Protocols for Business

The AI Capability Maturity Model

AI adoption and enablement is a protocol problem.
Executive Summary
  • Finding 88% of organizations use AI in at least one function; only 39% report any earnings impact, and only ~6% qualify as high performers.1 Existing AI maturity models measure adoption rates, tooling coverage, and responsible-AI dimension scores — none measures whether an organization has designed the coordination layer between AI outputs and human judgment.
  • Unit This model defines maturity as the precision of the governing protocol: how precisely specified is the handoff between AI output and organizational accountability?
  • Levels Five levels: Shadow (no protocol), Sanctioned (access governed), Designed (workflows governed), Infrastructural (sector-governed), Planetary (civilization-scale). Each level has a governing protocol, a blind spot, and a predictable failure mode derived from what that protocol cannot see.
  • Trade Protocols trade one class of problem for another. Each level transition is a deliberate trade: accepting a new, more governable problem in place of the previous, less governable one.
Section 1

The problem with how organizations measure AI maturity

Existing AI maturity models measure the wrong thing. The Microsoft Responsible AI Maturity Model2 evaluates 24 dimensions of responsible AI practice — governance culture, tooling, cross-disciplinary expertise. Accenture's Art of AI Maturity3 classifies firms as Experimenters, Innovators, or Achievers based on performance outcomes. BCG's AI Maturity Matrix4 places economies on a national readiness grid. These instruments are valuable. None measures whether an organization has designed the coordination layer that makes AI output reliable in production.

The Microsoft model is the most analytically rigorous of the three. It explicitly warns that "a level 5 in tooling does not have the same impact as level 5 in culture and leadership. Therefore, a particular high level is not meaningful when abstracted away from the context of its dimension and interdependency with other dimensions."5 This is accurate — and it identifies the model's own limitation. Dimensional scores cannot be aggregated into a governance diagnosis because the dimensions are not independent. The model has no mechanism for identifying which dimension, in which function, at which moment, is the binding constraint on the organization's ability to govern AI output in production. That identification requires a different unit of analysis.

The Accenture Experimenter/Achiever split captures a real performance gap: 12% of firms are Achievers; 63% are Experimenters; Achievers are 3.5 times more likely to see AI-influenced revenue exceed 30% of total revenue.6 This is a performance outcome measure, not a governance design diagnosis. It reports where firms are; it does not explain why the majority are stuck, which function is the binding constraint, or what design change would move them forward.

BCG operates at the national level — useful for policy, not diagnostic at the organizational level where deployment decisions are made.

This is why organizations can score well on existing frameworks while the failure modes those frameworks were designed to prevent keep happening. By mid-2025, attorneys had been sanctioned in 550 publicly reported cases involving AI-hallucinated citations, with 712 judicial decisions worldwide and an $86,000 single fine, the largest on record.7 Most law firms had AI governance boards, usage policies, and approved tool lists by 2024. Those are Level 2 interventions: access and usage governed. The sanctions are a Level 1 failure: no verification protocol between AI output and professional accountability. A firm can have a detailed AI policy and still have no protocol governing what happens when the AI is wrong.

The original CMM,8 developed at Carnegie Mellon's Software Engineering Institute in 1986, measured software process repeatability — the ability to produce the same outcome reliably from a defined process. Level 1 (Initial) was characterized by individual heroics: success depended on who worked on the project, not on the process. Level 5 (Optimizing) was characterized by continuous process improvement grounded in quantitative feedback. That was the right unit for deterministic software. Repeatability is achievable for deterministic systems; it is not achievable for probabilistic AI. You cannot make a large language model produce the same output every time from the same input. The governance question shifts from "how do we get the same output reliably?" to "how do we govern the range of outputs we will get?" That requires a different measurement unit: the precision of the coordination protocol between AI output and human judgment.

McKinsey's 2025 State of AI survey confirms the gap.9 88% of organizations use AI in at least one function. Only 39% report any EBIT impact. Only ~6% qualify as high performers. The differentiators are protocol design decisions, not tools: high performers are 2.8 times more likely to have redesigned workflows around AI, 65% have human-in-the-loop validation versus 23% of others, and senior leadership owns AI governance at 48% of high performers versus 16% of others. McKinsey's own conclusion: "Meaningful enterprise-wide bottom-line impact from the use of AI continues to be rare."

Recent research on AI adoption at work identifies a consistent symptom: AI intensifies individual work — expanding task scope, increasing multitasking, extending beyond normal hours. This intensification is the observable signal of a governance gap, not a tool problem. Individuals are discovering new coordination patterns faster than organizations can standardize them. The experience of overload is what a missing protocol layer feels like from inside.

The conventional response to this gap is a control problem: how do we manage what employees do with AI? Acceptable use policies, data boundaries, approved tool lists. That framing addresses the wrong question entirely. It asks how to prevent misuse rather than how to specify the coordination rules that make AI output reliable in production. The right framing is protocol design: specifying the rules governing coordination behavior between agents (human and artificial) at the handoff points where AI output enters organizational accountability.

The timing mismatch compounds the governance problem. Individuals with domain expertise are already discovering new protocols and working patterns through daily AI use — bilateral collaborations, shared context pipelines, bespoke workflow designs. Organizational standardization lags behind by design: the protocols worth formalizing are the ones that have already proved their value through individual experimentation. The model describes how organizations close that gap progressively across five levels.

Section 2

Why governing uncertainty is the right unit of AI maturity

AI governance is a different problem than software governance

AI systems are probabilistic and non-deterministic. The same input can produce different outputs; the failure distribution cannot be fully characterized in advance. This is a structural property of how large language models and generative AI systems work. Organizational governance must be designed around the assumption that some fraction, increasingly small, will be wrong, in ways that cannot be fully predicted.

This property distinguishes AI governance from every prior enterprise software governance problem. Deterministic software has bugs, but its failure modes are in principle enumerable. AI's are not — the distribution shifts with model version, input domain, context length, and deployment configuration. Risk management can estimate the rate. Enumeration is not the right tool for the job. The governing response to AI uncertainty is protocol design for what happens when an output is wrong — before the wrong output has been identified.

Protocol governance scales; policy and compliance do not

Policy, compliance, and protocol each address different coordination problems and fail differently.

A policy requires central enforcement. "No employee shall use AI for customer-facing communications without manager approval" is a policy. It specifies a prohibition or requirement but depends on central authority (the manager, the legal team, the IT department) to monitor and enforce it. Policy scales poorly: as AI use becomes pervasive and simultaneous across thousands of interactions, central enforcement becomes the bottleneck. Policy-based AI governance produces the Samsung pattern: a clear prohibition, no mechanism to detect violations, and discovery 400+ days after the fact.

Compliance is adherence to external requirements — regulatory standards, audit frameworks, contractual obligations. Compliance governance asks "are we meeting the standard?" It is backward-looking: the standard was defined before the deployment; the audit evaluates the deployment against it. Compliance frameworks cannot anticipate the specific failure modes of novel AI deployments; they can only codify what has been identified and standardized. The EU AI Act, NIST AI RMF, and ABA Formal Opinion 512 are compliance frameworks. They are necessary and not sufficient for governing AI in production.

A protocol specifies in advance how actors behave at a handoff point, without requiring shared goals or central enforcement. The pull request protocol in software development is an example: it specifies how code moves from a developer's branch to the shared codebase (branch → commit → review → approve/reject → merge), without requiring a manager to review every commit. The protocol governs the handoff; the engineers operate within it autonomously. Venkatesh Rao defines protocol as "a stratum of codified behavior that allows for the construction or emergence of complex coordinated behaviors at adjacent loci."10 Protocols scale because they do not require central authority at every handoff. Alfred North Whitehead observed that "civilization advances by extending the number of important operations which we can perform without thinking of them."11 Protocols are that mechanism: they convert governance from a discretionary act requiring oversight into an automatic one requiring only design.

