By Rémi Durand-Gasselin
AI creates value only when infrastructure makes it possible to orchestrate, secure and govern flows in real time, at scale.
For a time, companies believed their AI strategy would come down to picking a good model, or quickly rolling out a copilot across a few business functions. That reading no longer holds. The real dividing line no longer runs between those who have access to AI and everyone else, but between those who have an infrastructure able to operationalise it continuously and those still cobbling together isolated use cases. The signals show that value creation increasingly depends on application modernisation, security and governance.
The myth of the miracle model is collapsing
Public debate about AI remains largely captured by the race for models: who has the most powerful, the fastest, the cheapest, the most “agentic”. Yet within the enterprise, the model alone almost never determines the outcome. What matters is the ability to connect that model to reliable data, to make it interact with existing applications, to trace its decisions, to enforce access policies, and to guarantee latency compatible with real-world use.
In other words, the strategic question is no longer simply “which model will we use?”, but “on what infrastructure will we run AI?”. An AI that cannot cleanly access the right systems, that exposes sensitive data, that is not observable, or that fails as soon as it moves from pilot to scale, is not a strategy. It is a technical demonstration.
Recent figures point in the same direction. McKinsey observes that AI adoption continues to broaden, but that scaling up remains markedly harder than experimentation. The bottleneck, then, is no longer interest in AI but the organisational and technical capacity to industrialise it.
For its part, Stanford notes, in its AI Index 2025, that the spread of AI is accelerating across every sector, which intensifies the pressure on architectures, inference costs, control policies and reliability requirements.
Modernised infrastructure is becoming the decisive factor in the value extracted from AI. The rhetoric is open to debate, but the diagnosis is sound. In many companies, technical debt acts as a glass ceiling: monolithic applications, fragmented networks, poorly federated identities, incomplete logs, disparate security policies. As long as this foundation is not modernised, AI remains an appendage, not a lever for transformation.
The real challenge: distributing AI workflows, not just launching them
The next phase of enterprise AI will not be conversational; it will be operational. Models will no longer simply be queried by humans but will act within processing chains, trigger decisions, call APIs, enrich workflows, and intervene in real time in customer relations, cybersecurity, logistics or software production.
At that point, infrastructure becomes AI’s true nervous system. It must route requests to the right place, bring computation closer to users or data, absorb load spikes, arbitrate between several model providers, and guarantee a consistent quality of service. This is what is emerging in the notion of a unified “inference layer”, which answers an architectural reality. When companies multiply models, agents and entry points, they need a common control plane.
Take a simple example. An internal HR assistant that answers questions about leave policies is a relatively limited use case. But as soon as that system is asked to consult up-to-date documents, to verify access rights, to summarise attachments, to generate a contextualised response, and then potentially to open a ticket or trigger an action, we leave the chatbot behind and enter workflow orchestration. Value no longer comes from the model’s linguistic quality alone but from the reliability of the applications that surround it
This is why the companies that succeed will not necessarily be those that buy the most advanced models, but those that have overhauled their application exposure layers, their identity policies, their observability and their data governance. In this sense, infrastructure is the strategy itself.
Security and governance: the unavoidable step for any credible AI
There is still a dangerous temptation to view security and governance as brakes on innovation. That is a misreading. At scale, they become the very condition for sustainable innovation.
NIST, with its AI Risk Management Framework, places governance at the heart of responsible AI deployment, around four structuring functions: govern, map, measure and manage.
The European Union, for its part, has brought AI into a phased compliance framework in which transparency, documentation and risk management are no longer optional, particularly for certain uses and interactive systems.
This changes everything for architecture. A company can no longer deploy useful AI workflows without knowing precisely which data is being called, who has access to what, where requests travel, which logs are kept, which provider processes which information, and how to quickly disable or correct risky behaviour. Observability thus becomes a matter of algorithmic governance.
The security of AI applications has, moreover, taken on a new dimension. In 2025, OWASP updated its Top 10 risks specific to LLM-based applications, reflecting a landscape in which prompt injection, data exfiltration, uncontrolled outputs and excessive dependence on tools are becoming top-tier vulnerabilities.
Here again, the right answer is not merely to “prompt better” but to design an infrastructure capable of isolating, filtering, logging, limiting and supervising the behaviour of AI systems in production. In other words, if AI becomes a workflow, it must be governed like a critical workflow.
Application modernisation is no longer a technical prerequisite, but a value-creation trade-off
The strongest insight of this moment is doubtless that application modernisation is once again becoming a topic for senior leadership, because it now determines access to the very value AI promises.
The link between application modernisation, security maturity and AI outcomes is real. An organisation whose applications are fragmented, poorly exposed, slow to integrate and hard to protect will inevitably find it harder to turn AI pilots into genuine competitive advantages.
This is where strategic trade-offs become concrete. Should we keep layering AI tools on top of legacy systems, at the cost of growing complexity? Or should we re-architect journeys, APIs, identity policies and network distribution to make AI natively usable? In most cases, the second path is the only sustainable one.
This shift also explains why discussions about AI now converge with those about networking, security, data sovereignty, inference costs and application experience. A serious AI strategy is not a standalone software budget. It is an architecture policy.
The race toward the most effective AI will not be won by the companies that pile up demonstrators, nor even by those that choose the best models of the moment. It will be won by those that have built the infrastructure capable of moving intelligence reliably, securely, observably and under proper governance. The real competitive advantage no longer lies in the algorithm alone. It lies in the system that allows that algorithm to produce real, controlled value everywhere across the enterprise.
Rémi Durand-Gasselin
