Microsoft 365 CopilotPower BI Copilot (data + reports)Salesforce Agentforce / EinsteinSAP JouleSlack AI (Salesforce-owned)Atlassian Rovo (Jira / Confluence)Figma AI (design + dev mode)Notion AI (workspace)Snowflake Cortex (data + AI)ServiceNow Now AssistWorkday AIGlean (enterprise knowledge search)
Layer 5 · Consumer AI
ChatGPT (OpenAI, 300M+ users)Claude.ai (Anthropic)Gemini (Google, mobile + web)Perplexity (AI search engine)Grok (xAI, embedded in X)Meta AI (WhatsApp / Instagram)Microsoft Copilot (free tier)
Airbyte = data pipelinesAirtable = no-code database
Cursor vs Windsurf vs GitHub Copilot
GitHub Copilot
Extension inside your existing IDE — doesn't change the editor
Cursor
AI-native IDE — the whole editor rebuilt around AI (VS Code fork)
Windsurf
Cursor competitor, formerly Codeium, now OpenAI-owned
Amazon Q Developer
AWS-focused coding assistant, works in multiple IDEs
Claude Code
Terminal-based agentic coder — no GUI
Copilot = extensionCursor/Windsurf = full IDEWindsurf = OpenAI owned
"AI" vs "ML" vs "LLM" vs "GenAI"
AI
Broad umbrella — any machine intelligence
ML (Machine Learning)
Subset that learns from data — fraud detection, recommendations
LLM
Specific ML architecture trained on text — powers ChatGPT, Claude, Gemini
GenAI
AI that generates new content — text, images, code, audio
"We've used AI for years"
They mean older ML models, not LLMs
AI ⊃ ML ⊃ LLMGenAI = content generation
"Open source" LLMs — not what it sounds like
Open-weight
You can download and run the model weights yourself
Not open-source
Training data not disclosed, commercial use may be restricted
Llama 4 / Mistral
Open-weight, not truly open-source — important distinction
Still needs infra
Running them requires substantial GPU compute — not a laptop
Best term
"Open-weight" is more accurate than "open-source"
open-weight ≠ open-sourceneeds GPU infra
Real-World Use Cases — How the Stack Works Together
How to read these: Each use case shows which layers activate, which tools are involved, and what the architecture actually looks like. Designed for both technical and leadership audiences. Where shown, code reflects real API patterns — not pseudocode.
Procurement receives 400+ vendor contracts/month. Previously: lawyers spent 3 days reviewing each. New system: AI extracts key terms, flags anomalies, and routes only exceptions to human review. Lawyers now touch only 12% of contracts.
L0 · Claude Opus 4→L1 · AWS Bedrock→L2 · LangChain + Pinecone→L4 · Salesforce Integration
1
Ingest & Vectorize
PDF contracts uploaded to S3 → AWS Textract extracts text → LangChain chunks by clause → Pinecone stores vectors with metadata (vendor, date, value, jurisdiction)
2
AI Review via Claude Opus (Layer 0 via L1 Bedrock)
For each contract, the system retrieves the 10 most similar past contracts (RAG), then prompts Claude with structured extraction task
3
Routing & Escalation (Layer 6 · n8n)
n8n automation checks AI output: if anomaly_score > 0.7 or contract_value > $500K → route to lawyer queue in Salesforce. Else → auto-approve draft.
Claude API call (via AWS Bedrock, Python)
# Layer 1: AWS Bedrock wraps Layer 0 Claude modelimport boto3, json
bedrock = boto3.client('bedrock-runtime', region_name='us-east-1')
# Layer 2: Retrieved similar contracts via Pinecone (RAG)
similar_clauses = pinecone_index.query(contract_embedding, top_k=10)
response = bedrock.invoke_model(
modelId='anthropic.claude-opus-4',
body=json.dumps({
'messages': [{
'role': 'user',
'content': f"""Extract from this contract:
1. Payment terms (net days)
2. Liability cap ($ amount)
3. Auto-renewal clauses (yes/no)
4. Anomaly score vs our standard terms (0-1)
Similar past contracts for reference:
{similar_clauses}
Contract text: {contract_text}
Return JSON only."""
}],
'max_tokens': 1024,
'anthropic_version': 'bedrock-2023-05-31'
})
)
result = json.loads(response['body'].read())['content'][0]['text']
👔 Leader View — What This Means for the Business
ROI: Lawyer review time drops from 3 days → 4 hours per contract (exceptions only). At $400/hr billed, $2M+ annual savings on a 400-contract/month volume.
Risk: AI extracts; humans decide on edge cases. The 88% auto-handled contracts are low-value, high-similarity. Escalation threshold is tunable.
Build vs Buy: Salesforce has native AI features (Agentforce) but lacks domain-specific RAG on your own contract history. Custom LangChain + Bedrock gives you that moat.
Shoppers can chat with the store ("find me a gift under $50 for a 40-year-old who runs"). AI retrieves relevant products, explains why they match, and follows up on abandoned carts with personalized messages — not templates.
All 12,000 SKUs embedded nightly into pgvector (Postgres extension). Each product embedding includes title, description, attributes, reviews summary. Stays in-house, no third-party vector DB cost.
2
Semantic Search + GPT-4o Reasoning
Customer query → embedding → top 20 semantic matches → GPT-4o ranks and explains relevance. MCP tools allow AI to check live inventory and pricing before responding.
3
Abandoned Cart Recovery (Layer 6 · Make)
Make monitors Shopify webhooks for cart abandonment. Triggers GPT-4o to draft a personalized recovery email referencing the exact items, what the customer typed in search, and a relevant incentive.
MCP tool call — AI checks live inventory (TypeScript)
// Layer 2: MCP Protocol — AI uses tools like a human uses appsconst tools = [{
name: 'check_inventory',
description: 'Check real-time stock level and price for a product SKU',
inputSchema: {
type: 'object',
properties: {
sku: { type: 'string' },
size: { type: 'string', optional: true }
}
}
}];
// GPT-4o (Layer 0) decides to call the toolconst response = await openai.chat.completions.create({
model: 'gpt-4o',
messages: [{ role: 'user', content: customerQuery }],
tools: tools, // Layer 2: MCP tools exposed to model
tool_choice: 'auto'
});
// If model chose to call tool, execute it and return resultif (response.choices[0].message.tool_calls) {
const toolResult = await executeInventoryCheck(toolCall.arguments);
// Feed result back — model generates final customer-facing response
}
👔 Leader View
Why not just use Shopify's built-in AI? Shopify AI is generic. Custom LLM knows your brand voice, seasonal promotions, and return policy. The semantic search moat is your own product catalog embedded — competitors can't replicate that.
Data privacy: pgvector keeps embeddings in your own Postgres — product data never sent to Pinecone or any third-party vector service.
Clinical Documentation Automation (DAP Notes)
Regional Health System · 800 clinicians · HIPAA-compliant · 40 min saved/provider/day
Clinicians narrate patient encounters verbally. AI transcribes, structures into DAP (Data-Assessment-Plan) format, codes ICD-10, and pre-populates the EHR. No PHI leaves the firewall — on-prem Llama 4 model.
L0 · Llama 4 (on-prem)→L1 · Self-hosted HuggingFace→L2 · LangChain + Chroma→L4 · Epic EHR via FHIR API
1
Audio → Transcript (Whisper, on-prem)
OpenAI Whisper model runs on GPU server inside hospital firewall. 15-minute encounter → transcript in 45 seconds. Zero audio data sent externally.
2
Structuring + ICD-10 Coding (Llama 4 fine-tuned)
Llama 4 fine-tuned on 50K de-identified historical DAP notes from this health system. Extracts problem list, assessment, plan. Suggests top 3 ICD-10 codes with confidence scores. Clinician confirms.
3
EHR Write-back via FHIR API (Layer 4)
Structured output pushed to Epic via FHIR R4 API. Clinician reviews in Epic UI and signs. Full audit trail maintained. No new interface — clinicians stay in their existing workflow.