AI governance requires this property. The AI system and the human reviewer do not share goals: the AI system is optimizing for output generation; the human reviewer is optimizing for output quality. No central authority can monitor every AI interaction at organizational scale — at 84% developer adoption with 11% of PRs opened by agents (Uber's March 2026 figures), the volume already exceeds any reviewer's span of attention. A protocol is the coordination mechanism that scales to those conditions.

Ontological drift: the mechanism of ungoverned AI production

The absence of a governing protocol creates a specific failure mechanism in AI-enabled organizations: ontological drift. In traditional software development, the cost of documentation and specification is high; the cost of changing a term's meaning midstream is low (you update the docs). The LLM era inverts this: "LLMs make documentation, specifications, diagrams, and written artifacts essentially free — but they make ontological drift extremely expensive. When agents, tools, and auto-generated artifacts depend on stable definitions, changing the meaning of a term or schema midstream breaks everything."12

The implication is structural. AI-enabled organizations must front-load precision. Definitions must be stable before deployment begins. The protocol layer — the specification of what a term means, what output format a handoff requires, what "verified" means for a given function — cannot be negotiated in production. Sachin Benny observes: "Organizations compensate by freezing definitions, front-loading clarity, and minimizing mid-cycle reinterpretation. This is a return to Waterfall — not because people suddenly prefer big plans but because the communication structure that Waterfall requires (stable meanings, fixed interfaces, slow-changing schemas) now incurs the lowest transaction costs."13 This is a rational response to the cost structure of probabilistic systems: you cannot fix the ontology in production, so you must fix it before production.

The governing protocol is the mechanism through which ontology is stabilized. Without it, organizations encounter ontological drift at scale — and that drift is the Level 2 failure mode.

From smooth space to striated space

Rao's framing from "Constructing the Evil Twin of AI" captures the maturity arc: "protocols turn smooth behavior spaces (such as open, unbuilt terrain) into striated behavior spaces (such as a system of roads)."14 Without governing protocols, AI operates in smooth space — producing any output, accessing any data, making any claim. Smooth space has no defined lanes, which means it has no meaningful metrics.

Protocol design converts smooth space into striated space: defined lanes, handoff points, escalation triggers, feedback loops. Maturity is the progressive striation of AI behavior across an organization's functions. Each maturity level represents a specific degree of striation — and the failure mode at each level is what happens at the boundary of the striated zone, where the organization's governing protocols end and smooth space begins.

Protocols trade problems; they do not eliminate them

Protocols do not eliminate problems. They trade one class of problem for another. The "Table: Learning to See Business Protocols" documents this pattern across physical and institutional contexts: every protocol that solves the coordination problem of one system creates the coordination problem of the next.15 The ISO shipping container solved the coordination problem of incompatible cargo handling — and created the coordination problem of containerized port congestion, global supply chain fragility, and a shared attack surface that NotPetya found useful in 2017. The protocol was the right trade. But the trade is real, and the new problem is predictable in structure even if not in timing.

The same pattern drives each level of this model. Level 2 (Sanctioned access) solves the problem of invisible AI use — and creates the problem of unverified AI output at scale. Level 3 (Designed workflows) solves the output quality problem — and creates the problem of temporal divergence between AI-accelerated functions and the human review infrastructure around them. Level 4 (Infrastructural) solves the intra-organizational bottleneck — and creates the problem of sector-level fragility when infrastructure fails. The model is a map of predictable trades, not a set of aspirational targets.

Five terms this model depends on

These terms carry specific meanings throughout this paper. Where they diverge from common usage, the divergence is intentional.

Protocol
A coordination mechanism that specifies in advance how actors behave at a handoff point, without requiring shared goals or central enforcement. Distinct from policy (requires central enforcement to function) and process (describes sequence, not coordination across actors with different goals).
Governance
The set of protocols through which an organization decides which AI outputs to accept, verify, or reject. Distinct from compliance (adherence to external standards) and oversight (monitoring after the fact, not designing the handoff).
Uncertainty
The irreducible non-determinism of AI outputs — same input, different output, failure distribution not fully characterizable in advance. Distinct from risk (calculable probability) and error (implies a definable correct answer). Governing uncertainty requires protocol design; governing risk requires probability management.
Maturity
The precision with which an organization's governing protocols specify the boundary between AI autonomy and human judgment. A property of coordination design, not of tools, adoption rate, or compliance coverage.
Bottleneck
The function where the gap between AI exposure and protocol precision is largest and highest-stakes. The bottleneck constrains the organization's effective governance level regardless of how mature other functions are. Identifying the bottleneck is the primary diagnostic task.
Section 3

The five levels

Organizations do not occupy a single level uniformly. A Shopify engineering team may operate at Level 3 for code generation while its HR function has no verification protocol for AI-assisted candidate screening. For planning purposes, track departmental profiles separately. For risk assessment, the effective maturity level is the bottleneck: the highest-stakes, highest-AI-exposure function where protocol precision is lowest.

The "Finding Fault Lines within the Firm" memo observes: "In geology, fault lines are not identified by close surface inspection. They are discovered when accumulated stress forces the underlying structure to express itself. Our discussions highlighted how protocols behave similarly. Persistent problems and persistent [performance gaps] point less to local error or exceptional talent than to the protocols through which pressure concentrates and trade-offs are stabilized."16 The bottleneck function is the fault line. It is not always visible until a liability event or a competitor's advantage reveals it.

Each level is described around four elements: the governing protocol that exists at that level, the blind spot that protocol creates, the failure mode that follows from the blind spot, and the transition requirement — the specific design change needed to move forward.

1
Shadow
AI is being used. No protocol governs the outputs.
Governing Protocol

None. AI tools are used through personal accounts, outside IT visibility, without organizational awareness. No coordination mechanism specifies what data can be used as input, what outputs require review, or who is accountable for outputs used in consequential decisions.

Blind Spot

The organization cannot see what AI is doing with its data, what outputs are entering decisions, or where liability is accumulating. The exposure is invisible not because it is small but because no instrument is positioned to measure it.

Failure Mode

Unaccountable AI access. AI systems operate with organizational data and produce outputs used in organizational decisions with no protocol specifying accountability for either. When the failure surfaces — a data leak, a sanctioned professional, a customer misled by a chatbot — the organization has no protocol to invoke and no record to audit. The absence of any handoff structure between the tool's output and organizational accountability is the failure; the tool itself is not.

Level 1 is universal. Reco.ai (2025) reports 71% of enterprise employees use unauthorized AI tools; the average discovery lag exceeds 400 days.17 Cyberhaven found that 73.8% of employee ChatGPT use occurs on personal accounts, with corporate data input to AI growing 485% year-over-year in Q1 2024.18 Gartner (2025) reports 69% of organizations have confirmed or suspected prohibited GenAI use. IBM Security documents that 97% of organizations experiencing AI-related security incidents lacked proper AI access controls.19 These are baselines, not outliers.

Samsung. In April 2023, three semiconductor engineers independently submitted proprietary materials to personal ChatGPT accounts within one month: source code from a semiconductor database maintenance tool; source code for identifying defective equipment; and a full internal meeting transcript.20 No protocol governed the boundary between personal AI tools and confidential IP. The engineers were solving real problems with available tools — the behavior was predictable, not deviant. Samsung's response — banning all GenAI tools enterprise-wide, then building an internal alternative (Samsung Gauss) — is the expensive, slow exit from Level 1: reactive, visible only after the exposure, carrying permanent IP loss. The Cyberhaven data establishes that Samsung was representative: 3.1% of enterprise ChatGPT users submit confidential company data on any given day.

