Skip to content

We only publish what we can defend in a vendor meeting. Every claim carries an ID, a review date, and a verdict you can check.

Issue 023 · Week 23 · 2026
Ledger
Status moved

Quiet — no verdict transitions in the last 30 days. See the ledger →

Agent Mode AI — claim-tracked agentic AI analysis

Newest · Business Case & ROI

Enterprise AI cost and ROI in 2026: what the evidence actually shows

The enterprise AI cost question in 2026 is not the seat price on the order form; it is total cost of ownership measured against realised ROI. Across four independent datasets the high-return minority is separated from the majority by measurement discipline and operational preconditions, not by model capability or vendor choice.

Read the piece →·Written by Claude, signed by Peter
Signed by
Peter

27 years enterprise IT operations. Global organisation. Major incidents. Editorially independent.

  • 147pieces
  • 239tracked claims
  • 14public retractions
About the editor
Framework · GAUGE

The Enterprise Agentic Governance Benchmark. Six dimensions, scored 0–100. Free 5-minute web diagnostic; 30–45 minute Excel for governance groups.

Score a deployment →
Holding-up · Ledger
Every claim, tracked.
239tracked claims
Most recently reviewed: AM-141Holding
Read the ledger →
Bulletin · Reviews
Quarterly verdict bulletin.
1issues published
Latest: Q2 2026 Claim Review Bulletin: did the publication's first-quarter claims still hold?
Read the latest →
Podcast · Audio companion
Two analysts, one claim per episode.
4episodes live
Latest: What AI doesn't know about your business · 10:04
All episodes →

Recently reviewed

Three claims most recently re-tested against their primary sources. Status changes log to the corrections page; nothing quietly vanishes.

See the full ledger →
  1. AM-133HoldingQ3 2026 Claim Review Bulletin: which claims moved, which held, and what the EU AI Act enforcement window did to the corpusReviewed 30 Jul 2026Read article →
  2. AM-201HoldingEnterprise AI cost and ROI in 2026: what the evidence actually showsReviewed 4 Jun 2026Read article →
  3. OPS-034HoldingThe solo founder's email triage stack: using AI without enterprise pricing in 2026Reviewed 4 Jun 2026Read article →
Method · Holding-up

Why this publication has a ledger

Most AI commentary gets paid for being loud about what's new. Almost none gets measured on whether what it said last quarter still holds this one. That is the gap this publication exists to close. Every published argument carries an ID, a review date, and one of three verdicts — Holding, Partial, or Not holding — that updates over time as evidence accumulates. The verdict log is the product.

When a claim stops holding, the page says so. The original sentence stays visible. The correction is dated and appended. Nothing is quietly removed. You do not need to trust the author to trust the verdicts — the receipts are public, on a 30–90 day review rhythm, and the corrections record is permanent.

Read the ledgerEditorial standards

Two registers

Same Holding-up discipline
Enterprise IT · default
For CIO / CISO / head of platform.

Mid-market and large enterprise. Procurement, governance, EU AI Act, multi-vendor agentic stacks. 30–90 day claim review cadence.

147enterprise articles
Start here →
Operators · sibling
For solo founders to ~50-person teams.

No IT department. Practitioner-advisory voice; faster 30–45 day cadence. Tools, vendor red flags, hours-per-week evaluation budgets.

72operators articles
Operators →

Topic pillars

Five clusters

Editor's picks

One per topic cluster

Latest pieces

Full archive →
Understanding AI

The bottleneck moved from the model to the engineer: what the forward-deployed-engineer turn means for enterprise AI procurement

The scarce input in enterprise AI is no longer access to a capable model. Every serious buyer can rent frontier capability by the token. The scarce input is the human capacity to make that model work inside one company's exceptions, legacy systems, and real-as-opposed-to-documented processes, and that capacity now has a name the vendors use openly: the forward-deployed engineer. In May 2026 the model vendors built businesses around it. The buyer-side reading is that a software purchase is quietly becoming a professional-services engagement, and Gartner's own analyst is on record predicting most of these engagements end in abandonment. This is what changes in the procurement file when the binding constraint is the vendor's people, not the vendor's model.

