Module 06 · Strategic

AI in Business

⏱ 60 minutes
🔴 Strategic
📚 6 sections + final quiz

From gadget to business use

Using ChatGPT to draft an email is fine. Industrialising AI across 12 business processes with 3,000 users without breaking GDPR compliance is another matter entirely.

This final module covers what you need to deploy safely: the structural risks, the governance best practices, the methodology, and what autonomous agents are about to change.

⚖️
The golden rule

AI does not replace expertise. It amplifies it under supervision. The more autonomous the system, the stronger the guardrails must be. Not the other way around.

The 4 main risks

1. 🌫 Hallucinations

You now know the mechanism (see Module 1): the AI must produce a next word, so it fills the probable space, even when it doesn't know. It's structural, not a bug.

Real cases: a US lawyer filed a brief with 6 fake legal precedents invented by ChatGPT. A bank published a report with bogus figures. The examples keep multiplying.

2. ⚖️ Bias

A model is a mirror of its training data. If the data is biased (overrepresentation of a gender, ethnicity, culture), the model reproduces and amplifies those biases.

Concrete cases: image generation of "CEO" returns 90 % white men. CV screening models that statistically penalise female profiles. Marketing recommendations that exclude segments.

3. 🔐 Privacy & GDPR

When you paste a CV into public ChatGPT, that data ends up at OpenAI and (depending on terms) can be used to retrain the model. For confidential client data, that's illegal under GDPR.

Additional risk: copyright. Models have been trained on protected content. The legal implications are being written in courts as we speak.

4. 📦 The "black box"

Unlike traditional software (where every decision is traceable), an AI model is inherently opaque. We don't know exactly why it produced a given answer. Hard to audit, hard to debug, hard to explain to a regulator.

⚠️
What this implies

None of these risks is a deal-breaker. But they require a governance posture from day one of deployment, not afterwards.

Governance & best practices

1. Acculturation at every level

This is exactly what you're doing by following this programme. A company that deploys AI without training both leaders AND operational teams is heading for failure. Training isn't a cost, it's the first ROI.

2. Secure infrastructure

Rather than the public versions (ChatGPT.com, claude.ai...), deploy LLMs via sovereign environments:

  • Azure OpenAI Service: GPT-5.1 hosted on your Azure tenant, data in EU, no retraining.
  • AWS Bedrock: Claude, Llama, Mistral on your AWS tenant.
  • Mistral on-premise: deployment on your own infrastructure, maximum sovereignty.
  • Google Vertex AI: Gemini in a controlled environment.

3. Human-in-the-loop (HITL)

For any critical process (HR decision, client quote, official communication), the AI proposes, the human decides. Not the other way around. This is the filter that catches hallucinations and bias.

4. Observability & monitoring

You can't steer what you don't measure. Put in place:

  • Logs of prompts sent (anonymised if needed).
  • Continuous quality evaluation (human-reviewed samples).
  • Latency, cost-per-request and error-rate metrics.
  • Drift detection (quality dropping, hallucinations rising).

Dedicated tools are emerging: Qwairy, Langfuse, Helicone, Weights & Biases.

5. Clear usage policy

A corporate AI policy must answer in black and white:

  • Which tools are allowed / forbidden?
  • What data can be pasted into which interface?
  • Who can deploy an AI on a business workflow?
  • What level of human validation depending on the risk?

The 80/20 method

🎯
The rule that saves AI projects

"AI for everything" doesn't work. Target automation of 80 % of repetitive tasks, but keep human expertise for the 20 % that delivers the value (control, creativity, strategy, decision).

80 / 20
the golden rule
80 % · automatable by AI
Repetitive, structuring, high-volume tasks: summaries, first drafts, data structuring, asset generation, ticket triage…
20 % · reserved for humans
Strategic decision, final QC, pure creativity, exception handling, human relationships with key accounts.
AI amplifies productivity. It does not replace judgement.