Healthcare. Shadow AI in healthcare is not an incident pattern — it is the sector baseline. 86% of healthcare organizations had shadow AI incidents by 2025 (symplr survey); 17% of clinical workers admit using unauthorized AI for clinical tasks.21 The Office for Civil Rights clarified in 2024 that sending protected health information to any AI service without a signed Business Associate Agreement is a reportable HIPAA breach, regardless of employee intent. This clarification is the forcing mechanism for the Level 1-to-2 transition in healthcare: it makes the existing contractual instrument (the BAA) the governance layer for AI vendor relationships, converting invisible exposure into a defined compliance obligation. The BAA was designed for data processing vendors; its extension to AI services is an example of an existing protocol adapted rather than a new one invented.

Legal professions. Attorneys used personal AI accounts for case law research and brief drafting without firm authorization or verification protocols. ABA Formal Opinion 512 (July 2024) now requires lawyers to maintain "reasonable understanding" of AI capabilities and verify all AI-generated output before submission.22 Courts have escalated: 550+ publicly reported hallucination cases; 712 judicial decisions worldwide; an $86,000 fine in ByoPlanet v. Johansson. The legal profession's pattern repeats across jurisdictions and practice areas. This is the output of a professional sector that reached Level 2 intent (AI use is recognized as legitimate) without Level 2 execution (a verification protocol between AI output and professional accountability).

Shadow adoption is universal. Every organization with employees has it. The Level 1-to-2 transition does not eliminate shadow use — it makes the problem visible by granting sanctioned access under defined conditions.

Historical parallel

Late 1990s: Employees used personal Hotmail and Yahoo accounts for business communication before corporate email was ubiquitous. Shadow email created IP, legal, and compliance exposure that resolved through IT-provisioned corporate email with governance. Shadow AI is structurally identical. The resolution is likely the same type of transition at a higher scale and pace.

Transition Requirement → Level 2

Issue a formal AI access policy. Grant sanctioned access to approved tools under defined conditions. This converts invisible exposure into visible adoption — a prerequisite for governance, not governance itself.

2
Sanctioned
AI access has been granted. The outputs have not been governed.
Governing Protocol

Access scope. The organization has issued an AI access policy — approved tools, usage guidelines, in some cases a mandate. The protocol governs who can use which AI tools under what conditions. It does not govern what AI produces or how outputs are verified before consequential use.

Blind Spot

The organization can see that AI is being used. It cannot see whether what AI produces is reliable enough for the purposes it is being put to. The governing protocol has no visibility into the handoff between AI output and decision. That handoff is ungoverned.

Failure Mode

Access-without-output-governance. The protocol solves the adoption problem and does not design the coordination mechanism between output and judgment. As AI becomes more pervasive — outputs entering customer communications, financial models, clinical notes, contracts, and legal submissions — the quality of those outputs is determined by individual judgment rather than by protocol. When that judgment fails, the organization is accountable for an output it has no mechanism to review systematically, verify reliably, or audit after the fact.

The cognitive burden of Level 2 is not only organizational — it is individual. In a pre-AI workflow, collaboration meant passing discrete artifacts: documents, specifications, pull requests. The artifact defined the scope of the contribution and contained the interaction. When someone shares AI-generated work, they are not sharing an artifact. They are sharing a context: a whole decision space, a set of assumptions baked into the output, an implicit workflow. The person receiving it must engage with that entire context, not just review a document. The artifact boundary that previously contained the scope of interaction has dissolved. Governing Level 2 output means governing this expanded context — not just checking whether the document is correct, but whether the assumptions embedded in it are sound.

This is the structural pressure that forces the Level 2-to-3 transition. Access governance cannot resolve it — you cannot write a policy that specifies how to evaluate an embedded decision space. Only workflow-level protocols can: by defining in advance what a complete, acceptable handoff looks like and what the receiving party must verify before accepting it.

Klarna. Klarna's AI deployment between 2023 and 2025 is the clearest longitudinal record of Level 2 failure at enterprise scale.23 By May 2024, 90% of Klarna employees were using AI tools daily — the highest publicly reported enterprise adoption rate. The company claimed that its AI customer service agent, deployed to the equivalent of 700 agents, produced a $40M profit improvement in its first year. These numbers were real. What followed was also real: CEO Sebastian Siemiatkowski publicly reversed the AI-only customer service position, citing outputs that were "generic, repetitive, insufficiently nuanced." Klarna began rehiring human customer service staff in 2025. The tool worked; the output governance protocol was absent. The access mandate created the adoption; the absent quality protocol created the ceiling.

The Klarna case is frequently misread as evidence that AI customer service does not work. It is evidence that sanctioned access without output governance produces a predictable failure arc: high initial adoption metrics, quality degradation invisible in those metrics, and a reversal that comes as a surprise because no protocol was generating leading indicators of the quality problem.

Duolingo. Duolingo replaced native-speaker language content contractors with AI in 2024.24 Those contractors were also the quality-assurance protocol — they caught cultural nuance gaps that automated volume metrics do not surface. Removing them without replacing the protocol created a quality deficit invisible in content production volume. User backlash drove daily active user growth to "the lower end of projections" in Q2 2025 earnings. The governance failure was the organizational failure to recognize that the contractors were doing protocol work, not just production work. When a quality-assurance protocol is removed to cut costs, the quality cost is deferred until users notice.

Air Canada. Air Canada's customer-service chatbot asserted a bereavement fare refund policy that did not exist.25 Air Canada argued before the BC Civil Resolution Tribunal that the chatbot was a "separate legal entity" bearing no relationship to the airline's obligations. The Tribunal rejected this: "It is unclear why Air Canada believes that it is not responsible for the information provided by its agent. Air Canada cannot absolve itself of responsibility by submitting that the information was provided by a separate computer program."26 Damages: $812.02. Legal precedent: organizations are liable for all outputs their AI systems produce on company-operated channels. The chatbot's incorrect output is a risk management problem; the governance failure was the absent escalation protocol — no path from uncertain chatbot output to human review before the commitment was made, and no mechanism for the chatbot to signal its own uncertainty.

Shopify. Shopify illustrates Level 2 at its most productive, and also its ceiling. CEO Tobias Lütke's April 2025 memo made AI use non-optional: "Frankly, I don't think it's feasible to opt out of learning the skill of applying AI."27 Teams must demonstrate AI cannot do a task before requesting headcount. Revenue grew 30% year-over-year for full year 2025; operating expenses fell from 45% to 35% of revenue. The mandate is producing real efficiency gains. The governance gap persists: no published standard for what AI proficiency requires in non-technical roles, no systematic verification protocol for customer-facing content generated by AI, no documented escalation path for AI outputs that cannot be verified by the employee producing them.

The Level 2-to-3 transition requires redesigning the governing protocol from access-scope to output-scope. In practice, this design work cannot be done from a central governance function alone — it requires someone who understands both the AI system's capabilities and the specific workflow it is entering. Evan Armstrong identified the Forward Deployed Engineer (FDE) as the emerging role that enables this transition: "The largest reason that the FDE has happened today is because AI will end up being a bigger and more important platform shift than the cloud was. The biggest changes are not even technological, they are operational."28

The FDE embeds in the business function and designs the workflow protocol from inside: identifying where AI output requires verification, what verification looks like for that specific task, and what feedback loops should govern the protocol's refinement. Mark Scianna describes the core method: "Build the gravel road: Discover and construct the minimum viable path to the outcome that moves the needle/solves the user's pain point. Fast, a bit ugly, but true — and this will expose patterns (reusable primitives, inputs/outputs, workflows, feature sets, knobs) you may later pave into the platform."29 The gravel road is the first output-scope governing protocol for a function — provisional and function-specific, designed to generate feedback about what the right protocol should become. OpenAI now deploys FDEs exclusively to customers spending $10M+ per year, at $200–300K salary, with an effective floor of $1M+ contract value.30 This is the market price for doing the Level 2-to-3 design reactively through professional services rather than building the organizational capability directly.

