist on AI risk frameworks, the EU AI Act, ISO 42001, model risk management, and AI assurance.