FHIR write-back + on-prem Llama call (Python)
# Layer 0: Llama 4 running on-prem (no PHI leaves firewall)from transformers import pipeline
import requests
llm = pipeline('text-generation', model='meta-llama/Llama-4-Scout-17B',
device='cuda') # on-prem GPU server# Structure the transcript into DAP format
structured = llm(f"""You are a clinical documentation specialist.
Convert this transcript to DAP format with ICD-10 codes.
Return structured JSON only.
Transcript: {transcript}""")[0]['generated_text']
# Layer 4: Write to Epic via FHIR R4 API
fhir_note = {
"resourceType": "DocumentReference",
"status": "current",
"content": [{"attachment": {"data": encode_b64(structured)}}],
"context": {"encounter": [{"reference": f"Encounter/{encounter_id}"}]}
}
requests.post(f'{epic_fhir_base}/DocumentReference',
json=fhir_note, headers={'Authorization': f'Bearer {token}'})
👔 Leader View
HIPAA & compliance: On-prem Llama 4 means zero PHI in transit to OpenAI/Anthropic. This is the key architectural decision. Cloud LLMs (Claude/GPT via API) require a BAA — possible but adds overhead. Open-weight on-prem = no BAA needed.
40 min/day × 800 clinicians = 533 hours/day recovered. At $150/hr average physician time, that's $80,000/day in recovered productivity — roughly $20M/year.
Emilie's 3-Model Dev Stack — FixDinner App
KovaWorks · Solo Founder · Flutter/Dart + Supabase + Claude Haiku · Live iOS app
This is the exact stack used to build FixDinner — the live iOS app at the App Store. Claude for strategy/QA, Cursor for building, Claude Haiku embedded in the app itself. Three models, three distinct jobs. Not redundant — each operates at a different layer.
💡 Direct answer to your question: are you paying for 2 models when you need 1?
No — they're doing completely different things at different layers. Here's why all three are justified:
Tool
Layer
Job
Why you can't collapse it
Claude.ai (Pro plan)
L5 · Consumer
Strategy, research, QA, writing this hub
Long-context reasoning, projects, this conversation — Cursor can't do this
Cursor (Pro plan)
L3 · Coding AI
Write Flutter code, run in IDE, see errors live
IDE context, file awareness, code execution — Claude.ai can't see your codebase
Claude Haiku (API, via Supabase Edge Functions)
L0 · Model
Real-time dinner suggestion inference for app users
This runs at scale for 1,000s of users — it's a product, not a dev tool
Cursor vs Claude.ai — are they the same? No. Claude.ai is a Layer 5 consumer chat interface. Cursor is a Layer 3 AI-native IDE. Cursor uses Claude (or GPT or Gemini) under the hood as its model — you're actually already using Claude in Cursor. The difference is context: Cursor has your files, your terminal, your errors. Claude.ai has your conversation. They complement, not duplicate.
FixDinner: Supabase Edge Function → Claude Haiku inference (TypeScript/Dart)
// Supabase Edge Function (Layer 1 infra) calls Claude Haiku (Layer 0 model)// This runs server-side — API key never exposed to Flutter appimport Anthropic from'@anthropic-ai/sdk'const anthropic = new Anthropic({ apiKey: Deno.env.get('ANTHROPIC_API_KEY') })
Deno.serve(async (req) => {
const { ingredients, dietary_prefs } = await req.json()
// Claude Haiku: fast, cheap, perfect for high-volume inferenceconst msg = await anthropic.messages.create({
model: 'claude-haiku-4-5-20251001', // Layer 0: cheapest Claude tier
max_tokens: 512,
messages: [{
role: 'user',
content: `Suggest 3 dinner ideas using: ${ingredients}.
Dietary preferences: ${dietary_prefs}.
Format: JSON array with name, time_minutes, difficulty.`
}]
})
returnnew Response(JSON.stringify({ ideas: msg.content[0].text }))
})
👔 Leader View — Cursor Marketplace vs Claude Connectors
Cursor Marketplace (image you shared) = MCP servers that give Cursor AI access to external tools: Datadog, Firebase, Figma, Slack, MongoDB. These are Layer 2 orchestration connectors. When you install one, Cursor's AI can call those APIs autonomously.
Claude.ai Connectors = a similar system for Claude.ai — lets Claude read your Google Drive, GitHub, etc. Same concept (MCP), different product surface. Both use the Model Context Protocol (Layer 2).
You're not behind — you're ahead. Knowing you need 3 models for 3 jobs, having a live app on the App Store, and understanding these layer distinctions puts you in the top 1% of operators, not the bottom.
Enterprise AI Orchestration — How It All Connects for Leaders
Strategic overview for non-technical decision-makers · Board-ready framing
You don't need to understand the code. You need to understand the architecture decisions that determine cost, risk, vendor dependency, and value. This view maps the key questions every leader should be asking their AI team.
Full Stack View
The Orchestration Layer — Where AI Decisions Get Made
🧠 The Brain (L0)
Foundation Model
Claude / GPT / Gemini Decides what to do based on instructions
Leader Q: Which model? Cost vs capability tradeoff?
Leader Q: Do we need a BAA? Which cloud is our primary?
↕
🔧 The Glue (L2)
Orchestration + Memory
LangChain + Pinecone + MCP Connects AI to your data and tools
Leader Q: Where does our proprietary data create the moat?
↕
🏢 The Apps (L4)
Embedded Enterprise AI
Salesforce Agentforce / SAP Joule / M365 AI your employees already touch
Leader Q: What's already in our licenses? Avoid duplication.
↕
⚙️ The Action (L6)
Automation Agents
n8n / Zapier / UiPath AI that does things, not just says things
Leader Q: What processes can be removed from human hands entirely?
📋 The 5 Questions Every AI Leader Should Be Asking
1. Build vs Buy vs Configure? L4 tools (M365 Copilot, SAP Joule) = configure. Custom RAG pipelines = build. Zapier = buy. Wrong choice costs 10x. Most orgs should configure before they build.
2. Where is our data moat? The AI model itself is a commodity — GPT-4o is available to everyone. What isn't available to everyone: your customer history, your contracts, your clinical notes. Whoever owns the proprietary data, owns the AI advantage.
3. What's our model dependency risk? If you hardcode OpenAI into your product, you're locked in. The Layer 1 + Layer 2 stack (Bedrock + LiteLLM) lets you swap models without rewriting apps.
4. Who governs the prompts? Prompts are policy. A badly written system prompt is a liability. Who owns the prompt registry? Who reviews changes? This is the governance gap most enterprises don't see until something goes wrong.
5. What's the human-in-the-loop design? AI should handle the 80%. Humans should be reserved for the 20% where judgment, ethics, and accountability matter. If you can't articulate that boundary, your AI deployment is a risk.
Key Market Metrics
$8.4B
Enterprise LLM API spend mid-2025 (↑ from $3.5B late 2024)
92%
Fortune 500 using GenAI in workflows
40%
Anthropic enterprise LLM market share 2025
$500M+
Cursor ARR June 2025
20M
GitHub Copilot all-time users
$1.9B
AI coding tool ecosystem size
All Tools — Detailed Cards
OpenAI GPT-4o / GPT-5
OpenAI
Layer 0 · Foundation Model
closed-sourcemultimodalreasoning
The model itself — a neural network trained on trillions of tokens. Not a product you use directly; accessed via API or embedded in ChatGPT, Copilot, and thousands of apps. GPT-5 (2025) is the current frontier.
Consumer share: ~60% chatbot visits
Enterprise API share: 27% (down from 50%)
API pricing: ~$2.50/M tokens
Core Use CasesText generation, code, reasoning, image understanding, function calling. Powers ChatGPT, M365 Copilot, and most third-party AI apps.
Claude (Sonnet 4 / Opus 4)
Anthropic
Layer 0 · Foundation Model
closed-sourcesafety-focusedcoding200K context
A family of LLMs (Haiku = fast/cheap, Sonnet = balanced, Opus = most capable). The model itself is accessed via API — Claude.ai is the consumer product built on top. Dominant in enterprise and coding workloads.
Enterprise LLM share: 40%
Coding market share: 54%
Context window: 200K tokens
Core Use CasesComplex reasoning, agentic tasks, code generation, long-document analysis. Powers Claude Code, Cursor (via API), Snowflake Cortex.