The question is why this protocol design cannot be done centrally. The answer is that the conditions under which Level 3 protocols emerge are the same conditions Weick identified in crisis improvisation: you cannot design an escape fire from headquarters.

On August 5, 1949, sixteen smokejumpers parachuted into Mann Gulch, Montana, to fight what they believed was a routine fire. Within minutes, the fire exploded and cut off their escape route. Foreman Wag Dodge did something no one had ever done: he stopped running, lit a fire in the grass ahead of him, and lay down in the ashes as the main fire swept over him. Thirteen of his crew, who rejected his shouted orders and kept running uphill, did not survive. Their failure was not physical — they were young, fit, fast. It was a failure of sensemaking: Dodge's commands were so alien to anything in their experience that they could not process them as rational.

Karl Weick, analyzing the disaster in his 1993 paper, identifies Dodge as a bricoleur — someone who creates order out of whatever materials happen to be at hand, through intimate, embodied familiarity with their environment. Weick's point is that improvisation under crisis is what bricoleurs do every day, at higher intensity. They remain creative under pressure because working with chaotic conditions is their normal mode of operation.

Domain experts building nascent AI protocols for themselves and their collaborators are the Enterprise's bricoleurs. They give organizations the grounded, tested protocols worth formalizing — not because they were assigned to design governance, but because they were embedded in the domain deeply enough to know what good looks like and improvise toward it.

Historical parallel

Early 2000s: Organizations provisioned corporate email without retention or e-discovery protocols. The forcing function was litigation: Zubulake v. UBS Warburg (2003) established that organizations were liable for email they could not produce in discovery. The AI liability cases — Air Canada, legal hallucination sanctions — are playing the same structural role.

Transition Requirement → Level 3

Redesign the governing protocol from access-scope to output-scope. For the bottleneck function: define which AI outputs require human verification before use, by whom, by what method, and what happens when verification fails. Build the gravel road — specific to one function, provisional, and designed to generate feedback about what the protocol should become.

3
Designed
AI is embedded in specific workflows with defined verification protocols.
Governing Protocol

Workflow scope. The organization has designed specific workflows where AI operates within defined protocols: input preparation standards, output verification checkpoints, escalation triggers, and feedback loops. AI is embedded in how particular work is done, not merely authorized as a tool. The protocol specifies the boundary between AI autonomy and human judgment within those workflows.

Blind Spot

Workflow-level protocols govern internal operations. They cannot coordinate across functions, with external partners, or with regulators operating at different speeds. The organization's AI-accelerated clock runs faster than its coordination environment.

Failure Mode

Temporal divergence. AI accelerates some workflows while external dependencies — client review cycles, regulatory response, cross-functional handoffs, downstream quality checks — remain at human pace. The governing protocol is well-designed internally; it cannot govern the coordination points that cross the workflow boundary. Output volume grows faster than review capacity. Functions redesigned around AI operate at a different tempo than those that have not been. The organization's AI efficiency creates misalignment with the rest of its operating environment.

At the individual level, temporal divergence manifests as orientation debt: the gap between the pace at which AI produces usable work and the pace at which a person can verify that it is any good. Orientation debt is the felt experience of contexts multiplying faster than a reviewer can evaluate them. It is the Level 3 failure mode experienced from inside rather than measured from above.

In factory-to-factory pipelines, orientation debt is the load each party bears when evaluating the other factory's output: not laboriously checking every line, but reading the shape of what arrived and sensing whether it meets the requirements for the next stage.

Uber. Uber's engineering organization is the most thoroughly documented Level 3 case.31 By March 2026: 84% of developers are active agentic coding users; 65–72% of code is AI-generated inside IDE tools; 11% of PRs are opened by agents. Designed workflows exist for dead code cleanup, codebase migrations, and bug fixes, each with defined scope and review requirements. CTO Dario Khosrowshahi: "AI is enabling people to become superhumans in terms of their productivity and the impact that we can realize for our end users."32

The temporal divergence failure mode appeared as the model predicts. AI-generated PR volume outpaced code review capacity. The pipeline generated output faster than the review protocol could absorb it. Uber's response was protocol design: Code Inbox (smart assignment of AI-generated PRs based on code ownership, with explicit service-level obligations for review time) and U Review (AI-assisted code review that reduces human review burden). Code Inbox and U Review are protocol infrastructure for the new bottleneck — not tools for improving code quality, but handoff structures that govern the AI-to-human review boundary. The four-layer agentic platform architecture Uber has built — (1) internal AI platform built on Michelangelo, (2) internal Uber context (source code, docs, Slack, JIRA), (3) industry agents (Claude Code, Copilot, Codex, Cursor), (4) specialized agents (Minion, Autocover, U Review) — is a protocol architecture: each layer specifies the interface through which the next layer operates.33

Boom Supersonic. Boom Supersonic is a late Level 3 case in a domain where the stakes of protocol failure exceed code review queues.34 Boom's structural analysis software (mkBoom) runs automatically from parametric aircraft configurations — the design methodology depends on it. AI-enabled iteration is the design process. Removing it would require rebuilding the methodology from scratch.

Blake Scholl describes the effect through Jevons's Law applied to engineering: "the real magic isn't the time savings — it's sort of a Jevon's Law of engineering: when engineering iteration is quick and cheap, many more designs can be evaluated and a much better design can be discovered."35 Boomless Cruise — a key product capability — emerged through that iteration. It was not in the original design objectives; it was discovered because the iteration cycle was fast enough to find it.

The quantitative case is the Slacker Index: total lead time divided by actual working time. Scholl's turbine blade example: a turbine blade costing $1M per engine to produce has a six-month lead time, of which perhaps days are actual working time. The Slacker Index is enormous. A $2M 3D printer reduces lead time to 24 hours and enables daily iteration. "It doesn't just shave months off a schedule. It changes the physics of what's possible. Problems that would be existential with a year-long lead time become solvable with a 24-hour iteration cycle."36 Boom's AI-enabled design process has compressed aerospace engineering's Slacker Index in the same way. The competitive moat is the designed workflow that the tool makes possible, and the protocol governance that makes the workflow reliable enough to bet a safety-critical program on.

Boom is late Level 3, not Level 4, because the aerospace industry does not yet depend on Boom's design approach. Boom's business model depends on its AI-enabled protocols; the aerospace industry's production economics are not reorganized around AI iteration at Boom's pace. That distinction — organizational competitive reliance versus sector infrastructure — marks the Level 3/Level 4 boundary.

Benny's ontological drift thesis is most visible at Level 3. Organizations that have designed AI into workflows face a specific fragility: the protocol depends on stable definitions. "When agents, tools, and auto-generated artifacts depend on stable definitions, changing the meaning of a term or schema midstream breaks everything."37 At Level 3, workflow redesign — the work of the FDE and the platform team — must be completed before the workflow goes to production. Definitional changes in production are expensive because the AI-generated artifact trail depends on stable ontology. Organizations that design well at Level 3 treat mid-cycle redefinition as a protocol violation, not a normal iteration step.

The Waterfall inversion that ontological drift produces — Level 3 organizations front-loading clarity and freezing definitions to reduce coordination costs — is not a regression. It is the correct response to operating at the boundary of a striated zone: the protocol must be stable enough to govern the handoff before the handoff can scale.

Domain expertise is the binding constraint at Level 3. Domain expertise functions as higher-level perception: the ability to read the shape of what AI has produced without inspecting every line. A domain expert can evaluate whether the logic holds, whether the framing fits the problem, whether something critical is missing — not by checking each detail but by pattern-matching at a level of abstraction the AI cannot supply and a non-expert cannot apply. This is why domain expertise is the binding constraint at Level 3, not tool access or processing speed: it is the mechanism by which output volume can be governed without a proportional increase in review labor.

