The most dangerous week in an AI rollout is the week after the first workflow starts working. The demo went well months ago; now the production numbers are real. Invoice triage that took a clerk four hours a day takes forty minutes of review. Someone puts it in a board deck. And within days, the CEO or the deal team asks the only question boards know how to ask about something that works: "Great. What's next?"
The honest answer is usually "nothing yet," and almost nobody says it. We have watched mid-market companies - several of them PE-backed, where the value-creation clock is loud - launch a second and third AI workflow while the first was still shedding edge cases weekly. Six months later they had three workflows at 70% reliability instead of one at 99% and one in flight. Three workflows at 70% is not 210% of value. It is a credibility problem that sets the whole program back a year, because operators stop trusting outputs they have to double-check.
This post is the framework we use to answer "what's next" properly: seven stability gates the current workflow must pass, and a value/risk/readiness backlog for choosing what comes after.
Why the pressure to expand shows up early - especially in PE
The expansion pressure is structural, not irrational. Morgan Stanley's 2026 private equity outlook describes a market where operational value creation has replaced multiple expansion as the primary return driver, and AI adoption inside portfolio companies is one of the few levers that moves EBITDA inside a hold period. EY's 2026 private equity trends makes the same point from the operating-partner side: firms are moving from AI experimentation to portfolio-wide deployment expectations, with progress reported up to the investment committee.
That reporting cadence is the problem. A quarterly value-creation review rewards "we launched two more workflows" over "we spent the quarter hardening one." The first is a slide; the second sounds like an excuse. Legal and governance teams are starting to push the other way - Akin Gump's 2026 perspectives on AI in private equity notes that sponsors are now expected to show diligence-grade evidence of AI oversight at the portfolio level, not just adoption counts - but on the ground, the incentive still tilts toward launching.
So you need a defensible, legible reason to say "not yet." That is what stability gates are: not a delay tactic, but a checklist an operating partner can read in ninety seconds and agree with.
The seven stability gates
A workflow is ready to stop consuming your best people's attention when all seven of these pass. Not five of seven. All seven, because each one covers a distinct failure mode, and the failure modes do not substitute for each other.
| Gate | The question | Evidence that it passed |
|---|---|---|
| 1. Outcome baseline improved | Did the business metric actually move? | Cycle time, cost per case, or error rate beat the pre-AI baseline, measured over weeks, not cherry-picked days |
| 2. Exception rate understood | Do you know why it fails, not just how often? | Exceptions are categorized into named buckets with owners; no bucket is labeled "other/unknown" above ~10% |
| 3. Eval suite stable | Would you notice a regression before customers do? | Automated evals run on every change; pass rate flat or rising for 3+ weeks |
| 4. Reviewers trained | Can humans catch what the system misses? | Reviewers hit agreed accuracy on seeded test cases; override rate is stable and explainable |
| 5. Audit logs clean | Can you reconstruct any decision? | Every action traceable to inputs, model version, and approver; zero unexplained entries in the last month |
| 6. Writeback reliable | Does it update source systems without babysitting? | Writes to CRM/ERP/helpdesk succeed with known, handled failure modes; no manual reconciliation ritual |
| 7. Owner satisfied | Does the process owner defend it unprompted? | The owner - not the AI team - reports the metric and would object if you turned it off |
A few of these deserve unpacking, because teams routinely think they have passed when they have not.
Gate 2 is about categories, not counts. An exception rate of 8% sounds fine until you learn nobody knows what is in it. "Understood" means every exception falls into a named bucket - malformed vendor PDFs, missing PO numbers, currency mismatches - with a decision per bucket: automate the fix, route to a human, or accept and monitor. A 12% exception rate that is fully categorized is more stable than a 5% rate that is a mystery, because categorized exceptions do not surprise you at 2x volume.
Gate 3 is where most teams are weakest. Hamel Husain's writing on evals makes the case bluntly: without an evaluation suite built from your own failure modes, you cannot distinguish "the workflow is stable" from "nobody has looked closely lately." Generic quality metrics do not count. The eval suite should be built from the exceptions in Gate 2, and "stable" means the pass rate has stopped moving when you are not changing anything.
Gate 7 is the one people skip because it is not technical. If the AI team is still the group presenting the workflow's numbers, the workflow has not transferred. Ownership has transferred when the AP manager quotes the cycle-time number in her own staff meeting and complains when the system is down. Until then, you are running a hosted pilot, however good the metrics look.
There is a useful analogy in Google's SRE error-budget model: a service earns the right to ship new features by staying within its reliability budget, and a service that burns its budget freezes feature work until it recovers. Treat your AI portfolio the same way. A workflow that keeps burning attention has not earned you the right to start the next one.
The counter-intuitive part: your next workflow is probably not a new workflow
Here is what surprises most executives when we run the backlog exercise: the highest-ROI "next workflow" is usually an extension of the current one, not a new deployment in a new department.
