Jim Larrison

The Zylo 2026 SaaS Management Index reported that enterprise AI spend doubled year over year. This is consistent with what we observe. The cost model changed faster than the visibility infrastructure. AI companies moved to token-based pricing and agentic workflows. Finance teams are still catching up. The current state at most enterprises: exporting data from multiple provider dashboards, chasing expense reports, dumping everything into spreadsheets, attempting to attribute costs manually. The results are about what you would expect. Larridin launched Token & Spend Insights to close this gap. The capability that matters most is attribution. Tracking total spend is straightforward. Tying that spend back to specific teams, specific use cases, and measurable outcomes is where management value actually exists. Our internal data shows less than half of unmanaged AI spending is productive. The implication is worth sitting with. The opportunity is not cost reduction alone. It is reallocation toward what is actually working. Full announcement linked in comments.

Security teams that slow AI down are not more secure. They are just slower. Tope Iluyomade's analogy is precise. Without brakes, you drive at ten miles an hour. With brakes, you trust your ability to stop, so you drive faster. AI security works the same way. The practical implication: guardrails have to be built into deployment pipelines, not bolted on after. Engineers do not go back and audit code after they commit it. If the safety is not structural, it does not exist. The measure of a mature security posture is not whether your team is involved at the start. It is whether you have built a feedback loop you can actually return to and improve over time. "It's not about uncontrolled speed versus slowing down. It's about engineered speed."

Most enterprise AI investments do not fail loudly. They get quietly turned off a few months or years later because nobody can justify what they were doing. The pattern is consistent. Teams buy AI tools for a specific function, skip the problem definition, have no way to measure whether it worked, and spend years hoping it proves itself. It rarely does. Karl's framing is direct: generic AI-powered productivity tools can survive some ambiguity. The moment you are buying something for a specific department with real budget behind it, you need a clear problem and a way to measure the outcome before you spend a dollar. The absence of that discipline is not visible at the start. It becomes visible when the CFO asks for 10% cuts in the budget, and no one can defend the line item for the AI-powered tool.

"If this is adjacent to my function and it's perpetual, let's build." Tope Iluyomade’s read from experience across Fortune 100 companies and startups: large organizations always had the resources to build and maintain software in-house, but rarely chose to. Late-stage startups avoided it because maintenance was a distraction from the core product. What has changed is that the cost to build and the cost to maintain have both dropped significantly. With help from AI, more organizations now pass the “build” test for more categories of software than they did three years ago. The question is no longer, “Can we build it?” It is whether what you are building is adjacent enough to your core function and long-lived enough to justify owning it.

There is a sequencing problem in most enterprise AI programs that explains why measurement keeps failing. Organizations are trying to measure AI ROI before their workforce knows how to use the tools. They are asking for productivity data from people who have not yet developed productivity patterns. They are looking for outcomes before inputs are in place. The order is wrong. The first wave in any AI program has to be workforce competency. Not tool selection. Not pilot programs. Basic proficiency across the organization so that when you do start measuring, you are measuring real usage patterns rather than fumbling adoption. This requires alignment that most organizations have not built. The CIO cannot do this alone. HR cannot do this alone. The employees themselves cannot do this alone. It requires three-way alignment: Clear expectations from leadership about what competency looks like, enablement infrastructure from HR to help people get there, and technical support from IT to make the tools accessible. Government regulation will not guide this. It moves too slowly. The only answer is structured internal enablement, a defined first wave that gets the entire workforce to a baseline before anyone tries to measure outcomes. Get the foundation right first.

Only one in five companies has a mature model for governance of autonomous AI agents (from Deloitte’s State of AI Report 2026). Agentic AI usage is poised to rise sharply in the next two years. The oversight infrastructure is not keeping pace. The pattern is consistent with what we here at Larridin observe. Organizations are deploying agents faster than they can govern them. Approval workflows live in email threads. Model documentation goes stale the day it's created. When someone asks for a complete inventory, most teams spend weeks assembling it manually. The enterprises achieving measurable value from AI share several characteristics. They treat governance as enablement, not restriction. Every "no" comes with a "yes, and here's how." They move fast on tool evaluation, completing it in days, not months. They invest in their sanctioned tool stack so the incentive to go outside it drops dramatically. And, critically: they measure governance, not just adoption. Unauthorized usage rates, data policy compliance, governance coverage - all tracked alongside proficiency metrics.

Microsoft's Agent 365 went GA (general availability) this month. Google announced its AI control center for Workspace as well. The timing is worth noting. Many organizations are no longer just testing chatbots. They are deploying agents that reach into corporate systems and execute tasks on behalf of users. One analyst’s observation: "By placing agent controls alongside identity, access, data, and workload management, vendors are positioning AI governance as an operational discipline owned jointly by IT and security." Governance is moving from a compliance checkbox to an infrastructure requirement. The native controls from Microsoft or Google may help, but they are unlikely to cover the full agent landscape. Orgs using multiple clouds, SaaS tools, and browser-based assistants will still need governance that extends beyond any single vendor's console.

OpenAI published research that confirmed something we've observed in our own data. Their B2B Signals report found that "frontier firms" - companies at the 95th percentile of AI usage - now use 3.5x more intelligence per worker than typical firms. That's up from 2x a year ago. But the more instructive finding was this: message volume explains only 36% of that gap. The majority of the difference comes from what they call "depth": richer context, more complex tasks, workflows where AI takes action rather than just providing answers. If you're tracking adoption by counting active users or messages sent, you're capturing less than half the signal. You have to integrate AI into operational workflows, rather than treating it as a productivity add-on. The distinction matters because it changes what you optimize for. Broad access is table stakes. Depth of integration is where the value compounds.