This is why factory-to-factory coordination — domain experts orchestrating bilateral AI pipelines — produces disproportionate value at Level 3. The factory metaphor is apt: each party provides domain expertise at their end of the handoff; AI provides execution on both sides. The intermediate artifacts that pass between them are not documents to be read but production states to be evaluated by someone who knows what the next stage requires.

This inverts the public narrative about AI value. The spectacle is autonomous agents producing outputs. The actual value accumulates in a quieter pattern:

The practical implication: in well-designed Level 3 workflows, neither the human nor the AI writes code or content in the traditional sense. The human provides domain knowledge, judgment, and output verification. The AI provides commodity technical execution. What was previously scarce — execution capacity — becomes abundant. What was previously ambient — domain knowledge — becomes the scarce resource that determines quality and governs risk.

Historical parallel

2005–2015: Git solved the problem of multiple developers editing the same codebase simultaneously. The pull request protocol converted individual development into coordinated production. AI-generated code volume recreates the same coordination problem at a higher rate; Code Inbox is Git-style coordination applied to the AI-human review boundary.

Transition Requirement → Level 4

Extend workflow-level protocols into cross-function and cross-boundary coordination. Build infrastructure for the bottlenecks the designed workflows create — output volume management, review SLOs, external coordination standards. The transition from Level 3 to Level 4 requires governing the coordination system those workflows generate, not refining individual workflow governance further.

4
Infrastructural
AI protocols are sector infrastructure. The governance problem has moved to the inter-organizational level.
Governing Protocol

Sector scope. AI protocols have become standard infrastructure within a sector — the coordination mechanisms are shared, standardized, and expected. Individual organizations no longer design their own AI handoff protocols from scratch; they implement and extend sector standards. The governance problem has shifted from internal workflow design to inter-organizational coordination and sector-level risk.

Blind Spot

The organization's AI governance is sound internally but depends on external infrastructure it does not control. The sector's shared AI protocols create dependencies whose failure produces consequences that no single organization's governance was designed to prevent.

Failure Mode

Infrastructure dependency without sector-level governance. When AI becomes sector infrastructure, a single organization's protocol maturity cannot guarantee its own outcomes. Financial clearing, healthcare referrals, and supply chain coordination all run through shared AI protocols when they become standard infrastructure. A failure in that shared protocol reaches entangled organizations, often regardless of internal governance controls.

Uber approaching Level 4. Uber's four-layer platform architecture is Level 4 infrastructure within Uber — proprietary sector infrastructure for the organization's AI-enabled engineering. AI costs have grown 6x since 2024; the organization has stopped relying on off-the-shelf tooling and designs the protocols through which AI operates at organizational scale.38 Full Level 4 would require this infrastructure to become a sector standard: the point at which a software engineering organization without equivalent AI governance operates at a structural productivity deficit relative to the sector floor. That point has not yet arrived; the trajectory from Uber's current state suggests it is within a three-to-five year horizon for enterprise software engineering.

Financial services as the near-term transition sector. AI-assisted trading, credit decisions, and fraud detection are approaching sector-standard capability in financial services. When a model failure produces correlated credit decisions across multiple institutions simultaneously, no single institution's internal AI governance protocol can contain the propagation. The governance question shifts from "what does our AI do?" to "what does the sector's shared AI infrastructure do, and who governs it?" The NIST AI RMF's four functions — Govern, Map, Measure, Manage — map directly to L3+ protocol design requirements, and OCC guidance is beginning to incorporate them for banking sector AI.39

The shift from destination intelligence to intelligence media marks the threshold at which factory-to-factory coordination becomes the dominant form of AI value creation. In destination intelligence, people go to AI tools to produce outputs. In intelligence media, intermediate artifacts circulate between people's bespoke AI setups the way industrial intermediates flow between factories — each factory taking inputs, transforming them, and passing outputs forward with specifications for the next stage. Venkatesh Rao calls this the F2F pattern ("factory-to-factory"). The handoff between factories is not a finished document; it is an intermediate production state, a set of revised requirements, a specification that the receiving factory must resolve before it can proceed. This coordination pattern requires protocols to govern it: scope declarations, output format specifications, and escalation triggers for when factory outputs do not meet the receiving factory's requirements.

The Level 3-to-4 transition requires a new class of coordination document: the agent handoff contract. Rao's "Have Your Factory Call My Factory" describes the structural problem these contracts must solve. Two AI-enabled factories coordinating on a shared project operate autonomously — each with its own agent stack, its own workflow protocols, its own ontology — but must coordinate at defined handoff points. "The handoff point between us is a shared Dropbox folder plus a 'manuscript transmittal' server she's set up for metadata."40 The shared folder and the transmittal document are the precursor form of what agent handoff contracts must formalize as AI coordination scales.

The components crystallizing in enterprise AI: (1) scope declaration — what the agent can and cannot do unilaterally, which decisions require human judgment, which data it can access without additional authorization; (2) output format specification — what a complete, acceptable handoff looks like, what metadata must accompany the output, what the receiving agent or human needs to process it; (3) escalation trigger — the specific conditions under which the agent must pause autonomous operation and request human judgment before proceeding. The escalation trigger is the hardest component to specify because it requires the organization to enumerate — in advance — the conditions under which AI judgment is insufficient. That enumeration is governance work requiring domain knowledge, risk modeling, and deliberate design.

Historical parallel

1970s–1990s: Electronic Data Interchange standardized how organizations exchanged business documents across company boundaries. Before EDI, each pair of trading partners negotiated its own data format for purchase orders, invoices, and shipping notices. EDI converted bespoke bilateral coordination into sector infrastructure that made just-in-time supply chains possible. Agent handoff contracts are the AI-era equivalent.

Transition Requirement → Level 5

Participate in sector-level protocol design, not only internal governance. Engage regulatory frameworks as protocol design inputs. Build governance that accounts for external AI dependencies the organization does not control, and engage in the standards processes that will define those dependencies.

5
Planetary
AI protocols are civilization infrastructure. No single organization is in charge.
Governing Protocol

Planetary scope. AI protocols are embedded in critical systems as deeply as TCP/IP, the electrical grid, or the ISO container standard. No single organization manages them; they are maintained through collective mechanisms — standards bodies, regulatory frameworks, market dynamics, international treaty. The protocols have become part of the operations that Alfred North Whitehead described: those we perform without thinking of them.

Blind Spot

Protocols that become invisible lose the organizational memory needed to govern them. The people who designed the protocol have moved on. The organizations that depend on it lack the literacy to recognize when it is failing. The governance mechanisms were designed for a smaller version of the infrastructure.

Failure Mode

Protocol invisibility without reflexive governance. Infrastructure so successful that the governance mechanisms designed around it lag the scale and stakes they govern. Failures can be hard to attribute, isolate, or fix — because the governance mechanisms often become as invisible as the infrastructure they govern. As Stinson-Schroff observes, systemic infrastructure typically fails through slow degradation rather than dramatic collapse: "mechanical currents" — incremental pressures that accumulate in complex systems until the structure expresses itself.41

The containerization analogue. The ISO shipping container, standardized in 1968, reorganized global trade within two decades.42 Port infrastructure was rebuilt; trucking and rail networks were redesigned; just-in-time supply chains became possible. By the 2000s, containerization was invisible — the default assumption of all global logistics planning. The Maersk ransomware attack of 2017 is the canonical Level 5 failure mode: containerization and internet protocols had converged into a single attack surface. NotPetya spread from Ukrainian accounting software through Maersk's global logistics network, halting operations at ports on six continents, causing $300M in losses in ten days. Two invisible infrastructures — physical container logistics and internet protocols — created a failure mode that neither protocol was individually designed to prevent. The governance gap was not in either protocol; it was in the absence of any governance mechanism for their intersection.

