AI is everywhere. Including here. Boards are asking about it. Vendors are selling it. Consultants are packaging it. And most of the advice landing on your desk is either too abstract to act on or too optimistic to trust.
Good vendor management still applies
Good vendor selection and management principles still apply. There are real trade-offs between sole-source and multi-vendor, between build and buy, between platform bets and best-of-breed. AI doesn't change this. Make these choices deliberately, not by default.
Build a learning organisation
Yes, AI is moving fast, but while there's speed, the path forward is far from obvious. Especially the second and third order effects. The models, the regulatory landscape, and the competitive environment are in flux. The businesses that will get the most from AI are the ones that build their capability to experiment and adopt. You must be able to monitor what's happening in the wild, experiment, and, if appropriate, adopt.
Your cybersecurity posture is falling behind
Traditional cybersecurity is built around endpoint protection and layered defence. AI has introduced new, novel attack vectors. The most important thing you can do is invest in cybersecurity culture across the organisation, because the right culture responds to uncertainty and change faster and more effectively than policy does. Make sure your security team is staying current with how AI is being used offensively, not just defensively.
Get your data foundation sorted
This is the boring one. AI is only as useful as the data it works with. Treat data quality and architecture as important. You don't need to stand up a mega data quality initiative but start treating it like the asset that it is.
Focus on what should be built, not what can be built
The capability of AI-assisted development is now, frankly, remarkable. In fact, we're quickly moving past the notion of 'assisted' to 'performed'. It is now possible to build working software at a speed and cost that would have been unthinkable a few months ago. But just because you can, does not mean you should. Stay focused on your core competencies and the sources of your competitive advantage. I personally would not be vibe coding an in-house payroll system, for example.