Gemini 2.5 Pro / Flash
Google DeepMind
Layer 0 · Foundation Model
closed-sourcemultimodal1M context
Google's frontier LLM family. Flash is cheap/fast; Pro is frontier-grade. Integrated into Google Workspace, Vertex AI. 1M+ token context window is industry-leading.
Enterprise share: 21% (↑ from 7%)
Context window: 1M+ tokens
Flash pricing: ~$0.30/M tokens
Core Use CasesLong-document analysis, multimodal tasks, Google Workspace integration, real-time search, enterprise apps on GCP.
Llama 4
Meta AI
Layer 0 · Foundation Model
open-weightself-hostablefree
The most widely adopted open-weight model. Free to download — you own the weights. Powers the self-hosted AI ecosystem. Llama 4 launch April 2025 underperformed expectations in practice but remains #1 open model.
Open-source market: #1 open model
Enterprise open use: 13% of workloads
Cost: Free (self-host)
Core Use CasesSelf-hosted AI (data sovereignty), fine-tuning for domain-specific tasks, cost-sensitive inference, EU regulated environments.
DeepSeek V3 / R1
DeepSeek (China)
Layer 0 · Foundation Model
open-weightlow-cost trainingMoE
Built at <1/10th the cost of GPT-4 while matching performance on many benchmarks. Shocked the market Jan 2025. Uses Mixture-of-Experts architecture. Privacy concerns limit enterprise adoption in the West.
Training cost: <$6M vs ~$100M+
API pricing: ~$0.14/M tokens
Core Use CasesCost-sensitive tasks where privacy risk is lower, academic research, testing. Significant price pressure on other model providers.
Mistral Large 2
Mistral AI (France)
Layer 0 · Foundation Model
open-weight optionEU-basedmultilingual
European frontier model, strong on multilingual tasks and code. Both open-weight and API versions. Preferred for EU organizations with data residency requirements.
Best for: EU data residency
Strength: Multilingual, efficient
Core Use CasesEuropean enterprise deployments, multilingual applications, cost-optimized API tasks, fine-tuning base for specialized models.
AWS Bedrock
Amazon Web Services
Layer 1 · Cloud AI Infrastructure
managed API gatewaymulti-modelserverless
A 'model supermarket' — call one AWS API and choose from Claude, Llama, Titan, Mistral, etc. No infrastructure management. Bills per token. Default choice for AWS-native orgs building AI apps.
Models: Claude, Llama, Titan, Mistral
Billing: Token-based, no infra
Best for: AWS-native orgs
Core Use CasesBuilding internal chatbots, RAG systems, document processing pipelines. You don't train models — you consume existing ones inside your AWS account.
Airbyte
Airbyte (YC W20) — NOT Airtable
Layer 1 · Data Pipeline / ELT
open-sourceELT300+ connectorsself-hostable
Moves data from source systems (APIs, databases, SaaS apps) into data warehouses like Snowflake or BigQuery. ELT = Extract, Load, Transform — the plumbing between operational systems and the analytics/AI layer. Open-source alternative to Informatica and Fivetran. Frequently confused with Airtable — completely unrelated.
Connectors: 300+ sources/destinations
Model: Open-source + cloud managed
vs. Informatica: Dev-friendly, no enterprise governance
Core Use CasesSyncing Salesforce→Snowflake, Postgres→BigQuery, Stripe→data warehouse. Feeds the data layer LLMs sit on top of. The 'Dallas' AI task automation (Airbyte LinkedIn post) is built on Airbyte's pipeline.
Azure AI Foundry (OpenAI Service)
Microsoft
Layer 1 · Cloud AI Infrastructure
managed APIenterprise securityOpenAI access
Microsoft's version of Bedrock — access GPT-4o, o1 within Azure's compliance perimeter. Enterprise data doesn't leave your Azure tenancy. Backbone behind M365 Copilot and most Microsoft AI products.
Compliance: SOC2, HIPAA, FedRAMP
Data isolation: Tenant-scoped
Core Use CasesEnterprise AI apps needing compliance guarantees, building Copilot-like assistants on your own data, Azure DevOps integrations.
Google Vertex AI
Google Cloud
Layer 1 · Cloud AI Infrastructure
managed platformMLOpsGemini access
GCP's equivalent of Bedrock/Azure AI. Access Gemini and other models, build ML pipelines, fine-tune, deploy. More engineering-heavy than Bedrock. Pairs with BigQuery for data AI workflows.
Strength: MLOps + data pipelines
Pairs with: BigQuery, Dataflow
Core Use CasesGoogle Workspace AI, BigQuery ML, training custom models, enterprise data science on GCP.
Hugging Face
Hugging Face (startup)
Layer 1 · Model Hub / Infrastructure
model hubopen-sourcefine-tuning800K+ models
The 'GitHub for AI models' — a repository of 800K+ open-source models, datasets, and spaces. Teams download model weights, fine-tune, and deploy via Inference Endpoints.
Models hosted: 800K+
Datasets: 200K+
Core Use CasesFinding and downloading open-source models, sharing fine-tuned models, running benchmarks, deploying via managed endpoints.
OpenRouter / LiteLLM
OpenRouter / BerriAI
Layer 1 · AI Gateway / Routing
multi-model APIcost routingunified interface
A unified API that lets you call any model (Claude, GPT, Gemini, Llama) through one interface, routing by cost, latency, or capability. LiteLLM is open-source. Gartner now has a formal 'AI Gateway' category.
Models: 200+ via single API
LiteLLM latency: ~3–4ms overhead
Core Use CasesCost optimization (route to cheapest model that meets quality bar), avoiding vendor lock-in, A/B testing models, multi-provider fallback.
LangChain / LlamaIndex
LangChain Inc / LlamaIndex
Layer 2 · Orchestration Framework
open-sourceRAGagent frameworkPython
Developer frameworks for building AI applications — not a model or product, it's plumbing. LangChain chains prompts, tools, and data sources. LlamaIndex connects LLMs to your documents/databases (RAG).
GitHub stars LangChain: 100K+
Use type: Developer tooling
Core Use CasesBuilding custom chatbots with your documents, multi-step AI agent workflows, connecting LLMs to databases (RAG), structured output pipelines.
Pinecone / Weaviate
Pinecone Systems / Weaviate B.V.
Layer 2 · Vector Database
vector DBsemantic searchRAG component
Databases for storing and searching AI embeddings — the 'memory layer' for RAG systems. LLMs need a place to store and retrieve your documents. Every serious RAG application needs one.
Also: pgvector, Milvus, Chroma
Use in: Every RAG pipeline
Core Use CasesPowers the 'search your documents' step of RAG. Used inside Snowflake Cortex Search, Informatica CLAIRE, and enterprise knowledge base chatbots.
MCP (Model Context Protocol)
Anthropic (open standard)
Layer 2 · Protocol / Standard
open standardtool connectivityagentic
A universal protocol (like USB for AI) allowing models to call external tools in a standardized way. Snowflake, Salesforce Agentforce, and hundreds of apps now expose MCP servers. Rapidly becoming the interoperability standard for agentic AI.
Adopters: Snowflake, Salesforce, Cursor
Direction: Industry standard 2025
Core Use CasesConnecting AI agents to databases and internal tools without custom integration. Snowflake MCP connects Claude to data warehouses; Salesforce uses it for Agentforce.
Cursor
Anysphere
Layer 3 · AI-Native IDE
IDEagenticmulti-filemodel-agnostic
An AI-native code editor (VS Code fork) where AI is baked in. 'Composer' mode handles multi-file edits autonomously. Can use Claude, GPT, or Gemini as the underlying model. Standout AI coding product of 2024–2025.
ARR: $500M+ (June 2025)
Valuation: $9.9B
Fortune 500: >50% use it
Price: $16–$40/mo
Core Use CasesDevelopers writing and refactoring entire features via natural language. Multi-file changes, test generation, PR drafting. Not for non-developer users.
Claude Code
Anthropic
Layer 3 · CLI / Agentic Coding Agent
terminal-nativeagentic200K context
A command-line AI coding agent. Reads your codebase, runs commands, edits files, and iterates — all from the terminal. Can operate autonomously on long tasks. Powers the MCP ecosystem for developers.