TCP/IP as the Level 5 template. TCP/IP became so successful it became the invisible default assumption of all digital coordination. The governance mechanisms — IETF, ICANN, the Border Gateway Protocol's routing trust model — were designed before the internet became critical infrastructure. They are now inadequate to the scale and stakes they govern. BGP hijacking attacks, DNS poisoning campaigns, and systematic routing manipulation now occur routinely as failures of governance mechanisms not designed for adversarial infrastructure at planetary scale. AI protocols are on the same trajectory, at a shorter time horizon, in an environment already adversarial.

Section 4

Emerging protocols: the transition infrastructure

A specific class of coordination mechanisms is emerging to govern enterprise AI use. These are protocols — they govern behavior at handoff points without requiring shared goals or central enforcement — and each maps to a specific level transition.

Protocol Level Transition What It Governs Sector
BAA extension to AI vendors L1 → L2 Contractual accountability for AI vendor data handling Healthcare
Output verification obligation (ABA Formal Opinion 512) L1 → L2 Mandatory human verification step before professional use Legal
Risk-tiered deployment classification (EU AI Act) L2 → L3 Pre-deployment classification with defined governance requirements per tier Cross-sector (EU)
PR/output SLOs and smart routing (Code Inbox pattern) L3 → L4 Volume and routing of AI-generated outputs through human review Software engineering
Agent handoff contracts L4 → L5 Scope, output format, escalation triggers between AI agent systems Emerging
L1 → L2 · Healthcare
Business Associate Agreements extended to AI vendors

The Business Associate Agreement is a contractual instrument already established in HIPAA compliance. It specifies what a vendor can and cannot do with protected health information: retention limits, audit rights, breach notification obligations, permitted uses. The HHS Office for Civil Rights' 2024 clarification extended this instrument to AI vendors: any AI service that processes PHI must have a signed BAA, or transmitting data to it constitutes a reportable breach. The contractual infrastructure already exists; the governance question reduces to whether the instrument is in place. The BAA converts the Level 1 problem (invisible data flows to AI vendors) into a Level 2 condition (vendor data handling is contractually governed). It does not solve output governance; it creates the legal foundation for the next protocol layer.

L1 → L2 · Legal
Output verification obligation (ABA Formal Opinion 512)

ABA Formal Opinion 512 (July 2024) requires lawyers to have "reasonable understanding" of AI capabilities and to verify all AI-generated output before submission. This is a protocol because it specifies the handoff structure (lawyer-reviews-AI-output) and makes that structure mandatory through professional licensing rather than firm policy. The enforcer is the bar association and the courts, not the firm's IT department. Courts have escalated sanctions because the verification step failed at the handoff point. The obligation attaches to the professional regardless of what the firm's AI access policy says. This is the structural property of a protocol: it governs the handoff without depending on the organization's own governance for enforcement.

L2 → L3 · Cross-sector (EU)
Risk-tiered deployment classification (EU AI Act)

The EU AI Act (Regulation 2024/1689) establishes mandatory pre-deployment classification of AI systems into risk tiers, with specific governance requirements for each tier.43 High-risk AI systems — hiring and HR management software, credit scoring systems, biometric identification, critical infrastructure, and systems affecting access to education — must have documented human oversight protocols, conformity assessments, and technical documentation before deployment. The classification is mandatory: an organization cannot deploy a high-risk system with access-only governance and claim compliance. The classification step precedes deployment and triggers specific governance obligations. For organizations with EU employees or customers in high-risk function categories, August 2026 is a mandatory Level 2-to-3 transition deadline. Fines for non-compliance reach €35M or 7% of global annual turnover.

L3 → L4 · Software Engineering
PR/output SLOs and smart routing (Code Inbox pattern)

The Code Inbox and U Review pattern Uber has built is the first well-documented instance of a Level 3-to-4 transition protocol in software engineering. As AI-generated PR volume grows, the human review queue becomes ungovernable through individual judgment alone. The protocol has three components: (1) intake classification — distinguishing AI-generated from human-authored commits and PRs, enabling routing decisions on that basis; (2) smart routing — ownership-based assignment of AI-generated work to reviewers with relevant context, without a human coordinator making each assignment; (3) service-level obligations — time-bounded review commitments that make review a governed process with measurable performance rather than a discretionary activity. Code Inbox governs the handoff structure through which PRs reach reviewers and establishes accountability for the review step. It does not review PRs. The protocol scales because it governs the handoff without requiring central oversight of each individual review.

L4 → L5 · Emerging
Agent handoff contracts

Agent handoff contracts are still in formation as a protocol pattern. The earliest instances are informal: Rao's shared Dropbox folder and transmittal document, Uber's Code Inbox intake classification, the structured output formats that AI coding tools have begun to standardize. The protocol is crystallizing around the three components described in Level 4: scope declaration, output format specification, and escalation trigger. The escalation trigger is the hardest component to specify because it requires enumerating — in advance — the conditions under which AI judgment is insufficient. Organizations that build this capability before agent coordination at scale becomes standard will be positioned to participate in the sector-level protocol design that Level 4 requires.

Each of these five protocols converts a previously discretionary human judgment into a designed coordination mechanism. ABA 512 converts "the lawyer decides whether to verify" into a mandatory protocol step. Code Inbox converts "engineers decide which PRs to review first" into a classified, routed, SLO-governed workflow. In each case, the protocol scales because coordination is built into the structure rather than delegated to a person.

Git is the reference point. Git did not improve code quality. It created the handoff structure — branch, commit, pull request, merge — that allowed code quality to be governed at scale across distributed teams with no central coordinator managing each integration. These emerging protocols are doing the same for AI: creating the handoff structures that allow AI output quality to be governed at scale. Organizations building to them now are building governance that will be sector-standard within years. Organizations that wait for full standardization will implement them under regulatory or liability pressure, at higher cost and lower control.

Section 5

Where organizations are now — and what the distribution predicts

Most organizations are at Level 1 or Level 2. The 2024–2026 survey data is consistent enough that the distribution can be described with reasonable confidence.

McKinsey (2025): 88% adoption, but 66% have not yet begun scaling AI across the enterprise.44 Only 39% report any EBIT impact; 22% say they are scaling agents anywhere; no more than 10% of any single function uses agents at scale. Menlo Ventures (2025): 63% of enterprise AI deployments are still prompt design, RAG, or fixed workflows — not true agents.45 Reco.ai: 71% of enterprise employees use unauthorized AI tools, indicating that Level 1 conditions co-exist beneath whatever Level 2 access mandates have been issued.46 IBM survey: only 39% of CEOs report adequate AI governance; 61% report pushing adoption faster than governance readiness.

These figures are concentrated at Level 1 and early Level 2: access policies exist (or are being developed); output governance protocols do not. The Klarna, Shopify, and Duolingo cases represent Level 2 at enterprise scale — the mandate has been issued; the output governance design has not followed.

A cohort of approximately 6–15% of organizations has designed AI into specific workflows with explicit governance. McKinsey's high performers (6%) have redesigned workflows and have human-in-the-loop validation at 65% versus 23% for others. Accenture's Achievers (12%) have CEO sponsorship, industrialized tooling, and are 3.5 times more likely than Experimenters to see AI-influenced revenue exceed 30% of total revenues.47 OpenAI's data shows frontier organizations sending 6 times more messages per seat than median enterprises, with API reasoning token consumption growing 320x from November 2024.48 The differentiator is protocol design at the workflow level.