The Accenture/Wharton research on "Human+" workforce economics deserves close attention for one section in particular: the economic impact framework. They break down four levels of action companies can take: Enhance - augment an individual's work with AI tools Add - introduce AI agents that report to humans Change the mix - restructure teams across onsite, remote, agents, and robotics Restructure - redesign end-to-end processes across the value chain The first two actions typically increase costs while increasing productivity. The inflection point (where costs decrease while output stays level or increases) happens at the third level, when the workforce mix itself changes. This has implications for how companies measure ROI. Most organizations are still evaluating AI at the individual or team level, asking whether a copilot made someone faster. But the economic case doesn't fully materialize until you're measuring at the function or value chain level, which requires visibility into how work actually flows across humans, agents, and systems. The pattern is consistent: the gains come from designing the right mix, not from adding AI everywhere.

Madhu Chamarty's piece on workflow intelligence deserves attention for one observation in particular. The first two acts of process intelligence were built for a workforce made entirely of humans. Act one was archaeology: consultants pulling ERP logs, producing maps that were outdated the day they landed. Months of work, immediately stale. Act two was observation: task mining, desktop agents, watching how work moves through tools. Faster, but still asking the same question: where is the waste? Act three requires a different question entirely: where can AI change what is possible? What struck me was the part about agents entering the workforce as participants, not tools. They take handoffs. They produce outputs. They sit inside sequences. You cannot watch an agent learn on the job. You cannot give it three months to absorb context. You need the workflow map before it touches production, paired with continuous visibility once it does. That's a genuinely different problem than "Find the friction and automate it." Read the full article; the link is in the comments.

JPMorgan Chase formally reclassified its AI investments from experimental R&D to core infrastructure. Their 2026 technology budget is approximately $19.8 billion, with 2,000 staff dedicated to AI development. When Russ, Ameya, and I think about what we're building at Larridin, this is the shift we've been anticipating. Organizations moving from "let's see if this works" to "this is now part of how we operate." The measurement requirements change entirely at that inflection point. During experimentation, you can tolerate ambiguity. You're learning. During operations, you need to know what's working, what's not, and why, because the decisions compound. Success in the next few years will require building the visibility infrastructure that lets teams manage AI the same way they manage any other critical operational system.

Microsoft's Agent 365 and Google's AI control center for Workspace both went live this week. The platforms now offer centralized visibility into AI agent activity, security settings, and data protection controls. AI governance is being positioned alongside identity management, access controls, and data security as operational disciplines owned jointly by IT and security, not delegated to compliance teams reviewing spreadsheets. However, the analysts quoted in the coverage raise a point worth considering: native controls from Microsoft or Google help, but they are unlikely to cover the full agent landscape. Companies using multiple clouds, SaaS tools, developer platforms, and browser-based AI assistants will still need governance that extends beyond any single vendor's console. The application problem doesn't disappear because you have better visibility into two of them. So for any operator: does your governance architecture assume a single ecosystem, or does it account for the fragmented reality of how AI is actually being deployed?

KPMG's Global AI Pulse survey for Q1 2026 surveyed 2,110 C-suite leaders across 20 countries. 95% of companies have an AI strategy. 39% are scaling AI or driving adoption across the enterprise. Only 8% say they've seen tangible return on investment. The 11% KPMG identified as "AI leaders" share common traits. - They create agent ecosystems in an orchestrated way rather than getting stuck in pilots. - They upgrade governance to manage risk and preserve trust. They invest in skills as AI becomes part of everyday work. 82% of these leaders report meaningful business value. For those still piloting, only 62% report the same. The difference between leaders and the rest is not access to technology, funding, or willingness to experiment. It's organizational structure: governance, talent, and how the enterprise itself is designed to support AI at scale. The technology works. The question is whether the organization is set up to capture value from it, or whether structure itself is the bottleneck.

Google researchers published findings that attackers are seeding public web pages with hidden commands. When an enterprise AI agent scrapes those pages, the agent can be turned against its own company, using its real credentials and approved permissions. The unsettling part - traditional security tools see nothing wrong with the page. For two decades, enterprise security has been built around one assumption: The threat comes from a human user at a keyboard. Firewalls, identity platforms, endpoint detection; all of it watches for anomalous human behavior at the system boundary. When an AI agent reads the open web on your behalf, it's also accepting instructions. This is the kind of risk that doesn't show up in productivity metrics.

Two announcements landed within hours of each other. Anthropic announced a joint venture, backed by Blackstone, Goldman Sachs, and Hellman & Friedman, and valued at $1.5 billion, focused on deploying enterprise AI services. OpenAI is raising funds for a similar venture called The Development Company. What struck me about Anthropic's announcement was this line: "An engagement might begin with the company's engineering team sitting down with clinicians and IT staff to build tools that fit into the workflows that staff already use." It's a services pitch. Both labs are recognizing that the gap between model capability and enterprise value isn't technical, it's organizational. Russ and I saw something similar twenty-five years ago when we were building Comscore. The technology to measure web traffic existed. The challenge was helping organizations understand what the measurements meant and how to act on them. The pattern repeats. The technology works. The integration is where value gets captured or lost.

Russ's conversation with Bask Iyer surfaced a question most organizations haven't answered clearly: when an AI agent makes a bad call, who is accountable? Bask spent years as Global CIO at Johnson & Johnson, Honeywell, VMware, and Dell. He's navigated enterprise complexity at a scale few have. Worth listening to the full conversation. Link in comments.