Context window: 200K tokens
Developer satisfaction: #1 (March 2026)
Pricing: Pay-per-use API
Core Use CasesLarge codebase refactoring, DevOps automation, complex multi-file rewrites. Best for terminal-native developers who need deep autonomous task execution.
GitHub Copilot
Microsoft / GitHub
Layer 3 · IDE Coding Assistant
IDE extensionenterprisemulti-IDEOpenAI Codex
The original AI coding assistant (2021). Works as an extension in VS Code, JetBrains, Vim, etc. Now also has agentic 'Workspace' mode for issue-to-PR workflows. Enterprise-grade compliance and IP indemnification.
Users: 20M all-time
Fortune 100: 90% use it
Enterprise share: 37–42% coding market
Price: $10–$39/user/mo
Core Use CasesInline code completion, chat in IDE, PR summaries, test generation. Best when deep GitHub integration matters with SOC2 compliance without changing editor stack.
Windsurf (formerly Codeium)
Codeium / acquired by OpenAI (May 2025)
Layer 3 · AI-Native IDE
IDEagenticfree tierArena Mode
Cursor's main competitor. 'Cascade' agent mode handles multi-step tasks and remembers project context across sessions. 'Arena Mode' uniquely runs two AI models in parallel for comparison. Acquired by OpenAI May 2025.
Price: Free tier; Pro $15/mo
Unique: Arena Mode — 2-model compare
Core Use CasesSame as Cursor — agentic multi-file coding — with persistent session memory. Good free-tier option for individuals.
Lovable / Bolt / v0 / Replit
Various startups
Layer 3 · AI App Builders
no-codefull-stack genvibe coding
'Describe and deploy' tools — type what you want and they generate a working app. Target non-developers and fast prototypers. Claude (Sonnet) powers most of them. A $1.9B sub-category created almost entirely in 2024–2025.
Category: Part of $1.9B coding ecosystem
Core Use CasesStartup MVP prototyping, internal tool building without engineers, landing pages, simple SaaS apps. Not for production enterprise software.
AI embedded inside Word, Excel, PowerPoint, Outlook, Teams — connected to your org's data via Microsoft Graph. NOT the same as GitHub Copilot. Summarizes meetings, drafts documents, analyzes spreadsheets. Uses GPT-4 under the hood.
Price: $30/user/mo add-on
Requires: M365 E3/E5 license
Connected to: SharePoint, Outlook, Teams
Core Use CasesMeeting summaries in Teams, email drafting in Outlook, slide decks from reports in PowerPoint, formula suggestions in Excel. Non-technical users.
Salesforce Agentforce / Einstein
Salesforce
Layer 4 · Embedded Enterprise AI
CRM AIautonomous agentsEinstein Trust Layer
AI baked into Salesforce — the world's largest CRM. Einstein started as predictive AI (lead scoring). Agentforce (2024–2025) adds autonomous agents that handle service cases, sales tasks, and workflows independently. Uses external LLMs via Einstein Trust Layer (data masking).
Productivity gain: 30% reported (Salesforce CTO)
Pending acquisition: Informatica for $8B
MCP: Connected via Snowflake MCP
Core Use CasesAuto-resolving customer service cases, AI-generated sales emails, next-best-action recommendations, autonomous meeting scheduling inside CRM.
Snowflake Cortex / Intelligence
Snowflake
Layer 4 · Embedded Data Platform AI
data platform AINL-to-SQLagenticMCP server
AI embedded in the data warehouse. Snowflake Intelligence = natural language questions answered against your Snowflake data. Cortex = AI functions (sentiment, summarize, classify) run IN the database. MCP Server connects external AI agents to Snowflake data securely.
Core Use Cases'How did West Coast revenue trend last quarter?' answered in natural language. AI-powered data governance, automated data quality, financial services analytics.
SAP Joule
SAP
Layer 4 · Embedded Enterprise AI
ERP AIbusiness processesS/4HANA
SAP's AI copilot embedded across SAP Business Technology Platform, S/4HANA, SuccessFactors. Handles 400+ AI/automation use cases (per SAP Signavio analysis). Joule Studio lets customers build custom agents.
Automation opportunities: 400+ identified by Signavio
Partners: Snowflake Cortex AI integration
Nvidia: NeMo + Joule Studio agents
Core Use CasesPurchase order management, invoice processing, HR queries, transportation management AI, supply chain optimization, financial close automation.
ServiceNow Now Assist
ServiceNow
Layer 4 · Embedded Enterprise AI
ITSM AIworkflow automationautonomous specialists
AI embedded in ServiceNow's IT Service Management, HR, and CRM platforms. 'Autonomous Workforce' agents (2025) resolve IT tickets, onboard employees, and handle change management without human triggers. Uses hybrid Apriel + Nvidia Nemotron models.
Use in: Fortune 500 IT/HR teams
AI approach: Hybrid (Apriel + Nemotron)
Core Use CasesAuto-resolving Level 1 IT tickets, employee onboarding, incident classification and routing, change advisory board automation.
Informatica CLAIRE
Informatica (pending $8B Salesforce acquisition)
Layer 4 · Embedded Data Management AI
data governance AIMDMETL AImulti-LLM
AI engine built into Informatica's Intelligent Data Management Cloud. CLAIRE Agents automate data cataloging, lineage, quality, and MDM tasks. Plugs into multiple LLMs (Gemini, Snowflake Cortex, Databricks Mosaic).
LLM agnostic: Gemini, Cortex, Mosaic
No-code: Snowflake Cortex RAG builder
Core Use CasesAutomated data catalog enrichment, data quality monitoring, master data deduplication, AI-powered data lineage, building RAG systems on governed enterprise data.
Rovo is Atlassian's AI platform embedded across Jira and Confluence — enterprise search, AI chat, and autonomous agents for project workflows. Working with Nvidia Agent Toolkit to build agentic strategy.
Scope: Jira, Confluence, Loom, Trello
Nvidia: Rovo agentic partnership
Core Use CasesSearch across all Atlassian tools, AI-written Jira tickets, sprint planning suggestions, automated issue triage, meeting-to-Jira workflow agents.
Figma AI
Figma
Layer 4 · Embedded Design AI
design tool AIUI generationprototyping
AI features embedded in Figma — generate UI from prompts, auto-rename layers, translate copy, AI-powered search. Not standalone — LLM capabilities (OpenAI) baked into the design workflow.
Users: 4M+ (Figma total)
AI model: OpenAI under the hood
Core Use Cases'Generate a mobile onboarding screen for a fintech app,' auto-fill dummy data, translate copy for localization, search component libraries semantically.
Airtable
Airtable — NOT Airbyte
Layer 4 · Embedded Enterprise AI
no-code databaseAI fieldsops teamsOpenAI embedded
A no-code relational database / project management tool — think spreadsheet meets database, popular with ops, marketing, and product teams. Embedded AI fields (OpenAI) auto-summarize records, classify entries, extract structured data. Frequently confused with Airbyte — completely unrelated.
AI model: OpenAI (embedded)
Users: 300K+ orgs
Price: Free–$45/user/mo; AI add-on
vs. Notion AI: More structured/database; Notion more docs
Core Use CasesAI field that auto-classifies support tickets by sentiment, extracts key info from contracts, generates email drafts from CRM record data. Popular with ops and marketing teams.
Workday AI
Workday
Layer 4 · Embedded HCM/Finance AI
HR AIfinance AIworkforce planning
AI embedded in Workday's HCM and Finance platform — workforce planning predictions, skills recommendations, anomaly detection in financial data, AI-drafted job descriptions. Connected to Snowflake MCP server.
MCP partner: Snowflake MCP server
Scope: HR + Finance platform AI
Core Use CasesPredicting attrition risk, skill gap analysis, automated financial anomaly alerts, AI-matched job candidates, budget variance explanations in natural language.
ChatGPT
OpenAI
Layer 5 · Consumer AI Product
consumer chatmultimodalpluginsGPT-4o
The consumer product built on GPT models. Most widely used AI interface. Free tier is GPT-4o-mini; Plus ($20/mo) is GPT-4o. Enterprise tier adds security and data controls. ChatGPT ≠ GPT-4 — it's the application, not the model.