6 min
Risk & Governance

AI coding agents are now an enterprise attack surface: what TrustFall and SymJack mean for the software supply chain

In May 2026 security researchers published two findings, TrustFall and SymJack, that broke the same assumption across every major AI coding agent at once: Claude Code, Cursor, Gemini CLI, GitHub Copilot CLI, OpenAI Codex CLI, and Grok all treated the on-screen approval prompt as informed consent, and all could be driven to remote code execution by a booby-trapped repository. Microsoft separately disclosed two prompt-injection-to-RCE bugs in its own agent runtime, Semantic Kernel. When a flaw is shared by every product in a category, the category has a design assumption that does not hold. For the enterprise, the consequence is concrete: the coding agent your developers run with their full credentials is a production attack surface, and most governance programmes have it filed under developer tooling, outside the inventory entirely.

6 min
Risk & Governance

The SP 800-53 gap for AI agents, and what NIST COSAiS is writing to close it

Enterprises mapping agentic AI to NIST SP 800-53 today find real gaps in four control families: access control, identification and authentication, audit and accountability, and supply-chain risk. NIST's COSAiS project is writing agent-specific control overlays to close them, but the finalized guidance is not expected before 2027. Until it arrives, the burden is on the enterprise to document compensating controls.

8 min
Risk & Governance

ISO 42001 is becoming the enterprise AI procurement checkpoint

ISO/IEC 42001 is the first certifiable AI management system standard, and through 2025-2026 it has started appearing in regulated-sector and EU AI vendor RFPs as a stated or preferred requirement. The procurement question is no longer whether to ask about it, but how to ask: a certificate on its own proves little, and the buying-committee discipline is to require evidence of the operating management system behind it.

8 min
Business Case & ROI

Agentic AI FinOps: the cost-governance discipline most enterprises skipped

Enterprises that scale agentic AI without a dedicated FinOps discipline for inference, covering workload-level cost allocation, spend-cap tooling, and model-routing policy, repeatedly under-budget production spend. The 2026 platform direction (cloud-native spend caps and AI cost explainability) confirms the gap is real. But the missing layer is the discipline, not the tooling, and the tooling alone does not install it.

8 min
Risk & Governance

An AI tax is the wrong instrument for a real problem

A growing camp wants to tax AI because it was built on the collective knowledge of everyone and runs on public infrastructure. Both claims are partly true and neither supports a special tax. The grievance is real; the instrument is wrong. Copyright markets, the courts, and the existing profit-and-capital tax base already fit the problem, and a dedicated AI levy would fall on buyers and workers while entrenching the incumbents it is meant to check. What a CIO should budget for instead.

9 min
Understanding AI

The Car Wash Test and the Measure of Model Maturity

Claude Opus 4.8 led the coverage with a coding score. Anthropic's own launch led with reliability. The car wash test, in which 42 of 53 leading models told the user to walk and leave the car at home, shows why a coding-benchmark number is a weak proxy for model maturity, and what a CIO should measure instead.

7 min
Understanding AI

Your Auditor Now Has an Opinion on Your Model Stack

Inside about two weeks in May 2026, three of the four largest professional-services firms tied their delivery organizations to a single AI model vendor. The firms that sell vendor-neutral AI strategy have made decidedly un-neutral bets of their own. For a CIO that is not gossip: your auditor and your implementation partner now arrive with an opinion about your model stack, and their reference architectures carry it.

4 min

Browse by topic pillar

Five strategic pillars
Non-human identity
AI agent procurement
Shadow AI discovery
Agentic AI governance
Enterprise AI cost and ROI
Regulatory readiness
Vendor trajectory

Coming next

Peter's editorial calendar — honest dates, bumped-with-notes if missed.
  1. Week 17
    26 Apr 2026
    Non-human identity — the first procurement question CIOs aren't asking yet

    Every enterprise agent deployment passes through a credential. Most teams still hand the agent a human's credential. Naming the NHI gap is the next Q2 procurement conversation.

  2. Week 18
    03 May 2026
    Shadow agent sprawl — what telemetry catches and what it misses

    The browser-as-agent-runtime pattern creates a detection gap that MDM/CASB don't see. What the first wave of shadow-AI discovery tools actually find, and the three categories they miss.

  3. Week 19
    10 May 2026
    The AI agent MSA — four clauses every enterprise contract needs by August

    EU AI Act enforcement activates 2 Aug 2026. The clauses that survive legal review in the next quarter will be the ones that don't pretend the agent is conventional SaaS.

Vigil · 32 reviewed