Thinking & Perspectives
AI Strategy Insights
Practical perspectives on AI strategy, agentic systems architecture, and governance — from the advisory practice at Imagine Works.
Prompt Injection: The Enterprise Security Risk That Cannot Yet Be Filtered Away
Prompt injection has been the number-one risk on the OWASP Top 10 for LLM Applications since 2023, and in June 2025 it produced the first publicly documented zero-click enterprise AI vulnerability — CVE-2025-32711, EchoLeak, in Microsoft 365 Copilot. UK NCSC's December 2025 guidance is direct: prompt injection cannot be fully mitigated; focus on reducing impact. Here is what enterprise leaders need to understand and do.
ISO/IEC 42001: The AI Management System Standard Enterprise Leaders Need to Understand
ISO/IEC 42001:2023 is the world's first certifiable international standard for managing artificial intelligence. Published in December 2023, it gives organisations a structured, auditable way to govern AI — and a certificate to prove it. Here is what the standard contains, how certification works, how it relates to the EU AI Act, and whether your organisation should pursue it.
Retrieval-Augmented Generation (RAG): What Enterprise Leaders Need to Know
RAG — grounding a language model in your own retrieved documents rather than relying on what it memorised in training — has become the dominant enterprise AI architecture. Menlo Ventures put RAG adoption at 51% of enterprise implementations in 2024, up from 31% a year earlier. Here is what RAG actually is, why it won, where it breaks, and what leaders need to govern.
AI Hallucination: What Enterprise Leaders Need to Understand in 2026
AI hallucination — when a language model produces confident, plausible output that is simply false — is now a measured enterprise risk, not a research curiosity. Vectara's leaderboard puts frontier model hallucination rates between 3% and 15% on a controlled summarisation task; Stanford's legal-AI study found purpose-built tools hallucinating on 17–33% of queries. Here is what leaders should know, and what to do about it.
Shadow AI: Why One-in-Five Enterprises Now Has a Governance Problem They Cannot See
Shadow AI — employees using unsanctioned generative tools at work — has moved from anecdote to material risk. IBM's 2025 breach data put a number on it: organisations with high shadow AI usage paid $670,000 more per breach, and only 37% of organisations have any policy to detect it. Here's what enterprise leaders should do about it.
Model Context Protocol: What Enterprise Leaders Need to Know Before Buying Into Agentic AI
Eighteen months after Anthropic released the Model Context Protocol, it has become the de facto standard for how AI agents connect to enterprise data and tools — adopted by OpenAI, Google DeepMind, Microsoft, and Cloudflare. For enterprise leaders evaluating agentic AI investment in 2026, MCP is no longer a technical curiosity; it is an architecture and procurement decision.