Consumer market share: ~60% chatbot visits
Monthly active users: 300M+ (2025)
Price: Free / $20 / $30 enterprise
Core Use CasesWriting, research, code help, image generation (DALL-E), document analysis, voice conversation. The 'consumer entry point' that drives enterprise AI familiarity.
Claude.ai
Anthropic
Layer 5 · Consumer AI Product
consumer chatlong contextProjects
The consumer/enterprise product built on Claude models. 'Projects' feature maintains persistent context across conversations. Strong on writing, analysis, and coding. Claude.ai is the product; Claude Sonnet/Opus are the underlying models.
Price: Free / $20 Pro / $30 Team
Context: 200K tokens
Core Use CasesLong document analysis, complex writing, sustained project work, nuanced research, code review. Popular with knowledge workers and power users.
Perplexity
Perplexity AI
Layer 5 · AI-Native Search
AI searchcitationsreal-time web
An AI search engine that answers questions with cited sources from the live web. Uses multiple underlying models (GPT, Claude, Sonar). Positioned as a Google alternative for research queries. Valuation crossed $9B in 2025.
Valuation: $9B (2025)
Differentiator: Always-current, cited answers
Core Use CasesResearch with source citations, competitive intelligence, news synthesis, fact-checking. For current data where ChatGPT/Claude may be outdated.
Gemini (consumer)
Google
Layer 5 · Consumer AI Product
consumer chatGoogle integrationmultimodal
Google's consumer AI assistant — embedded in Android, integrated with Google Search, Gmail, and Google Workspace. Gemini (the app/product) is built on Gemini 2.5 (the model). Free tier + Advanced ($19.99/mo).
The original no-code automation platform. Added AI Workflows, AI Chatbots, and 'Zapier Agents' for autonomous multi-app task execution. 5.9M monthly visits. Best for breadth of integrations.
Integrations: 8,000+ apps
Monthly visits: 5.9M
Price: Freemium; ~$20/mo starter
Core Use CasesConnect Gmail→Salesforce→Slack. AI Copilot builds Zaps from natural language. Good for non-technical users needing app connectivity. Cost scales with volume.
n8n
n8n GmbH
Layer 6 · AI Workflow Automation
open-sourceself-hostableLangChain native70+ AI nodes
The technical team's automation platform. Open-source, self-hostable, native LangChain integration and 70+ AI nodes. n8n 2.0 (Jan 2026) added persistent agent memory, RAG, vector DB integrations, human-in-the-loop. 182K GitHub stars.
GitHub stars: 182.1K (Top 50)
Monthly visits: 15.22M combined
AI nodes: 70+
Core Use CasesComplex AI agent pipelines with data sovereignty, RAG-powered automation, multi-agent orchestration, connecting internal systems without cloud lock-in.
Make (formerly Integromat)
Make
Layer 6 · Workflow Automation
visual builder1,500+ appsMaia AI
Visual workflow automation (canvas-based scenarios). Between Zapier's simplicity and n8n's technical depth. 'Maia' AI assistant builds scenarios from natural language. Most competitive pricing at scale vs Zapier.
Monthly visits: 5.17M
Integrations: 1,500+
Advantage: Price vs Zapier at scale
Core Use CasesComplex multi-step workflows with data routing, error handling, conditional logic — with less coding than n8n. Good middle ground for non-developer but technical teams.
UiPath
UiPath
Layer 6 · RPA + AI Agents
RPAenterpriseAI agentsSnowflake MCP
Robotic Process Automation (RPA) + AI Agents. RPA = software robots that mimic human UI actions in legacy apps. Now layered with AI agents for judgment-requiring tasks. Connected to Snowflake MCP.
Market: Enterprise RPA leader
Integration: Snowflake MCP server partner
Core Use CasesAutomating legacy system interactions (ERP data entry, invoice extraction), document processing, compliance reporting, combining RPA bots with LLM decision-making.
Manus
Monica (Chinese startup)
Layer 6 · Autonomous AI Agent
autonomous agentmulti-stepresearch + execution
The breakout 'general AI agent' of 2025. Plans and executes complex multi-step tasks: research, data analysis, web browsing, code execution — orchestrated autonomously. 16.64M combined visits. First agent that 'actually works for non-trivial tasks.'
Monthly visits: 16.64M (breakout 2025)
Type: Fully autonomous agent
Core Use Cases'Research competitor pricing and compile a report,' 'analyze this dataset and produce a visualization.' Handles tasks requiring planning + execution + iteration without prompting each step.
Midjourney
Midjourney
Layer 7 · Creative / Image AI
image generationdiffusion modelcreative
Uses diffusion models (NOT LLMs) to generate images from text prompts. The aesthetic quality leader. V7 is the current version. Competes with DALL-E, Adobe Firefly, FLUX.
Model type: Diffusion (not LLM)
Best for: Aesthetic/artistic imagery
Price: $10–$60/mo
Core Use CasesMarketing imagery, concept visualization, brand mood boards, product mockups. Used by designers and marketers for high-quality visual content.
Adobe Firefly
Adobe
Layer 7 · Embedded Creative AI
image AICreative Cloud embeddedIP-safe
Adobe's generative AI embedded in Photoshop, Illustrator, Creative Cloud. Trained on licensed Adobe Stock — commercially 'IP-safe' unlike Midjourney. Generative Fill in Photoshop is the flagship feature.
Key feature: Generative Fill (Photoshop)
IP status: Commercially safe
Embedded in: Photoshop, Illustrator, Premiere
Core Use CasesRemove/replace image backgrounds, extend photos, auto-generate product backgrounds, video content AI edits in Premiere. Safe for commercial use by brands.
Notion AI
Notion
Layer 7 · Embedded Knowledge AI
knowledge managementwriting AIembedded
AI embedded in Notion's workspace. Summarize pages, generate docs, Q&A over your workspace content, auto-fill databases. Uses Anthropic + OpenAI under the hood. Different from M365 Copilot — workspace-scoped.
Price: $10/user/mo add-on
Best for: Startup/SMB knowledge teams
Core Use CasesMeeting notes → action items, Q&A over company wiki, project brief generation, database auto-fill. Lightweight M365 Copilot alternative for startups.
Glean
Glean
Layer 7 · Enterprise Knowledge AI
enterprise searchknowledge AIwork assistant
AI-powered enterprise search across all your company's tools (Slack, Confluence, Salesforce, Gmail, Drive, etc.). Answers 'Who knows about X?' or 'What did we decide about Y?' from your org's data. Connected to Snowflake MCP.
Integrations: 100+ enterprise apps
Valuation: $4.6B (2024)
MCP: Snowflake MCP partner
Core Use CasesCross-tool enterprise search, onboarding new employees, competitive intel retrieval, reducing time lost hunting for information across disparate SaaS tools.
LLM-powered content generation platforms with enterprise brand control. Writer integrates with Google Docs, Figma, Salesforce. Jasper focuses on marketing copy. Both enforce style guides and audit trails — unlike generic ChatGPT.
Writer integrations: Google Docs, Figma, Salesforce
Governance: Audit logs, PII redaction
Core Use CasesMarketing teams generating on-brand content at scale, sales proposal writing with guardrails, knowledge base article generation with brand voice enforcement.
Runway / Suno / Kling
Runway ML / Suno / Kuaishou
Layer 7 · Generative Media AI
video AImusic AIdiffusion/generative
Non-LLM generative AI for video and audio. Runway generates video from text/image prompts. Suno generates music from text. Kling ($6.99/mo) is cost-effective video alternative. Not language models — separate AI architectures.
Suno users: 50M+ (lead music AI)
Runway: $12/mo
Sora (OpenAI): $200/mo
Core Use CasesMarketing video content, social media clips, music for content creators, AI film/TV pre-viz, ad creative generation at scale.
Scale Comparison — Putting the Numbers in Context
Annual Electricity Demand — Comparisons
US data centers (2025)
183 TWh
Manhattan annual use
~12 TWh
Meta Louisiana campus (planned)
5 GW peak
Entire city of New Orleans
~1.7 GW
Abilene TX Stargate campus
1.2 GW
Typical hyperscale DC
100 MW = 100K homes
Stargate — OpenAI's $500B Infrastructure Project
Stargate — Abilene, Texas (Flagship)
OpenAI + Oracle + Crusoe · Online Sept 2025
First and flagship Stargate campus. 10 buildings under construction on 800 acres. 6,400 construction workers on site. NVIDIA GB200 racks delivered June 2025. First two buildings operational, remainder targeting mid-2026. JPMorgan Chase provided $2.3B project finance loan (May 2025).
Planned Capacity
1.2 GW
Area
800 acres
GPUs
450K+ GB200
Status
Operational (partial)
Oracle Cloud InfraNVIDIA Blackwellliquid + air cooling
A ~1.4 GW hyperscale campus being developed by Vantage and Oracle. Part of the Oracle/Stargate partnership that exceeds $300B over five years. Likely the largest single-site AI campus when complete.
SoftBank's flagship Stargate contribution. Targets 1.5 GW operational within 18 months of groundbreaking — which would make it one of the largest single AI campuses in the world. SoftBank's "advanced data center design" concept being deployed here first.
New Mexico site and a Wisconsin Midwest site (Oracle + Vantage partnership, announced Oct 2025). Combined with Abilene, Shackelford, and Lordstown: total pipeline near 7 GW. International sites include UAE (opening 2026), Argentina, UK, Norway, South Korea in development.
Largest single-year AI infrastructure commitment by any company. Azure powers M365 Copilot, OpenAI (via partnership), and enterprise AI workloads. Significant expansion in Northern Virginia, Phoenix AZ, and internationally (UK, EU, Asia). Microsoft's CapEx intensity has reached 45% of revenue — "historically unthinkable."
FY2025 CapEx
$80B
AI share
~75%
Key regions
VA, AZ, UK, EU
CapEx intensity
45% of revenue
Azure AI infrastructureOpenAI partnershipnuclear + renewable
Meta — Louisiana "Hyperion" Campus
Meta · $65–72B 2025 CapEx; Louisiana = 5 GW
Meta's Louisiana campus (Project Hyperion) is described as covering an area roughly the size of Manhattan when complete and requiring at least 5 GW to run — three times the electricity of all of New Orleans. Will initially house over 1.3 million NVIDIA H100-equivalent GPUs to support Llama model training and Meta AI services. Meta doubled its AI infrastructure spend in 2025 vs 2024.
In August 2025, Google committed $9B to expand in Virginia (Chesterfield County, Loudoun, Prince William Counties). Also a $9B campus in Stillwater, Oklahoma and a $600M expansion in The Dalles, Oregon. Google's unique approach: TPU-based architecture for AI efficiency, plus "key to low-carbon power initiatives." Google links campus expansion to securing low-carbon megawatts.
2025 CapEx
~$85B
Virginia commitment
$9B (Aug 2025)
Oklahoma campus
$9B / Stillwater
Architecture
TPU-based AI
TPU v5 / Trilliumlow-carbon strategyGemini training
Amazon Web Services · On pace to exceed $100B CapEx 2025
AWS is on pace to exceed $100B in CapEx in 2025, driven by AI data center buildouts. Major clusters in Northern Virginia (us-east-1 — the world's largest cloud region), Ohio, Oregon, and global. AWS reported $28.8B in Q4 2024 revenue (+19% YoY). Uses custom AI chips (Trainium for training, Inferentia for inference) alongside Nvidia.
2025 CapEx
>$100B
Q4 2024 revenue
$28.8B (+19%)
Custom silicon
Trainium + Inferentia
Largest region
N. Virginia (us-east-1)
Bedrock AIus-east-1custom AI silicon
Northern Virginia — Data Center Capital
Multiple operators · Loudoun + Prince William + Chesterfield Counties
The world's densest concentration of data centers — about 300 facilities in just a handful of counties. Data centers consumed 26% of Virginia's electricity supply in 2023. Loudoun County alone expects ~$900M in data center property tax revenues in FY2025 — nearly as much as its entire operating budget. Virginia offers a statewide sales/use tax incentive worth $130M+ annually to data centers.
Facilities
~300 in VA cluster
Loudoun tax revenue
~$900M/yr
VA power share
26% of state electricity
Loudoun sq ft
27M+ sq ft
Ashburn VA hubglobal internet exchangegrowing local opposition
Multiple operators · Migration from East Coast opposition
As East Coast communities resist data center development, rural Western communities and red states with fewer permitting hurdles are actively courting providers. Arizona: data centers use 7.4% of state power; SRP utility has 42 data center projects totaling 10,255 MW in its pipeline. Texas: Stargate's home state. Problem: these states are drought-prone, raising water concerns as facilities need cooling.
Arizona DC power share
7.4% of state
Oregon DC power share
11.4% of state
SRP AZ pipeline
42 projects / 10 GW
Water risk
Drought-prone regions
fewer zoning hurdlesdrought + water riskStargate Texas
Residential electricity prices jumped 7.1% in 2025 — more than double the inflation rate — and topped 20% in some states. Data centers are a significant driver. A typical hyperscale data center uses 100 MW — as much electricity as 100,000 households. Grid upgrade costs are typically shared by all ratepayers in a service area, while tax revenues benefit only the host community. Yale Clean Energy Forum estimates data centers could take 12% of total US power consumption by 2028 — more than all steel, aluminum, and other high-intensity manufacturing combined.
Data centers in Texas alone will use 49 billion gallons of water in 2025, growing to 399 billion gallons by 2030 — equivalent to drawing down Lake Mead (the US's largest reservoir) by 16+ feet in a single year. Water is used primarily for evaporative cooling; much evaporates rather than being discharged as treatable wastewater. MSCI data shows 1 in 4 existing data centers globally may face increased water scarcity days by 2050. A city in Oregon fought a months-long legal battle in 2022 to avoid disclosing how much water a Google data center used, claiming it was a "trade secret." Cooling typically accounts for 20–40% of a data center's total energy use.
Between March and June 2025, community opposition led to $98 billion in data center projects being blocked or delayed. At least 25 projects were canceled in 2025 in response to local objections. Notable cases: Google pulled a $1B data center in Indianapolis after months of opposition (room "erupted in cheers"). Amazon faces at least a one-year delay in Fauquier County, VA due to court order from 3 lawsuits by Citizens for Fauquier County. A proposal to turn an abandoned mall into a data center in Maryland sparked 20,000 petition signatures. In 2026, lawmakers in 30+ states introduced 300+ bills on data center issues including moratoriums. A coalition of 230 environmental organizations called for a national moratorium on new data centers.
Hyperscalers responded to backlash with record solar procurement. Google ties campus expansion to securing low-carbon power supply ("secure megawatts, then build"). Microsoft is investing in nuclear reactivation (Three Mile Island). New data centers are being built with closed-loop liquid cooling systems that can recycle water for years, significantly reducing consumption. However: 40% of US data center energy came from natural gas in 2024. 70% of power lines are more than 25 years old — the grid needs updating before renewable promises can be delivered. Multiple companies signed a White House-sponsored pledge to limit effect on residential electric bills.
Loudoun County, Virginia expects ~$900M in data center property tax revenues in FY2025 — nearly its entire operating budget. Stargate Abilene campus employed 6,400 construction workers with 25,000 onsite jobs projected across new sites. Tax incentives are a major driver: Virginia offers $130M+ in annual sales/use tax savings. Some communities receive "payment in lieu of taxes" (PILOT) arrangements where companies decide how much they offer. Critics argue data centers bring few permanent local jobs relative to their footprint, energy demands, and tax incentives received. "People are starting to be really, really aware that these projects tend to be very extractive and bring very little to local communities" — Kasia Tarczynska, Good Jobs First.