The model predicts the distribution will become more bimodal. Level 3 organizations compound: AI-designed workflows generate data that improves the protocol, which improves the workflow, which generates more data. Benny's cost-structure analysis makes this concrete — organizations that have front-loaded precision into stable definitions and designed workflow protocols now incur the lowest transaction costs for continuing AI integration. Their AI infrastructure accrues. Level 2 organizations plateau: access mandates without output governance do not generate the feedback needed to improve. The gap between Achievers and Experimenters is a protocol design gap that will widen without deliberate intervention. McKinsey's conclusion — "meaningful enterprise-wide bottom-line impact from the use of AI continues to be rare" — is, under this analysis, a prediction as much as an observation.

In practice, most Level 2-to-3 transitions are driven by organic discovery rather than compliance deadlines: domain experts build better workflows, demonstrate competitive advantage, and create internal pressure to standardize. Regulatory instruments accelerate transitions that organizational incentives have already begun.

Three regulatory instruments are creating forced transitions in specific sectors. The EU AI Act's August 2026 compliance deadline makes Level 2-to-3 mandatory for high-risk deployments under EU scope. NIST AI RMF 1.0 (2023) — Govern, Map, Measure, Manage — maps directly to L3+ protocol design requirements and is being incorporated into OCC and HHS sector guidance.4950 The HHS/OCR HIPAA overhaul proposes eliminating the "required vs. addressable" distinction and mandating annual security audits and encryption, pushing healthcare organizations toward formalized governance beyond access-only protocols. These forcing functions will reach approximately 20–30% of enterprise AI deployments in the US and EU. The remaining 70–80% will design the transition voluntarily or reactively.

The Air Canada chatbot case is the model for reactive transition at Level 2. $812 in direct damages and a legal precedent now cited across enterprise AI governance discussions. The reaction — updating AI governance policies, adding escalation paths for customer-service AI, reviewing chatbot output protocols — costs more and produces less than designing the protocol before deployment.

Section 6

How to use this model

The model's primary value is predictive. Placing your organization on the model tells you which failure is applicable to you — and what design change should be considered.

The diagnostic question "When your AI system produces a wrong answer here, what happens next — and who is accountable?" is the operative instrument. Apply it function by function. The answers map directly to levels. The bottleneck — the function with the lowest answer and the highest consequences — is the organization's effective governance level for risk purposes.

1

Map AI exposure by function

List every function where AI produces outputs that affect decisions: customer communications, code, financial analysis, legal review, HR decisions, clinical recommendations, contracts, regulatory submissions. This is the inventory the model operates on.

2

Apply the governing uncertainty test to each function

Answer to "what happens when AI is wrong here?" Level
"We'd probably not notice" / "It hasn't happened yet" Level 1
"Someone notices and flags it after the fact" Level 2
"There is a review process before the output is used" Level 3
"We have error metrics, escalation paths, and the protocol updates when the error rate changes" Level 4
"The protocol is infrastructure — we monitor the infrastructure, not individual outputs" Level 5
3

Identify the bottleneck

The function with the lowest answer and the highest consequences is the bottleneck. A Level 3 engineering organization with a Level 1 HR function has a Level 1 liability ceiling in any employment-related AI dispute. A Level 3 financial analysis team with a Level 2 customer communications function has a Level 2 regulatory exposure in any customer-facing AI liability case. The bottleneck does not average up. It sets the floor.

4

Identify the transition requirement

Use the level descriptions to identify the specific protocol design change the bottleneck function requires.

  • L1 → L2: Issue a formal access policy. Grant sanctioned access to approved tools under defined conditions. Make the exposure visible.
  • L2 → L3: Redesign the governing protocol from access-scope to output-scope. Define verification requirements before consequential use. Build the gravel road for the bottleneck function.
  • L3 → L4: Extend workflow-level protocols into cross-function and cross-boundary coordination. Build infrastructure for the downstream bottlenecks the designed workflows create.
  • L4 → L5: Participate in sector-level protocol design and standards processes. Build governance that accounts for external AI dependencies the organization does not control.

Each transition requires accepting a new class of problem in place of the previous one. The Level 1-to-2 transition converts invisible exposure into visible compliance risk. The Level 2-to-3 transition converts adoption with an unknown quality floor into workflow governance with visible quality metrics and new bottlenecks at workflow boundaries. The Level 3-to-4 transition converts intra-organizational governance into inter-organizational coordination problems. Each new problem is more governable than the one it replaces — visible, bounded, and addressable through protocol design rather than through reactive incident response.

What this model does not tell you

  • Which specific AI tools to use or avoid
  • What will happen to AI capabilities in 12–24 months
  • Whether any specific AI output is correct
  • How to satisfy any specific regulatory requirement — consult sector-specific guidance
  • What level your organization should be at by a specific date — there is no universal pace

Pace is not the variable. The failure mode at each level is the gap between AI exposure and protocol design. A Level 1 organization actively designing its exit is in better shape than a Level 3 organization that has stopped evolving its protocols.

For the interactive self-assessment and level-specific diagnostic output, see protocolized.dev/ai-maturity-model/

Protocols for Business

Ready to take the assessment?

A 2-minute diagnostic places you on one of the five levels, returns the failure modes you're most exposed to, and gives you clear direction on what do next.

