AI Readiness Assessment for Technology-Driven Businesses

This assessment is calibrated against current (2024–2026) research and standards. Key references used to ground the questions and thresholds:

Maturity & adoption

• Gartner — AI Maturity Model & Roadmap and AI production-durability survey (Jun 2025): 45% of high-maturity orgs keep AI in production 3+ years vs. 20% of low-maturity.
• McKinsey QuantumBlack — The State of AI (2024; 2025): leaders, not employees, are the bottleneck; workflow redesign is the strongest predictor of EBIT impact; only ~20% measure AI with business metrics.
• MIT NANDA — The GenAI Divide: State of AI in Business 2025: 95% of generative-AI pilots show no measurable P&L return; buy/partner succeeds ~67% vs. ~33% for internal builds.
• BCG — AI Adoption Puzzle / AI at Work 2025 and the 10-20-70 operating-model rule (70% of value is people/process).
• a16z — Generative AI in the Enterprise (2024) and AI Application Spending Report (2025): bottom-up tool adoption; internal vs. customer-facing deployment rates.

Data, platform & people

• Gartner — AI-ready-data forecast: ~60% of AI projects abandoned through 2026 due to data not being AI-ready (~80% for GenAI); data-lineage adoption.
• MLOps/LLMOps maturity literature (arXiv 2025; practitioner LLMOps guides): version everything, CI/CD with eval gates, production monitoring/drift.
• IBM / agility-at-scale — CAIO role failure patterns; hub-and-spoke operating models ~36% higher ROI than decentralized.
• Workday (2026, via CIO.com) — ~40% of AI time savings lost to reworking AI output when roles are not redesigned; HBS — talent-density amplification; WEF — workforce/skills shift.

Security & reliability

• OWASP — Top 10 for LLM Applications (v2025) and Top 10 for Agentic Applications (2026): prompt injection, sensitive-information disclosure, improper output handling, excessive agency, vector/embedding weaknesses, unbounded consumption.
• IDC / IBM / Harmonic Security — shadow AI: 56% of employees use unauthorized AI tools; sensitive-data exposure on consumer tiers; ~$670K higher average breach cost with high shadow-AI.
• LLM observability/eval practice — hallucination and silent drift require quality monitoring beyond uptime; red-teaming now expected.

Regulation

• EU AI Act — four-tier risk model; staggered obligations (prohibited practices + AI literacy from Feb 2025; GPAI from Aug 2025; high-risk + transparency + GPAI enforcement from Aug 2026; product-embedded high-risk from Aug 2027); penalties up to €35M or 7% of global turnover. A 2026 "Digital Omnibus" amendment may shift high-risk dates — verify current status.
• NIST — AI Risk Management Framework 1.0 (Govern / Map / Measure / Manage) and the Generative AI Profile.
• ISO/IEC 42001:2023 — certifiable AI management system.
• US patchwork — NYC Local Law 144 (AEDT bias audits, live since 2023); California AI Transparency Act (SB 942 / AB 853); Colorado AI Act (postponed and, in 2026, repealed-and-replaced — verify the replacement law); revised federal bank model-risk guidance (2026, superseding SR 11-7).
• Sector overlays — fintech (model-risk management), healthtech (HIPAA + FDA SaMD / PCCPs), legaltech (ABA Formal Opinion 512; UPL).

Value & economics

• FinOps / CloudZero (2025) — ~84% of companies report AI infrastructure cutting gross margin by 6%+; AI-native product margins trending well below traditional SaaS.
• Drivetrain / CFO practice (2025) — track cost per workflow, AI cost as % of COGS, contribution margin by segment; power-user concentration as a margin risk; balanced AI scorecard with outcome-appropriate cadence.

Engineering transformation (IIIBC field synthesis)

• Theory of constraints applied to engineering: ~30–40% of effort is coding, 60–70% is surrounding work; a 10× coding speedup yields only 2–3× overall without process redesign — measure where time goes first.
• Spec-first / verification-first delivery: "AI executes; the engineer specifies and verifies." Specs become the new code review; build verification infrastructure before scaling AI code generation.
• Multi-agent chains (planner → implementer → reviewer) over single trusted agents; agent-ready codebases (monorepos, AGENT.md, clean boundaries) as a prerequisite.
• Engineering AI maturity & cost curve (L1–L5, ~$20 → ~$20,000 per engineer per month) and the new measurement stack (AI code share, complexity-adjusted velocity, code turnover ratio, cost per ticket/feature, DX pulse).
• New risk classes: bad code at scale, activity bloat, runaway token spend, single-vendor dependency, agent tech debt. Enterprise alignment (procurement, security, legal, finance, HR) is the gating factor; accountability for outcomes remains human.