Enterprise architect designing an AI-powered workflow while evaluating governance, security, and risk controls using the AI Necessity Test framework for responsible enterprise AI adoption.
|

Stop AI-ing the Shit Out of Everything: The AI Necessity Test for Enterprise AI Governance

ByJaime Velez Updated on

AI Governance Lessons From The Martian

A few years ago, Matt Damon’s character Mark Watney found himself stranded alone on Mars in The Martian.

Faced with impossible problems and dwindling resources, he famously declared:

“I’m going to have to science the shit out of this.”

It was a great line because it captured the spirit of engineering. Observe the problem. Understand the constraints. Apply the right tools. Solve it.

Somewhere along the way, the technology industry adopted a different slogan:

“We’re going to AI the shit out of this.”

Enterprise architect designing an AI-powered workflow while evaluating governance, security, and risk controls using the AI Necessity Test framework for responsible enterprise AI adoption.

Need an approval workflow? AI.

Need a notification email? AI.

Need to remind Karen in accounting that her monthly report is overdue? Apparently we need an autonomous agent with reasoning capabilities, memory, and a token budget for that too.

Don’t get me wrong. I am bullish on AI. I build with it every day, and later in this piece I’ll show you exactly where it earns its keep.

But somewhere between excitement and implementation, many organizations are skipping a critical question:

Do we need AI for this at all?

That question sits at the heart of what I call the AI Necessity Test, a simple framework that I believe belongs at the foundation of AI Governance.

Before we worry about model drift, prompt injection, hallucinations, or autonomous behavior, we should first determine whether AI belongs in the solution in the first place.

The Forgotten Architecture Question

One of the most important lessons from my nearly three decades in enterprise technology is that good architecture is often boring. The best solution is rarely the most exciting one. It is the simplest one that reliably solves the problem.

Architects used to start with the business problem. What are we trying to accomplish? What constraints exist? What level of reliability is required? Only then would they select technologies.

Today, many organizations have reversed the process. They start with the technology. They start with AI. Then they search for a problem that justifies it.

The result is predictable. Solutions become more complex than necessary. Security risks increase. Maintenance burdens grow. And often, the business receives little additional value.

This is where AI Governance should begin. Not after the agent has been selected.

Before.

The Paper Clip Problem

Imagine someone hands you a stack of papers and asks you to keep them together.

One option is a paper clip.

Another option is a robotic arm equipped with computer vision, natural language processing, autonomous reasoning, and a cloud-hosted orchestration platform.

Both technically solve the problem. Only one is appropriate.

Yet this is exactly what I see happening in enterprise technology. Organizations are introducing AI into processes that have no need for intelligence. Not because AI provides value. Because AI is available.

Just because something can be AI-powered doesn’t mean it should be. That distinction matters, especially for the people responsible for AI Governance.

A Conversation I Keep Hearing

I have developed something of a reputation within my team as the “AI Agents guy.” Fair enough. I have built and implemented several agents for them.

In a recent team meeting, we were discussing a process bottleneck we keep running into. We were brainstorming solutions when someone said, half-joking: “Hey Jaime… can’t you create an agent to solve this problem?”

I paused, turned my video camera on, and asked one question. What decision does the agent have to make?

Silence.

Then the honest answer: none.

The problem was not a decision to be made. The challenge was getting someone to take action and update a couple of systems. The owner is known. 

We replaced the proposed agent with a straightforward Power Automate flow that creates a task, an alert, and most importantly, an audit trail.

A no-code solution. Zero model risk. Zero security review for autonomous behavior. Zero chance of a hallucinated reminder going to the wrong executive.

That conversation was AI Governance in action. It just happened before anything was built.

Deterministic vs. Probabilistic Solutions

What I just described is a textbook case for a deterministic solution.

A deterministic system follows fixed rules. The same input produces the same output, every single time. A workflow. A script. A business rule. It is transparent, predictable, and easy to audit. You can trace exactly why it did what it did.

A probabilistic system works differently. It deals in likelihoods, not certainties. It uses statistical inference to handle ambiguity, incomplete information, and changing conditions. It gives you a confidence score instead of a guaranteed answer.

This is the family AI belongs to. Every large language model, every agent, every classifier is probabilistic at its core.

Neither approach is better. They are built for different problems.

Data teams have wrestled with this exact tradeoff for years, and RudderStack has a solid technical breakdown if you want to go deeper.

But here is the part that matters most in regulated industries like mine.

Deterministic systems are explainable and reproducible by design.

Probabilistic systems need extra work to reach the same level of accountability: documentation, monitoring, confidence thresholds, human review.

That is why the question in my team meeting mattered. We were about to point a probabilistic tool at a deterministic problem.

Deterministic Problems Don’t Need Artificial Judgment

Once you see this distinction, you notice deterministic processes everywhere.

Consider employee onboarding. Create an account. Assign licenses. Add security groups. Notify the manager. Schedule orientation. There is no ambiguity, no creativity, no judgment. The process should behave identically every single time.

Introducing an AI agent into that workflow means introducing uncertainty into a process whose entire purpose is consistency. That tradeoff is unfavorable, and it comes with a hidden bill.

Every AI implementation carries overhead: security reviews, access controls, model monitoring, data protection requirements, auditability concerns, human oversight. These activities are important. They should exist. But they consume real resources.

If a workflow engine, script, or business rule can solve the problem reliably, adding AI increases operational burden without delivering meaningful value. This is why AI Governance cannot only focus on controlling AI. It must also help organizations decide when AI should not be used.

The AI Necessity Test

Before introducing AI into any business process, ask four questions. Treat them as the first gate in your AI Governance process.

Enterprise solution architect using the AI Necessity Test to evaluate AI governance, risk management, and responsible AI adoption before implementing AI agents in business processes.

1. Is Judgment Required?

This question is about the process itself. Does someone, or something, have to interpret, evaluate, or decide? Or is the process simply executing predefined rules? If the answer is rules, traditional automation is probably sufficient.

2. Is Ambiguity Present?

This question is about the outcome. Are there multiple acceptable results, or is there one correct answer every time? AI excels where ambiguity exists. It provides little value when the outcome is already defined.

3. Is Adaptation Necessary?

Does the process need to adjust to changing circumstances, or should it remain stable and predictable? Adaptability is one of AI’s strengths. Predictability is one of traditional automation’s strengths.

4. Does AI Create More Risk Than Value?

This may be the most important question of all. If AI increases complexity, governance burden, operational risk, or compliance obligations without delivering proportional value, it is not the right solution.

The goal is not to eliminate AI. The goal is to use it intentionally.

Where AI Actually Shines

This is not an anti-AI argument. Far from it. Some of the most valuable systems I have evaluated involve AI, and the difference is always the same: they solve problems that actually benefit from intelligence.

Consider a cybersecurity analyst investigating a potential phishing incident. They review multiple indicators, correlate evidence, interpret context, assess risk, and recommend next actions. There is ambiguity. There is judgment. There are multiple possible outcomes.

AI can provide enormous value there. The same is true for threat analysis, vendor risk assessments, policy interpretation, research, and decision support. These are areas where reasoning matters and AI genuinely augments human capability.

The distinction is simple.

Use AI where intelligence creates value. Use deterministic systems where consistency creates value.

Governance Starts Earlier Than Most People Think

Many organizations treat governance as something that happens after implementation. The solution is selected, the architecture is approved, the vendor is chosen, and then governance enters the conversation.

That is too late.

Good AI Governance begins with architectural decisions. What problem are we solving? Is AI necessary? What level of autonomy is appropriate? What risks are introduced? What controls are required?

These questions should be answered before the first prompt is written. Before the first agent is deployed. Before the first model touches enterprise data.

When organizations skip these conversations, they end up governing complexity they never needed to create.

Human at the Helm

I often write about keeping the human at the helm. This doesn’t mean rejecting technology or fearing AI. It means exercising judgment.

The future will absolutely include AI agents, autonomous systems, and intelligent assistants capable of remarkable things. But not every business process requires intelligence. Not every workflow requires reasoning.

Sometimes the smartest decision is deploying an AI agent. Sometimes it is deploying a workflow. Sometimes it is a script. And sometimes the smartest decision is deploying nothing at all.

The organizations that succeed in the age of AI will not be the ones that put AI into everything. They will be the ones that understand precisely where AI belongs and where it doesn’t.

Because before we talk about models, prompts, agents, or autonomy, we should first ask a much simpler question:

Do we need AI for this?

That may be the most important question in AI Governance.

And it may be the one too few organizations are asking.

At the end of The Martian, Watney explains how he survived. No magic. No moonshot.

“You solve one problem, and you solve the next one, and then the next.

That is engineering. That is architecture. That is the discipline our industry needs to recover.

So let’s stop AI-ing the shit out of everything. Let’s be adults, start with the business problem, and put value first.

And when the problem truly demands intelligence?

Then, by all means, AI the shit out of it.

Jaime Velez has spent 25+ years in enterprise technology and works in security architecture and AI governance inside a regulated enterprise, where he leads security reviews across hundreds of applications and helps teams strengthen their security posture. He is a U.S. Army veteran, holds a PMP certification, and is pursuing the CISSP. He writes at jaimevelez.net about keeping a human at the helm of AI, leading with judgment instead of hype, and building work that serves people rather than exhausts them.

The views here are my own and do not represent any employer.

Similar Posts