The hybrid process in practice

  1. Mapping. List repetitive tasks per team. What repeats, can be measured.
  2. Prioritisation. Pick 2-3 high-volume, low-criticality use cases to start (email summaries, first CV review, social media visuals).
  3. POC. Implement over 2 weeks with 5 pilot users. Measure real time saved and perceived quality.
  4. Decision. Compute the ROI honestly. Deploy or abandon.
  5. Industrialisation. Progressive rollout with training, governance, monitoring.
  6. Continuous iteration. A use case is never "done". Models evolve, needs evolve.

Three classic traps to avoid

  • The "showcase" project. Stunning POC demo, but unusable in production (volume, integrations, security not tested).
  • The "Swiss army knife" project. A single "super-tool" trying to do everything. Guaranteed failure. Multiply specialised AI modules instead.
  • The "no-human" project. AI runs autonomously on client decisions without human validation. Guaranteed crash on the first notable hallucination.

The age of autonomous agents

Until now, we've mostly talked about chatbots and generation. The next step, already underway, is the AI agent.

What is an AI agent, concretely?

An agent doesn't just respond. It acts. It has reasoning capabilities and access to the company's tools (APIs, CRM, ERP, email, calendars).

Concretely, an agent can:

📧
Reads email
Detects intent
🗂
Reads CRM
Client history
🧮
Computes
Pricing rules
✍️
Drafts
Branded proposal
👤
Approves (human)
Decision guardrail
An agent chains actions and reasoning across your tools, but a human keeps the final say on high-stakes decisions.

Emerging use cases

Multi-agent inventory
Dynamic stock management and automatic reordering
Fraud detection
Continuous analysis of financial transactions
Schedule optimisation
Hospital schedules, operating theatres
Automated HR sourcing
Profile search and re-qualification
Conversational accessibility
Forms filled by dialogue, voice navigation
🚀
Design for agents too

When websites are massively crawled by AI agents (not just humans), you'll need to design interfaces and APIs for machines as well. It's the GEO theme from Module 5, at another level.

Roadmap to get started tomorrow morning

If you're a manager or decision-maker at Mantu, here's what you can put in motion this week:

  1. Quick mapping. Have 3 teams list their 5 most repetitive tasks. You'll have 15 POC candidates in 30 minutes.
  2. Minimum usage policy. A 1-page memo: allowed tools, forbidden data, point of contact in case of doubt. You cut 80 % of leak risk.
  3. Secure sandbox. Have an Azure OpenAI or equivalent opened. Your teams can experiment without GDPR risk.
  4. One reference POC. Pick the most visible/useful use case. Implement in 3 weeks. Communicate the results internally.
  5. Collective acculturation. Share this programme. One trained team is worth 10 deployed tools.

It's pragmatic, it's progressive, and it's what separates the organisations that succeed in their AI transition from the ones that burn out on hype.

🎯

Final quiz · Module 6

5 questions · 60 % to validate · Last step before your certificate!

1. Why are hallucinations considered structural?
Hallucinations are inherent to the probabilistic operation of LLMs. They must produce a next token, so they fill the probable space even without real knowledge. That's why guardrails (RAG, human validation) are essential, not optional.
2. To use an LLM on sensitive client data, what infrastructure should you favour?
For sensitive data, never use public versions. Favour a managed deployment on your own cloud tenant (Azure OpenAI, AWS Bedrock, Vertex AI) or on-premise (Mistral). Data stays with you, in EU, and isn't used to retrain public models.
3. What does the "80/20 rule" applied to AI in business say?
The 80/20 rule: aim to automate 80 % of repetitive tasks but absolutely keep human expertise for the 20 % of high-value work, quality control, pure creativity, strategic decision. That's what separates a successful project from a "showcase" one.
4. An "AI agent" differs from a chatbot because it…
An AI agent acts on the company's tools: it can read your CRM, write to a calendar, trigger a Make workflow, send an email, not just answer in a chat. It's the next big step in AI industrialisation.
5. What's the right governance posture to start?
The right posture: a clear frame (usage policy), a safe experimentation space (sandbox), targeted POCs (low criticality, high volume), and human control over important decisions. Neither sterile prohibition nor anarchy. Nor a single "big bang".