Lawrence Berkeley National Laboratory (2024): Data center energy use tripled over past decade, projected to double/triple again by 2028. IEA (April 2025): Base-case projects global data center electricity to ~1,200 TWh by 2035. BloombergNEF: Power demand from data centers will hit 106 GW by 2035. Bloom Energy (Jan 2026): US data centers' energy demand nearly doubles from 80 to 150 GW between 2025 and 2028. MSCI GeoSpatial: ~14,000 data center assets mapped globally; 1 in 4 may face more water scarcity days by 2050. Houston Advanced Research Center + Univ. of Houston: Texas data centers will use 399B gallons water annually by 2030. IoT Analytics: Global data center infrastructure spending to surpass $1 trillion annually by 2030.
Power Usage Effectiveness 1.0 = perfect efficiency; hyperscalers target <1.2
60%
CapEx on tech/hardware (servers, GPUs, networking)
25%
CapEx on power generation and cooling systems
120 kW
Power per rack (NVIDIA NVL72) vs. traditional 10–20 kW/rack
20–40%
Of total DC energy used for cooling systems
40%
US DC energy from natural gas (2024)
The 3-Layer Governance Model
How AI Governance Layers Relate — From Principles to Law
🔴 Regulations (Top)Legally binding laws with real penalties. EU AI Act (€35M max fine), NYC LL 144, Colorado SB 205. If you operate in these jurisdictions, compliance is mandatory.
🔵 Frameworks & Standards (Middle)Voluntary but increasingly cited in law. NIST AI RMF (free, US baseline). ISO/IEC 42001 (certifiable, like ISO 27001 for AI). NIST crosswalks map between them so you don't duplicate work.
🟢 Principles (Base)Non-binding global consensus (OECD adopted by G20, UNESCO by 194 nations). These define what AI governance should achieve — fairness, transparency, accountability. They feed everything above.
🎓 Certifications (Side)Train practitioners to operationalize the middle layer. AIGP (IAPP) = governance generalist. AAIA (ISACA) = AI auditor. AICP (EXIN) = EU AI Act compliance. ~4,000 AIGP holders worldwide — massive supply gap.
💡 The crosswalk shortcut: NIST has published official mappings between the EU AI Act ↔ ISO/IEC 42001 ↔ NIST AI RMF. If you implement ISO 42001, you've already covered most of the EU AI Act's high-risk requirements. You don't need to start from scratch for each framework.
1,200+
AI regulations & policy initiatives worldwide (OECD)
~4,000
Certified AIGP holders globally — massive supply gap
$182K
Avg. salary for AI governance professionals (IAPP 2025)
56%
Wage premium for employees with AI skills (PwC 2025)
85%
Digital trust professionals who say they need AI upskilling (ISACA)
€35M
Max EU AI Act fine or 7% of global revenue
EU AI Act — Enforcement Timeline
Aug 2024
EU AI Act enters into forceThe law is live. 24-month clock to full enforcement begins.
Feb 2025
Prohibited practices effectiveBans on social scoring, real-time biometric surveillance in public, subliminal manipulation AI. Also: AI literacy requirements for staff using AI systems.
Aug 2025
GPAI model obligations liveProviders of General-Purpose AI models (Claude, GPT, Gemini) must comply with transparency + copyright rules. High-capability models face systemic risk obligations. EU AI Office begins oversight.
Aug 2026
Full enforcement begins — High-risk AICredit scoring, hiring AI, education access, critical infrastructure AI must be fully compliant. Fines up to €35M or 7% global revenue.
Aug 2027
Annex II — Product-embedded AIExtended transition for AI embedded in regulated products (medical devices, vehicles, machinery).
The world's first comprehensive AI law. Risk-tiered: Unacceptable risk (banned) → High risk (strict requirements) → Limited risk (transparency) → Minimal risk (no obligations). Applies to ANY org deploying AI to EU users — not just EU companies.
EnforcerEU AI Office + national market surveillance authorities
High risk ex.Credit scoring, hiring AI, education access, biometric systems
Max fine€35M or 7% global revenue
US relevanceAny org with EU users is in scope — including US companies
US Federal AI Policy
United States · Decentralized — no single national AI law
Regulation · Policy
voluntary frameworkagency-ledFTCexecutive orders
No single AI law. Instead: executive orders, agency guidance (FTC, FDA, SEC, CFPB), and NIST AI RMF as the de facto voluntary baseline. State laws are filling the gap rapidly.
Key agenciesFTC, DOJ, FDA, SEC, CFPB — all issuing AI guidance
State laws9+ states with AI statutes: CO, CT, TX, IL, NY, TN and more
NYC LL 144Bias audits REQUIRED for AI hiring tools — in effect now
GDPR + DSA/DGA (EU Data Laws)
European Union · Existing law applied to AI
Regulation · Data Law
personal dataAI training dataautomated decisions
GDPR predates the AI Act but applies directly to AI. Key issues: using personal data to train models (lawful basis required), automated decision-making rights (Article 22), data subject rights vs. model training.
GDPR Art. 22Right to not be subject to solely automated decisions
Training dataUsing EU personal data to train LLMs is legally complex
China AI Regulations
PRC · Multiple regulations 2022–2025
Regulation · Law
algorithm regulationgenerative AI rulesdeep synthesis
China has moved faster than the US on specific AI rules. Three major regulations: Algorithm Recommendation (2022), Deep Synthesis/Deepfakes (2022), and Generative AI Services (2023). Content must align with "core socialist values."
DeepfakesConsent required to generate synthetic media of real people
ISO/IEC JTC 1 SC 42 — AI Standards Committee
ISO + IEC · International standards body
Standards Body
ISO 42001ISO 23894certifiableinternational
The ISO/IEC joint subcommittee producing all major AI standards. Key output: ISO/IEC 42001:2023 — the first internationally certifiable AI management system standard (like ISO 27001 is for infosec).
ISO 42001AI Management System — certifiable. "The ISO 27001 for AI."
ISO 23894AI Risk Management guidance (non-certifiable)
ISO 42005AI system impact assessment
EU AI Act linkCEN/CENELEC tasked with harmonizing ISO stds to EU AI Act
NIST — AI Standards & AI RMF
US National Institute of Standards and Technology
Standards Body · Framework Owner
US de facto baselinevoluntaryGOVERN-MAP-MEASURE-MANAGEfree
NIST's AI RMF is the de facto US AI governance standard — voluntary but referenced in federal procurement and executive orders. GenAI Profile (NIST-AI-600-1, July 2024) extends it specifically to LLMs. Published crosswalks to EU AI Act and ISO 42001.
4 functionsGovern → Map → Measure → Manage
GenAI ProfileNIST-AI-600-1 (July 2024) — specific to LLM/GenAI risks
CostFree to use (public)
IEEE Standards Association
Institute of Electrical and Electronics Engineers
Standards Body
IEEE 7000-2021ethical designengineering standards
IEEE 7000-2021 is the standard for ethical system design during the development process — embedding human values at the engineering level. Different from ISO 42001 (organizational governance) — IEEE is about how you build the system itself.
IEEE 7000Ethical consideration in system design — applies to engineers/developers
LayerProduct-level (vs. ISO 42001's org-level management)
OECD AI Principles
OECD · Adopted 2019, updated 2024 · G20 adopted
Intergovernmental Body
non-bindingG20 adoptedfoundational principles42 countries
The foundational international AI values consensus — adopted by G20 and 42+ nations. Five principles: Inclusive growth, Human rights & democratic values, Transparency, Robustness & security, Accountability. Influenced both EU AI Act and NIST AI RMF.
StatusNon-binding but globally adopted — the "values layer"
1,200+ lawsOECD tracks 1,200+ AI regulations globally referencing these
UNESCO Recommendation on AI Ethics
UNESCO · 2021 · 194 member states
UN Body
non-bindinghuman rightsGlobal South focussustainability
Endorsed by all 194 UNESCO member states — the broadest international AI ethics consensus. Principles: Do No Harm, safety, fairness, privacy, sustainability, transparency, human oversight, accountability. Unique focus on inclusion of Global South and marginalized communities.
Unique focusSustainability, cultural diversity, Global South inclusion
StatusHighest UN soft-law consensus on AI
NIST AI Risk Management Framework
NIST · Version 1.0, Jan 2023 · GenAI Profile July 2024
Framework
voluntaryUS de factofreelifecycle-based
Four functions applied throughout the AI lifecycle. Not certifiable (unlike ISO 42001) but widely used for self-assessment, federal procurement, and building internal governance programs. GenAI Profile specifically addresses LLM risks.
