What compliance can learn from a 95 percent AI pilot failure rate

A recent Harvard Business Review article reviewed an MIT Media Lab/Project NANDA report, which delivered a wake-up call for every corporate function rushing to “go AI.” (NANDA is short for Networked AI Agents in Decentralized Architecture). The study found that 95 percent of enterprise generative AI pilots are failing, not because the technology does not work, but because organizations aren’t using it effectively.

Let that sink in. Nearly all the companies racing to deploy generative AI are stuck at the starting line, producing no measurable business value. Yet amid this grim statistic lies a goldmine of insight for compliance leaders. Just as compliance once had to operationalize Foreign Corrupt Practices Act (FCPA) controls, General Data Protection Regulation (GDPR) mandates, and Environmental, Social and Governance (ESG) reporting frameworks, AI presents a new kind of challenge. This one requires the same mix of governance, culture, and process discipline that defines successful compliance programs. This is why compliance needs a seat at the table when corporations make AI decisions.

Lesson 1: The problem Is not the model, it’s the integration

MIT’s researchers found that most AI pilots fail not due to weak models but due to what they call a “learning gap.” In plain English, this means the tools do not learn from the organization, and the organization does not learn from the tools.

For compliance professionals, this probably sounds familiar. A policy or reporting hotline means nothing without an embedded process that learns from outcomes and adapts to changing realities. The best compliance programs create continuous feedback loops between training and misconduct data, between risk assessments and third-party performance. The same principle applies to AI. Success depends on embedding the technology within actual workflows. A compliance officer would never drop a new due diligence tool into procurement without mapping the risk and process flow first. AI requires the same rigor.

Lesson 2: Follow the money – and the misallocation

MIT’s data revealed that over half of enterprise AI budgets go to sales and marketing use cases. Yet the biggest return on investment (ROI) came from back-office automation, which is precisely where compliance operates.

That misalignment mirrors what happens when compliance budgets chase “shiny objects” rather than systemic needs. The companies gaining traction with AI are using it to automate repetitive documentation, streamline third-party oversight, and improve audit readiness. In other words, they are investing in process integrity. This same foundation that drives effective compliance operations. For compliance teams, this finding suggests that AI’s greatest promise, at this point, lies not in glitzy analytics dashboards. Instead, its power should be applied to quietly eliminating inefficiency, error, and bias in control environments.

Lesson 3: Culture still eats code for breakfast

In an interview with Workday, lead report author Aditya Challapally noted that some startups led by 19- and 20-year-olds achieved overnight success because they focused on “one pain point, executed well, and partnered smartly.”

That mindset is exactly what compliance culture tries to instill: Clarity, accountability, and collaboration. The generative AI divide is not technological; it is both cultural and generational. The organizations that thrive with AI do so because they encourage experimentation, learn fast, and adjust governance in real time. In compliance terms, this means cultivating a speak-up/listen-up culture around AI. Employees should feel empowered to raise ethical concerns about how models are trained, what data they use, and how outputs are applied. Without that openness, companies risk turning “responsible AI” into just another slogan.

Lesson 4: Governance Is the great divider

If the compliance profession has taught us anything, it is that governance, and not glamour, determines sustainability. The 5% of companies succeeding with AI all share one trait: governance that is clear, practical, and adaptable. Compliance professionals are uniquely equipped to lead here. We already understand how to operationalize principles into procedures, translate ethics into controls, and link policies to accountability. AI governance is simply the next evolution of that craft.

Lesson 5: The compliance opportunity in the GenAI divide

MIT’s “GenAI Divide” is a cautionary tale, but it also provides both an invitation and, more importantly, an opportunity. Compliance officers can play a central role in closing this divide—by ensuring that the adoption of generative AI aligns with ethical frameworks, data governance standards, and internal control systems.

Imagine a compliance-driven AI governance model:

• Risk-based deployment: Classify AI projects by impact, sensitivity, and data type
• Human oversight: Establish review protocols for automated decisions.
• Continuous monitoring: Use AI to audit AI, identifying drift, bias, and misuse in real time.
• Transparency and accountability: Document training data sources and decision logic for every model in use.

These are compliance fundamentals repurposed for a new technological landscape.

Conclusion

Challapally also said in his Workday interview, “Some large companies’ pilots and younger startups are really excelling with generative AI. Startups led by 19- or 20-year-olds, for example, have seen revenues jump from zero to $20 million in a year.” 

This shows there is real potential in generative AI. Yet when 95 percent of AI pilots fail, the easy answer is to blame the tech. The harder and truer answer is that governance and culture failed first.

Generative AI will not transform compliance overnight, but it will transform how compliance operates. The profession that turned ethics into enterprise systems is now poised to turn AI from an experiment into a sustainable, auditable business asset. The compliance officer’s role has never been more critical. As we move deeper into the GenAI era, success will depend less on algorithms, and more on the same timeless ingredients that built our field: Clear processes, ethical leadership, and relentless accountability.

AI does not just need engineers, it needs compliance. And compliance needs a seat at the table.