Every so often, technology reaches a point where it stops feeling like a series of incremental improvements and starts reshaping how organizations operate.
I remember the early days of widespread internet adoption feeling that way.
There was still plenty of paper. Filing cabinets were full. Reports were printed. Institutional knowledge lived in binders, shared drives, and the heads of experienced staff. At the same time, the internet was becoming part of everyday work, and we were teaching journalists how to search for information online in the days before Wikipedia existed. (Fun fact: Wikipedia was born on January 15, 2001.)
The technology itself was fascinating. But what mattered most was the shift in how people found, shared, evaluated, and trusted information.
I'm starting to feel that kind of shift again.
Today, almost every technology conversation eventually turns to AI. That makes sense. AI is changing how we write, research, analyze, communicate, build software, and make decisions.
But the more conversations I have with leaders, the more convinced I am that the bigger story is organizational change.
AI is the catalyst. The larger challenge is that organizations are adapting to an entirely new operating environment.
Organizations are trying to move faster than ever before. Staff have access to tools that let them draft, build, automate, summarize, analyze, and experiment in ways that would have required specialized support not long ago. Expectations are rising quickly.
Meanwhile, the systems underneath the work — knowledge, governance, budgeting, procurement, security, infrastructure, compliance, and leadership practices — weren't designed for this pace.
That shift shows up in almost every technology conversation we're having.
Topics that once felt separate are becoming increasingly interconnected. AI leads to discussions about documentation. Security leads to governance. Budget planning leads to hardware strategy. Technology decisions increasingly become organizational decisions.
The patterns themselves are interesting, but together they point to something larger: organizations are adapting to a different operating environment.
Knowledge Is Becoming Infrastructure
One of the most encouraging developments is that more leaders are talking about knowledge management by name.
For years, many organizations had knowledge management problems without calling them that.
They had shared drives no one trusted. Intranets that were technically available but rarely useful. Policies that lived in three different places. Critical processes that existed mostly in one person’s head. Email threads that functioned as unofficial records. Slack and Teams conversations that answered important questions but disappeared from view almost immediately.
Organizations found ways to work around those gaps. People knew who to ask. They knew which document was current. They knew which folder mattered and which one had become a dumping ground. They knew where the unofficial knowledge lived.
AI makes those workarounds harder to sustain.
If an organization wants AI to summarize, retrieve, answer, automate, or reason across internal knowledge, the underlying knowledge environment matters. AI does not magically transform scattered, outdated, or contradictory information into reliable institutional intelligence. Often, it simply reveals the mess more quickly.
As a result, knowledge management is becoming less of a “nice to have” and more of an operational foundation.
Good documentation is no longer just about compliance or onboarding. It supports continuity. It enables automation. It improves decision-making. It protects institutional memory. It creates the conditions for AI to be useful.
Knowledge is infrastructure. More organizations are beginning to treat it that way.
AI Is Revealing the Gaps Underneath the Work
A year or two ago, many AI conversations started with tools.
Which platform should we use? Should we allow ChatGPT? Is Copilot ready? Should we try Claude? What about Gemini? Which one is the best for our organization?
Those questions still matter, but they are no longer enough. The more useful questions are more complex:
What information are we comfortable putting into an AI system?
Who is allowed to use which tools?
What should never be entered into a personal account?
How do we distinguish between public information, internal information, confidential information, regulated information, and intellectual property?
What happens when AI gives a plausible but wrong answer?
Who is responsible for checking the work?
These questions are about AI, but they are also about governance, knowledge, security, operations, and culture.
If policies are unclear, AI exposes that.
If documentation is inconsistent, AI exposes that.
If ownership is ambiguous, AI exposes that.
If staff are already using unsanctioned tools to get work done, AI exposes that too.
None of this means organizations should avoid AI. It means they need to understand what AI is revealing.
Typically the first step in AI readiness is cleaning up documentation, clarifying data ownership, reviewing vendor terms, updating acceptable use policies, or deciding who has authority to approve new workflows – not selecting a tool.