GenAI risksHallucinations, data poisoning, IP, harmful bias, CBRN
ISO/IEC 42001 — AI Management System
ISO/IEC · Published Dec 2023 · Certifiable
Framework · Certifiable
certifiableauditableorg-widebuilds on ISO 27001
The ISO 27001 of AI — an internationally certifiable management system for responsible AI. Requires leadership commitment, risk assessment, documented controls, internal audit, and continual improvement. An org can hire an accredited auditor and get formally certified.
CertifierAccredited auditors under ISO/IEC 42006:2025
Pairs withISO 27001 (security), ISO 29100 (privacy), NIST AI RMF
EU AI ActExpected primary harmonized compliance path for high-risk AI
AIGP — AI Governance Professional
IAPP · Launched April 2024 · Gold standard credential
Certification ⭐ Gold Standard
no prereqs100 questions3 hours20 CPE/2yr
The leading AI governance credential. Only ~4,000 holders globally — massive supply gap vs. demand. Covers four domains: AI foundations, applicable laws/frameworks, governing AI development, governing AI deployment. Not technical — governance, risk, compliance, ethics focus.
Exam100 questions, 3 hours, Pearson VUE (in-person or remote)
Cost$799 non-member / $649 IAPP member
Avg salary$151,800–$182,000 median (IAPP 2025)
PrereqsNone (open entry — pass the exam)
CoversEU AI Act, NIST AI RMF, ISO 42001, OECD, AI lifecycle
AAIA — Advanced in AI Audit
ISACA · Launched 2025
Certification · Audit Track
requires CISA/CIA/CPAaudit-focusedAI systems audit
ISACA's AI audit credential — for experienced IT auditors who need to evaluate AI systems, assess AI governance controls, and apply AI tools within the audit function. Requires existing audit credential.
PrereqActive CISA, CIA, CPA, ACCA, or equivalent required
FocusAuditing AI systems — evidence, controls, lifecycle risks
ISACA survey85% of auditors say they need AI upskilling within 2 years
AAISM — Advanced in AI Security Management
ISACA · Launched 2025 · Security track
Certification · Security Track
requires CISM or equivalentAI securityrisk management
ISACA's AI security management credential — the CISM equivalent for AI. Focuses on securing AI systems, managing AI-specific threats (adversarial attacks, data poisoning, model theft), integrating AI security into enterprise programs.
PrereqActive CISM, CISSP, or similar security management credential
WhoCISOs, security managers, AI security leads
EXIN AICP — AI Compliance Professional
EXIN · EU AI Act focus · Operational compliance
Certification · Compliance Track
EU AI Act focusISO 42001practical templatesaffordable
EXIN's AI compliance credential — "first to turn complex AI regulations into practical action." Strong EU AI Act and ISO 42001 focus. Comes with ready-to-use compliance templates. Part of EXIN's path to "AI Compliance Officer" designation.
PathInfoSec Foundation + Privacy Foundation + AICP = AI Compliance Officer
Fast trackCISM, CISSP, ISO 27001, or CIPM holders can skip prerequisites
ISO/IEC 42001 Lead Implementer / Lead Auditor
PECB and accredited certification bodies
Certification · Implementation Track
ISO 42001 specificimplementationauditingPECB
Credential for practitioners who implement or audit ISO/IEC 42001 AI management systems. Lead Implementer = help an org build the system. Lead Auditor = certify that an org's system meets the standard. Auditors must be certified under ISO/IEC 42006:2025.
Lead ImplementerBuild the ISO 42001 management system inside an organization
Lead AuditorFormally certify organizations against the standard
Credo AI
AI Governance, Risk & Compliance (GRC) platform
Governance Tool · Software
AI GRC platformEU AI ActISO 42001model cards
Software platform that automates AI governance, risk, and compliance. Tracks AI systems, maps controls to frameworks (EU AI Act, NIST, ISO 42001), generates model cards, runs bias assessments, and produces audit evidence. The GRC tool for AI.
Use caseAutomate compliance evidence for EU AI Act, ISO 42001, NIST audits
RecognitionWEF Technology Pioneer, Fast Company Most Innovative AI 2024
Model Cards / AI Datasheets
Industry practice · Google, Hugging Face, Anthropic, IBM
Governance Practice
transparencybias documentationintended use
Standardized documentation for AI models — covering intended use, limitations, evaluation results, fairness metrics, and known risks. Now expected by EU AI Act for high-risk systems and increasingly required in enterprise AI procurement.
Required byEU AI Act (technical documentation for high-risk AI)
PracticeHugging Face has 100K+ model cards; Anthropic publishes Claude's
AI Impact Assessments (AIIA)
Required by EU AI Act, Colorado SB 205, NYC Local Law 144
Governance Practice
mandatory in high-riskfairnessbias testing
Structured assessments conducted before deploying high-risk AI — evaluating potential harms, bias, fairness, and rights impacts. Modeled on Data Protection Impact Assessments (DPIAs) under GDPR. Required by law in multiple jurisdictions.
EU AI ActMandatory for high-risk AI — must document risks before deployment
NYC LL 144Annual bias audit by independent party required for hiring AI in NYC
Framework Crosswalk
NIST has published official crosswalks between these frameworks. Mapping one often substantially covers another.
Framework
Jurisdiction
Binding?
Certifiable?
Covers GenAI?
Best for
NIST crosswalk
EU AI Act
EU + global reach
✓ Law
Via harmonized stds
✓ GPAI chapter
Any org with EU users
✓
NIST AI RMF
US (de facto global)
Voluntary
Not certifiable
✓ GenAI Profile
US federal procurement
—
ISO/IEC 42001
International
Voluntary
✓ Yes
Partially
Regulated industries, EU compliance
✓
OECD AI Principles
42+ nations / G20
Non-binding
No
Partially
Policy development, values foundation
✓
IEEE 7000
International
Voluntary
No
Partially
Engineers / product teams
Partial
UNESCO Ethics Rec.
194 UN member states
Non-binding
No
Partially
Global policy, human rights
No
The 8 Universal AI Ethics Principles
These appear consistently across OECD, UNESCO, EU AI Act, NIST, and IEEE — the "what" behind all the "how."
⚖️
Fairness & Non-Discrimination
AI must not perpetuate or amplify bias. Decisions must be equitable across demographic groups.
OECD · UNESCO · EU AI Act · NIST · IEEE 7000
🔍
Transparency & Explainability
Users must know when interacting with AI. Decisions must be explainable at appropriate levels.
OECD · EU AI Act Art.13 · NIST AI RMF · G7
🔒
Privacy & Data Governance
AI systems must respect data protection rights, including how training data is collected and used.
GDPR · UNESCO · OECD · NIST · ISO 29100
🛡️
Safety & Robustness
AI must perform reliably under normal and adversarial conditions. Failures should be contained.
EU AI Act · NIST AI RMF · G7 · ISO 42001
👤
Human Oversight & Control
Humans must be able to monitor, intervene, and override AI systems in high-stakes decisions.
EU AI Act Art.14 · NIST · UNESCO · IEEE 7000
📋
Accountability
Clear responsibility for AI outcomes must be assigned to developers, deployers, and users.
OECD · UNESCO · EU AI Act · G7 · NIST Govern
🌍
Sustainability & Societal Impact
AI's environmental footprint and broad societal effects must be considered and managed.
UNESCO · ISO 14001 · EU Green Deal context
🌐
Inclusivity & Access
AI benefits should be broadly accessible. Marginalized communities must not be excluded.
UNESCO · OECD · G20 framework
Career Paths in AI Governance
AI Governance Lead / CAIO
Build and run the org's AI governance program. ~$182K avg. salary. Most in-demand new role.
1
Privacy, compliance, or risk background (CIPP, CIPM, GRC)
2
IAPP AIGP certification (no prereqs — open entry)
3
ISO/IEC 42001 Lead Implementer
4
Build internal AI inventory + risk framework
5
Title: Chief AI Officer, Head of Responsible AI
AI Risk Manager
Operationalize risk controls for AI systems, especially in finance and healthcare.