Problem Statement
Frontier models (i.e. those developed by OpenAI, Anthropic, and Google) have crossed a key threshold. These are advanced artificial intelligence systems capable of integrating fragmented enterprise data from both structured sources (such as databases and spreadsheets) and unstructured sources (such as email, Slack messages, text communications, images, and video). The latest models can interpret user intent across many data types and systems, detect semantic (meaning-based) and causal (cause-and-effect) relationships, and identify loopholes in software, processes, and policies.
This creates a new risk surface. Both external and internal bad actors can use frontier models to exploit business-process gaps, software weaknesses, and compliance ambiguities, chaining actions into impermissible outcomes and generating convincing justifications. Capabilities and the pace of progress are rapidly increasing.
Traditional systems depend on static rules, predefined workflows, and limited context. Operating on partial information and fixed assumptions, they are structurally weaker.
Core Thesis
The only system capable of managing frontier-model-level risk is a frontier-model-driven control system. That requirement applies across three functions:
- System improvement
- data quality
- semantic structure
- causal models
- policy interpretation
- System Operation
- workflow orchestration
- performance monitoring
- exception handling and escalation
- System Compliance
- transaction decisions
- compliance enforcement
- anomaly detection
- risk management
There is no feasible route using weaker current-day systems.
Role of Frontier Models in Enterprise Systems
1. Building the semantic and causal layer
Frontier models, in collaboration with senior business and systems leaders, must unify fragmented enterprise data, create semantic representations (structured outlines showing entities and their meanings and relationships), infer causal structures (models of cause-and-effect relations) across processes, map policy (organizational rules or intentions) to actual behavior, and translate informal knowledge and company-specific terminology (tribal knowledge and organizational jargon) into system knowledge.
This is not a one-time task, but a perpetual co-development process between humans and frontier models.
2. Managing live operations
Frontier models must also operate in real time (making decisions or recommendations as events occur) to evaluate transactions, interpret intent (understand what users mean), assess compliance (verify rule adherence), assign probabilities and risk (estimate likelihoods and dangers), and recommend or carry out actions.
They become the enterprise’s primary decision engine.
The Governance Challenge
A single frontier-model system creates a structural problem if the same system that decides actions also explains those actions and evaluates compliance (checks whether actions meet rules and regulations). This creates self-rationalization risk (the system justifies its own decisions), weak independent challenge (limited external critique), and audit ambiguity over time (uncertain ability to objectively review actions).
At the same time, traditional rule systems are too weak, and human-only oversight is unable to keep pace with the speed of change or scale to the volume of decisions.
Architectural Options
Option 1 — Single Frontier Model (Not Sufficient)
- One model interprets policy, makes decisions, and explains those decisions. The limitations are structural: the system is self-referential, cannot be meaningfully audited independently, and is vulnerable to drift and blind spots.
Option 2 — Frontier Model + Rules Layer (Legacy Approach)
- The frontier model proposes (suggests actions), and the rules decide (final decision-making based on fixed criteria). The limitations are that rules lack context (cannot account for wider meanings), cannot handle ambiguity (can lead toward confusion or uncertainty), and fail under hostile pressure (deliberate attempts to exploit weaknesses).
Option 3 — Dual Frontier Model Design (Proposed)
- Frontier Model A is the operational decision engine. It evaluates full corporate context and optimizes for performance, customer outcomes, and efficiency. Its decision flow produces a recommended action, supporting reasoning, and probability estimates.
- Frontier Model B is the compliance and risk engine. It independently evaluates Frontier Model A’s decisions, underlying data, and policy conformity, and optimizes for compliance, risk containment, and regulatory defensibility. It reviews the same inputs as Frontier Model A, plus Model A’s reasoning. Outcomes resolve into one of three states: 1) agreement to execute; 2) disagreement requiring delay or escalation; or 3) in high-risk cases, a block with mandatory human involvement. In state 3, ideally the model learns from the reasoning traces of the human and applies identical logic for future resolutions.
Role of Senior Leadership
Senior business and systems leaders are central. They define policy intent, set risk thresholds, guide model behavior, review edge cases, and consistently refine the system. This is governance as active co-management of an intelligent system versus passive oversight.
Supporting System Role (Narrowed)
Supporting systems do not replace model judgment. They bind identity and authority, enforce process requirements, capture immutable audit records, and ensure decisions are traceable. They provide institutional stability, not intelligence.
Research Agenda
Going forward, we propose the following topics for future research. As always we welcome feedback from the community on the priorities you’d like to see us research.
1. Model-Driven Compliance Systems
- How frontier models interpret and apply policy
- Measuring decision quality against traditional systems
2. Dual-Model Governance
- effectiveness of independent model evaluation
- optimal disagreement thresholds
- escalation strategies
3. Semantic and Causal Enterprise Models
- building unified representations of enterprise activity
- continuous learning from operations
4. Adversarial Risk and Loophole Discovery
- How models identify system weaknesses
- Defensive use of models to preempt attacks
5. Human–Model Co-Governance
- operating models for senior leadership
- decision review processes
- accountability frameworks
Action Item
Technology executives and compliance professionals should assume that frontier models will outpace current control environments. If your governance framework still depends on static rules, point-in-time reviews, or single-model oversight, it is already behind the risk curve. The immediate priority is to redesign compliance and control systems for a world in which AI capability evolves faster than traditional policy enforcement can respond. That means moving now to a multi-model, human-directed governance architecture that can continuously adapt, challenge model behavior, and enforce accountability across the enterprise. The future control plane cannot be passive or only rules based. It must be intelligent, adaptive, and explicitly built to withstand both external threats and internal misuse.
Leading frontier models will redefine both capability and risk. Against frontier-model-level capability, today’s compliance systems are outmatched and require urgent attention from business technology executives.
Watch a related conversation with Jon Oltsik at RSAC 2026:
