Thinking & Perspectives
AI Strategy Insights
Practical perspectives on AI strategy, agentic systems architecture, and governance — from the advisory practice at Imagine Works.
AI Red Teaming: What Enterprise Leaders Should Actually Ask For
AI red teaming has moved from a research-lab activity to a boardroom expectation. The EU AI Act now requires adversarial testing of general-purpose AI models with systemic risk. Microsoft has red-teamed 100+ generative AI products since 2018. NIST published a formal adversarial-ML attack taxonomy in March 2025. Here is what enterprise leaders should ask for when they commission — or evaluate — an AI red team engagement.
The NIST AI Risk Management Framework: What Enterprise Leaders Need to Understand
The NIST AI Risk Management Framework (AI RMF 1.0) has quietly become the most widely adopted enterprise AI governance framework in the United States — 57–67% of CISOs use it according to the 2026 Hitch Partners Global CISO Leadership Report. Voluntary, but load-bearing. Here is what the framework contains, how the 2024 Generative AI Profile extends it, and why it endured a change of US administration when the executive order that popularised it did not.
Prompt Injection: The Enterprise Security Risk That Cannot Yet Be Filtered Away
Prompt injection has been the number-one risk on the OWASP Top 10 for LLM Applications since 2023, and in June 2025 it produced the first publicly documented zero-click enterprise AI vulnerability — CVE-2025-32711, EchoLeak, in Microsoft 365 Copilot. UK NCSC's December 2025 guidance is direct: prompt injection cannot be fully mitigated; focus on reducing impact. Here is what enterprise leaders need to understand and do.
ISO/IEC 42001: The AI Management System Standard Enterprise Leaders Need to Understand
ISO/IEC 42001:2023 is the world's first certifiable international standard for managing artificial intelligence. Published in December 2023, it gives organisations a structured, auditable way to govern AI — and a certificate to prove it. Here is what the standard contains, how certification works, how it relates to the EU AI Act, and whether your organisation should pursue it.
AI Hallucination: What Enterprise Leaders Need to Understand in 2026
AI hallucination — when a language model produces confident, plausible output that is simply false — is now a measured enterprise risk, not a research curiosity. Vectara's leaderboard puts frontier model hallucination rates between 3% and 15% on a controlled summarisation task; Stanford's legal-AI study found purpose-built tools hallucinating on 17–33% of queries. Here is what leaders should know, and what to do about it.
Shadow AI: Why One-in-Five Enterprises Now Has a Governance Problem They Cannot See
Shadow AI — employees using unsanctioned generative tools at work — has moved from anecdote to material risk. IBM's 2025 breach data put a number on it: organisations with high shadow AI usage paid $670,000 more per breach, and only 37% of organisations have any policy to detect it. Here's what enterprise leaders should do about it.