Once invoice triage is stable, the adjacent moves - matching invoices to POs automatically, drafting the vendor exception email, pre-populating the approval packet - share the same data sources, the same reviewers, the same audit infrastructure, and the same trained owner. Gates 4, 5, 6, and 7 are already passed by inheritance. A brand-new workflow in, say, customer support starts all seven gates from zero: new integrations, new reviewers to train, new owner to win over.
The market data backs the pattern. Houlihan Lokey's Q1 2026 report on AI in vertical software finds the durable value accruing to AI that is embedded deep in a specific operational context rather than spread thin across many. The same logic holds inside a single company: depth in one process chain compounds, breadth across departments fragments.
The practical rule: for every new-workflow candidate on your backlog, add the "deepen the current one" candidate next to it and score both. Deepening wins more often than anyone expects, and it should - it is the only option where most of the risk is already retired.
Building the next-workflow backlog: value, risk, readiness
When you do scope something new, score every candidate on three axes. Two of them are obvious. The third is the one that actually decides.
Value. Hours saved per week, error cost avoided, or revenue affected. Be suspicious of any estimate that was not produced by watching the process happen. McKinsey's 2025 State of AI survey found that most organizations using generative AI still could not attribute enterprise-level EBIT impact to it - which is less an indictment of AI than of workflow selection done from an org chart instead of from the floor.
Risk. What does one bad output cost, and who sees it? A workflow that drafts internal summaries can fail cheaply and privately. A workflow that emails customers or posts journal entries fails expensively and publicly. High-risk candidates are not disqualified, but they demand approval gates that lower throughput, which cuts into the value score.
Readiness. The tie-breaker and the disqualifier. Is the data clean enough? Do APIs exist for the systems involved, or is the "integration" a shared inbox? Is there a process owner with bandwidth to do reviews for eight weeks? A high-value, low-readiness candidate is not a project; it is a data-cleanup project wearing a trench coat, and it should be scoped as one.
Score each axis 1-5 and lay the candidates out:
| Candidate | Value | Risk | Readiness | Verdict |
|---|---|---|---|---|
| Extend invoice triage to PO matching | 4 | 2 | 5 | Do next |
| Support reply drafting | 5 | 3 | 4 | Do after |
| Contract clause extraction | 4 | 4 | 2 | Fix data first, revisit in Q4 |
| Sales pipeline hygiene | 3 | 2 | 3 | Backlog |
Notice what the table does politically. Contract extraction was probably the CEO's favorite. The table does not say no; it says "readiness is a 2, here is the specific data work that raises it to a 4, and here is what we ship in the meantime." That is a conversation an operating partner can have with a board. "We don't feel ready" is not.
One more budgeting rule that saves arguments later: assume the newly stable workflow still needs 10-20% of one person's time for edge-case review and drift monitoring, indefinitely. If your plan for workflow two assumes workflow one needs zero attention, your plan is wrong on day one. And if workflow one still needs more than 20%, it did not pass the gates - go back.
Running the cadence: gate review, then scope, then repeat
The operating rhythm that makes this stick is boring, which is the point:
- Monthly gate review. Thirty minutes. Walk the seven gates for every production workflow. Each gate is pass or fail with evidence, no yellow. Failed gates get an owner and a date.
- Scoping trigger. The next-workflow scoping effort starts only when the current workflow passes all seven. Scoping means process observation, data inspection, and owner interviews - two to three weeks, not a slide.
- Backlog refresh. Quarterly, re-score the backlog. Readiness scores change as systems get cleaned up; risk scores change as your review infrastructure matures and can absorb riskier work.
- Kill criteria. A workflow that fails the same gate three reviews in a row gets escalated: fix it with dedicated effort, descope it to a smaller footprint, or turn it off. Zombie workflows that "mostly work" are the most expensive thing in the portfolio, because they consume review attention forever and anchor everyone's expectations at mediocre.
For PE-backed companies, this cadence has a second payoff: it generates exactly the oversight artifacts - eval results, audit logs, gate-review minutes - that increasingly show up in exit diligence. A buyer's diligence team asking "how do you know your AI works" gets a folder, not a shrug.
How OpenNash Can Help
OpenNash builds production AI workflows for mid-market and PE-backed companies, and the gate discipline above is how we run our own engagements: one workflow at a time, instrumented from day one so the gates are measurable rather than argued about. Our audit phase produces the value/risk/readiness backlog before any build starts, so the expansion roadmap exists on paper before workflow one ships. Design includes the eval suite, reviewer training plan, and audit logging as deliverables, not afterthoughts - which means the gates have evidence behind them by the time you review them. And because clients own everything we hand off, the monthly gate review is something your team runs, not something you rent.
If you have one workflow live and a board asking what's next, that is exactly the moment this framework earns its keep. Book a call with OpenNash and we will walk your current workflow through the seven gates and pressure-test your backlog in a working session.
The next workflow will still be there in six weeks. The credibility you burn by expanding on top of an unstable one will not come back nearly as fast.