That work may not sound futuristic. But it's often what makes the more ambitious work possible.
The Gap Between AI Expectations and AI Reality Is Still Real
AI has improved dramatically. It is useful for many things. It can help draft, summarize, classify, brainstorm, translate, code, analyze, and explore.
It also still makes things up – most often, in subtle ways, but plausibly and confidently so, which makes the problem so difficult to diagnose unless you're really familiar with the topic at hand.
People are usually prepared for obviously bad answers. They're less prepared for answers that are mostly right, stylistically polished, and wrong in one important place.
This matters when AI is being used for competitive intelligence, research, policy analysis, regulatory review, grant writing, client communications, or anything else where accuracy matters.
It also matters when people assume that AI and automation are interchangeable. They aren't.
Traditional automation is usually deterministic. The same input should produce the same output. A workflow runs. A form is submitted. A record is updated. An email is sent. A field is checked. A report is generated.
AI is different. It can interpret, generate, and infer, but it is not inherently consistent.
For many organizational processes, the best solution is not to let AI handle everything. A stronger approach may be a workflow that uses AI for a specific task inside a more structured system.
AI can summarize a document. But an automation layer may still need to route it, log it, notify the right person, apply permissions, enforce approvals, and maintain an audit trail.
AI can draft a response. A human may still need to review it.
AI can classify content. The organization still needs a taxonomy, a retention policy, and a process for exceptions.
The organizations making real progress are learning where AI fits, where it doesn't, and where it needs to be paired with workflow design, governance, and human judgment.
Speed Has Become Easier. Governance Has Become More Important.
One of the most interesting shifts is how much easier it has become for non-technical people to build things.
In many ways, this is fantastic.
People can prototype ideas quickly. They can automate small tasks. They can build internal tools. They can experiment with workflows that would have required a developer not long ago.
But there's a predictable second chapter.
Someone builds a small application over a weekend.
Then it works well enough that other people start using it.
Then it needs to be hosted somewhere.
Then it needs authentication.
Then it touches customer data.
Then someone asks whether it complies with internal policies, contractual obligations, PCI requirements, privacy rules, or other regulatory expectations.
Then the person who built it has already moved on to something else.
The problem isn't the experimentation. Organizations need experimentation.
The problem is that experimental tools can become production systems before anyone has made an intentional decision – and that opens up a huge set of security concerns that often no one is thinking about.
This is where AI-assisted development and “vibe coding” get complicated. It is one thing to use AI to help create a prototype, script, or internal helper tool. It's another thing to place that tool into an operational environment where security, privacy, reliability, and maintainability matter.
Organizations need room for creativity, but they also need clear thresholds for when experimentation becomes infrastructure.
That line matters.
The Rules of Technology Planning Are Changing
Many leaders are trying to answer a reasonable question about AI:
How much is this going to cost?
Unfortunately, the answer is often: it depends.
That answer is far from satisfying, but it is honest.
AI pricing is still difficult to predict. Some costs are based on seats. Some are based on usage. Some involve tokens. Some depend on which model is used, how often, for what purpose, and with how much context. Some vendors bundle AI into existing platforms – then tell you that they're raising subscription prices because of AI. Others are charging increased fees for "data access" or API access. Others meter usage in ways that are hard to translate into normal operating budgets.
Organizations want to plan responsibly. But the pricing models are still evolving, and actual usage can be difficult to forecast before people begin using the tools in real workflows.
This creates a strange planning problem.
If adoption is low, the investment may look wasteful.
If adoption is high, the usage costs may become unpredictable.
If the organization restricts access too tightly, staff may use personal accounts instead.
If access is too broad, the organization may lose visibility and control.
For now, many organizations need to treat AI budgeting as an iterative process: start with clear use cases, monitor usage, define guardrails, revisit assumptions regularly, and avoid pretending that a one-time estimate will be accurate for long.
And AI costs are only one part of the planning challenge: hardware assumptions are shifting too.
For years, laptop refresh planning was relatively predictable. A reasonable business laptop could last several years. Most staff needed browsers, email, office applications, video conferencing, and access to cloud systems. There were always exceptions, but the basic model was understandable and translated well to projections and budget planning.
Now, everyday computing demands are increasing.
Browsers are heavier. Collaboration tools are heavier. Security tools are heavier. Creative and analytical workloads are more common. AI-enabled features are being added across platforms. Staff expectations are higher. The tolerance for slow machines is much lower.
A laptop with 16 GB of RAM that seemed perfectly reasonable a year or two ago may now feel underpowered much sooner than expected.
At the same time, hardware prices are not exactly cooperating.
Outgrowing computers faster than most organizations can keep up with demand is a real problem. And yet, technology strategy still has to account for the physical devices people use to do their work.
The Boundaries of the Organization Are Blurring
Security has always involved a balance between protection and convenience.
That tension isn't new. What feels different now is the scale and speed.
More people are using more tools. More work is happening across vendors, contractors, cloud platforms, personal devices, AI systems, and lightweight applications. Staff can move faster, connect more systems, and create more workflows than ever before.
The attack surface keeps expanding.
Vendor risk is a major part of this.
An organization can do many things right internally and still be exposed through a vendor, partner, consultant, platform, or service provider. Sometimes the issue is a technical breach. Sometimes it is a configuration mistake. Sometimes it is a human being doing something careless.
Organizations are only as secure as their weakest link. Increasingly, that weakest link may sit outside the organization itself.
That makes security less of a purely technical function and more of an organizational discipline.
Procurement matters.
Contract review matters.
Access management matters.
Offboarding matters.
Data classification matters.
Staff training matters.
Leadership expectations matter.
Security is not just about blocking risky behavior. It is about helping the organization understand risk well enough to make better decisions.
Internal IP Is Getting More Attention
One of the healthier shifts we are seeing is that more organizations are asking serious questions about internal intellectual property.
What happens when staff use AI tools with proprietary data, client information, research, code, strategy documents, financial information, proposals, training materials, or internal methodologies?
Not every piece of internal information is equally sensitive. But organizations need a way to decide what can be used where.
This is where the distinction between enterprise licenses and personal accounts becomes important.
It is not enough to say, “We use AI.”
Which AI?
Under what terms?
With what data protections?
With what administrative controls?
With what logging?
With what retention settings?
With what ability to manage users and access?
The casual use of personal AI accounts may be convenient, but it creates real governance challenges. That does not mean every organization needs to lock everything down. It does mean leaders should understand the difference between individual experimentation and organizational adoption.
The Questions Are Getting Better
Despite the complexity, I find this moment encouraging.
The questions leaders are asking are getting better.
Not long ago, many conversations sounded like this:
Should we use AI?
Can we block ChatGPT?
Which tool should we buy?
Can we automate this?
Now, more conversations sound like this:
What information should never go into an AI tool?
How do we give staff room to experiment safely?
Which workflows need consistency more than creativity?
Where do we need a human in the loop?
How do we protect our internal knowledge?
What governance do we need before this scales?
How do we make sure our technology decisions support the organization we are trying to become?
Those are much better questions.
They reflect a more mature understanding of what this moment requires.
We are not just adopting new tools. We are rethinking how organizations manage knowledge, make decisions, protect information, support staff, and build resilience.
Technology has always changed faster than organizations. What feels different today is the rate of acceleration and the number of people who now have the ability to create, automate, experiment, and deploy new ideas without waiting for permission.
That creates new risks. It also creates enormous opportunity.
The organizations that make real progress will not necessarily be the ones with the newest AI model or the biggest technology budget. They will be the ones that learn how to adapt their systems, governance, knowledge, and leadership practices to a new operating environment.
That doesn't sound flashy, but in a period of rapid technological change, it may be exactly what organizations need most.