Take the Assessment →
Footnotes

Notes

  1. 1Alex Singla, Alexander Sukharevsky, Bryce Hall, Laraina Yee, Michael Chui, and Tara Balakrishnan, "The State of AI in 2025: Agents, Innovation, and Transformation," McKinsey & Company, November 2025. Survey: 1,993 respondents, 105 nations, June–July 2025.
  2. 2Mihaela Vorvoreanu, Amy Heger, Samir Passi, et al. (Microsoft AETHER Committee), "Microsoft Responsible AI Maturity Model," Microsoft Research, May 2023.
  3. 3Accenture, "The Art of AI Maturity," Accenture Research, 2024.
  4. 4Boston Consulting Group, "BCG AI Maturity Matrix," November 2024.
  5. 5Vorvoreanu et al., "Microsoft Responsible AI Maturity Model," p. 8.
  6. 6Accenture, "Art of AI Maturity." Direct quote: "they're 3.5 times more likely than Experimenters to see their AI-influenced revenue surpass 30% of their total revenues."
  7. 7VinciWorks; ABA Law Practice Magazine; court records (Mata v. Avianca, 2023; ByoPlanet v. Johansson, 2025). 550+ publicly reported hallucination cases; 712 judicial decisions worldwide; $86,000 fine in ByoPlanet.
  8. 8Watts S. Humphrey, Managing the Software Process (Reading, MA: Addison-Wesley Longman, 1989). CMM commissioned by the US Department of Defense (1986). CMMI (2002) superseded the original; currently maintained by ISACA.
  9. 9Singla et al., "The State of AI in 2025." Direct quotes: "Meaningful enterprise-wide bottom-line impact from the use of AI continues to be rare"; "High performers are nearly three times as likely as others are to say their organizations have fundamentally redesigned individual workflows in their deployment of AI."
  10. 10Menlo Ventures, "2025 State of Generative AI in the Enterprise," November 2025. Enterprise GenAI market: $37B (2025).
  11. 11Venkatesh Rao, "Introduction to the Protocol Reader," Summer of Protocols, 2023, citing Danny Ryan.
  12. 12Alfred North Whitehead, cited in Rao, "Introduction to the Protocol Reader."
  13. 13Sachin Benny, "Why Does AI Development Look Like 1980s Software Planning?" Summer Lightning, November 16, 2025.
  14. 14Ibid.
  15. 15Venkatesh Rao, "Constructing the Evil Twin of AI," Protocolized, 2025.
  16. 16Protocolized, "Table: Learning to See Business Protocols," Protocolized, 2026.
  17. 17Protocols for Business Special Interest Group, Protocolized, "Finding Fault Lines within the Firm," Protocolized, 2026.
  18. 18Reco.ai (2025), as cited in shadow AI prevalence roundup.
  19. 19Cyberhaven Q1 2024 data, as cited in shadow AI prevalence roundup.
  20. 20IBM Security, "Cost of a Data Breach Report 2025," 2025. Shadow AI incidents cost $4.63M on average — $670K above baseline. 97% statistic from same report.
  21. 21Gizmodo / Bloomberg reporting on Samsung ChatGPT data leak, April–May 2023. Cyberhaven estimated 3.1% of enterprise ChatGPT users had submitted confidential company data at time of reporting.
  22. 22symplr, "2025 Enterprise Healthcare IT Survey," 2025. Average healthcare breach cost: $7.42M, 279 days to resolve (IBM 2025).
  23. 23ABA Formal Opinion 512, July 2024.
  24. 24Fast Company; Fortune; TechCrunch. Klarna AI deployment and reversal reporting, 2023–2025. Headcount: ~5,527 (2022) → ~3,100 (IPO, September 2025).
  25. 25TechCrunch; Fortune. Duolingo AI-first reporting, 2024–2025.
  26. 26Moffatt v. Air Canada, 2024 BCCRT 149 (British Columbia Civil Resolution Tribunal, February 14, 2024).
  27. 27Moffatt v. Air Canada, 2024 BCCRT 149, para. 29. Confirmed verbatim in Protocols for Business Special Interest Group, Protocolized, "Finding Fault Lines within the Firm," Protocolized, 2026.
  28. 28CNBC; Digital Commerce 360. Shopify AI mandate reporting, April 2025. Tobias Lütke quote confirmed verbatim.
  29. 29Evan Armstrong, "The Hottest Job in Tech," The Leverage, August 5, 2025.
  30. 30Mark Scianna, "How to Build Your Forward Deployed Engineering Team," Per Aspera, September 17, 2025. Gravel road quote confirmed verbatim.
  31. 31Armstrong, "The Hottest Job in Tech." FDE cost and contract floor confirmed. Workday 2012 IPO: 35% of revenue from on-site professional services — prior analog for services-heavy platform transitions.
  32. 32Anshu Chada and Ty Smith, "Uber: Leading Engineering through an Agentic Shift," The Pragmatic Summit, March 10, 2026; Gergely Orosz, "How Uber Uses AI for Development: Inside Look," The Pragmatic Engineer, March 10–11, 2026.
  33. 33Chada and Smith, "Uber: Leading Engineering through an Agentic Shift."
  34. 34Orosz, "How Uber Uses AI for Development." Four-layer architecture confirmed verbatim.
  35. 35Blake Scholl, "Move Fast and Don't Break (Safety Critical) Things," Boom Supersonic, August 10, 2025. XB-1 built by ~50 engineers at ~$190M; zero safety incidents across the program.
  36. 36Ibid. Jevons's Law quote confirmed verbatim.
  37. 37Blake Scholl, "Move Fast and Don't Break (Safety Critical) Things Part 2: Vertical Integration," Boom Supersonic, September 14, 2025. Slacker Index and turbine blade example confirmed. "Changes the physics" quote confirmed verbatim.
  38. 38Benny, "Why Does AI Development Look Like 1980s Software Planning?"
  39. 39Orosz, "How Uber Uses AI for Development." AI costs 6x since 2024.
  40. 40National Institute of Standards and Technology, Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST AI 100-1, January 26, 2023. NIST AI 600-1 (Generative AI profile, 2024) is the GenAI-specific supplement.
  41. 41Venkatesh Rao, "Have Your Factory Call My Factory," Protocolized, March 2026. Quote confirmed verbatim.
  42. 42Timber Stinson-Schroff, "Mechanical Currents," Protocolized, 2025.
  43. 43Protocolized, "Table: Learning to See Business Protocols."
  44. 44European Parliament and Council of the European Union, Regulation (EU) 2024/1689 (AI Act), Official Journal of the European Union, July 12, 2024. Compliance for most obligations: August 2, 2026.
  45. 45Singla et al., "The State of AI in 2025."
  46. 46Menlo Ventures, "2025 State of Generative AI in the Enterprise."
  47. 47Reco.ai (2025), as cited in shadow AI prevalence roundup.
  48. 48Accenture, "Art of AI Maturity."
  49. 49OpenAI, "State of Enterprise AI 2025." API reasoning token consumption: 320x growth.
  50. 50National Institute of Standards and Technology, AI RMF 1.0. Referenced in OCC AI Risk Management guidance (2024) and HHS sector guidance.
Works Cited

Bibliography

  • Accenture. "The Art of AI Maturity." Accenture Research, 2024.
  • Armstrong, Evan. "The Hottest Job in Tech." The Leverage, August 5, 2025.
  • Benny, Sachin. "Why Does AI Development Look Like 1980s Software Planning?" Summer Lightning, November 16, 2025.
  • Boston Consulting Group. "BCG AI Maturity Matrix." November 2024.
  • Chada, Anshu, and Ty Smith. "Uber: Leading Engineering through an Agentic Shift." Talk at The Pragmatic Summit, published by The Pragmatic Engineer, March 10, 2026.
  • European Parliament and Council of the European Union. Regulation (EU) 2024/1689 (AI Act). Official Journal of the European Union, July 12, 2024.
  • Humphrey, Watts S. Managing the Software Process. Reading, MA: Addison-Wesley Longman, 1989.
  • Menlo Ventures. "2025 State of Generative AI in the Enterprise." November 2025.
  • Microsoft AETHER Committee (Vorvoreanu, Mihaela, Amy Heger, Samir Passi, et al.). "Microsoft Responsible AI Maturity Model." Microsoft Research, May 2023.
  • Moffatt v. Air Canada, 2024 BCCRT 149 (British Columbia Civil Resolution Tribunal, February 14, 2024).
  • National Institute of Standards and Technology. Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST AI 100-1. January 26, 2023.
  • OpenAI. "State of Enterprise AI 2025." 2025.
  • Orosz, Gergely. "How Uber Uses AI for Development: Inside Look." The Pragmatic Engineer, March 10–11, 2026.
  • Protocols for Business Special Interest Group, Protocolized. "Finding Fault Lines within the Firm." Protocolized, 2026.
  • Ranganathan, Aruna, and Xingqi Maggie Ye. "AI Doesn't Reduce Work — It Intensifies It." Harvard Business Review, February 2026.
  • Rao, Venkatesh. "Introduction to the Protocol Reader." Summer of Protocols, 2023.
  • Rao, Venkatesh. "Constructing the Evil Twin of AI." Protocolized, 2025.
  • Rao, Venkatesh. "Have Your Factory Call My Factory." Protocolized, March 2026.
  • Rao, Venkatesh, and Patrick Nast. "Theorizing Protocolization I: New Nature." Protocolized, 2026.
  • Scianna, Mark. "How to Build Your Forward Deployed Engineering Team." Per Aspera, September 17, 2025.
  • Scholl, Blake. "Move Fast and Don't Break (Safety Critical) Things." Boom Supersonic, August 10, 2025.
  • Scholl, Blake. "Move Fast and Don't Break (Safety Critical) Things Part 2: Vertical Integration." Boom Supersonic, September 14, 2025.
  • Singla, Alex, Alexander Sukharevsky, Bryce Hall, Laraina Yee, Michael Chui, and Tara Balakrishnan. "The State of AI in 2025: Agents, Innovation, and Transformation." McKinsey & Company, November 2025.
  • Stinson-Schroff, Timber. "Mechanical Currents." Protocolized, 2025.
  • Protocolized. "Table: Learning to See Business Protocols." Protocolized, 2026.