Key insight: AI capability and risk management capability must grow in lockstep. Organizations that skip validation gates at lower levels will fail at higher ones. The bottleneck is never the technology.
Dr. George Westerman’s research at MIT Sloan cuts through the AI hype with a simple observation: Technology changes quickly. Organizations change slowly.
The bottleneck for AI adoption is never the AI itself. It’s the processes, culture, and people around it.
The Risk Slope
As organizations grow their AI capability, they must simultaneously grow their risk management capability. Westerman uses the metaphor of changing a tire: you don’t tighten one bolt fully before touching the others. You tighten all bolts gradually, in sequence.
The same applies to AI adoption. Three levels, each requiring more organizational maturity:
Level 1: Individual Productivity. Safe LLM tools, document summarization, internal knowledge search. Low risk. Good starting point.
Level 2: Specialized Roles. AI handles specific tasks with human-in-the-loop verification. Call centers, coding assistance, contract triage. Risk managed through human oversight.
Level 3: Direct Engagement. AI interacts directly with customers or makes consequential decisions. Most enterprises aren’t here yet—and shouldn’t be until they’ve mastered Levels 1 and 2.
Why Accuracy Baselines Matter
You can’t climb the risk slope without proving you can handle each level. An accuracy baseline isn’t just a technical metric—it’s the organizational confidence required to move from “experimental” to “operational.”
This is why prototypes matter. Not as technical proofs, but as the validation gates that let organizations say: “We’ve proven this works at Level 1. Now we can invest in Level 2.”
Skip the validation, and you’re tightening one bolt while the others are loose. The wheel falls off.
Source: Dr. George Westerman, MIT Sloan School of Management, “Integrating Generative AI Into Business Strategy”