BolgiaTen Blog

Over the past decade I have written extensively about the rise of Software‑as‑a‑Service (SaaS) and how it reshaped the structure of the digital economy. In several earlier blogs I explored what I described as the “vulnerability of SaaS” in the emerging world of Agentic AI.

At the time, some readers interpreted that argument as a criticism of SaaS itself.

That was never the intention. SaaS was one of the most powerful technology and commercial innovations of the last twenty years. But every technology wave eventually becomes infrastructure for the next one. What we are now witnessing is precisely that transition.

The shift underway is not simply about better software. It is about the emergence of digital workers – autonomous, AI‑driven agents capable of performing tasks, coordinating processes, and increasingly making operational decisions. In other words, we are moving from software that people use to systems where software itself does the work.

This is the real meaning of Agentic AI. And if that trajectory continues – which the evidence increasingly suggests it will – the dominant commercial model will evolve from Software‑as‑a‑Service to something far more profound: Digital Workers‑as‑a‑Service.

The End of the Software Interface Era

To understand why this matters, we need to step back and look at how enterprise technology has evolved. For decades, enterprise software was designed around the assumption that a human user would sit at the centre of every process. Software provided the tools, dashboards, and workflows, while humans executed the tasks. SaaS refined that model brilliantly. Instead of installing complex enterprise systems, organisations subscribed to cloud platforms that were continuously updated, scalable, and relatively easy to integrate.

• Salesforce transformed customer relationship management. 
• Workday modernised HR systems. 
• ServiceNow digitised enterprise workflows.

But in every case the operating model remained the same: people used software. Agentic AI disrupts that assumption.

In an agentic system, the software no longer waits for instructions.  It observes data, interprets goals, and executes actions autonomously.  Human involvement shifts from execution to supervision. The implication is profound: the primary “user” of enterprise systems may increasingly be another piece of software. When that happens, the entire design logic of SaaS begins to change.

From Applications to Digital Labour

What makes this moment particularly interesting is that we are already seeing early evidence of the transition. In China, logistics giants such as Alibaba and JD.com have deployed AI systems that autonomously optimise supply chain routing across thousands of delivery points in real time. The system continuously adjusts warehouse allocation, delivery routes, and inventory positioning without human intervention.

In the financial sector, JPMorgan’s COiN platform analyses complex legal contracts using machine learning, performing in seconds tasks that previously required thousands of hours of manual legal work.

Meanwhile, in Europe, telecommunications operators are increasingly deploying AI agents to manage network optimisation. Rather than engineers manually monitoring network performance, autonomous systems detect anomalies, predict congestion, and automatically adjust network parameters.

Even in customer operations the shift is visible.

Swedish fintech company Klarna recently reported that its AI assistant now performs work equivalent to hundreds of customer service agents, handling millions of conversations with customers across multiple markets.

These examples are not isolated experiments.

They represent early manifestations of a new organisational capability: digital labour. Lowering the Barrier to Adoption. Despite the promise, however, the deployment of agentic systems remains uneven. Research across global enterprises consistently shows that while organisations are experimenting heavily with AI, relatively few have managed to scale autonomous agents across their operations. The reasons are not difficult to understand. Building agentic systems requires a combination of capabilities that many organisations simply do not possess: data infrastructure, orchestration frameworks, governance models, and the ability to continuously train and monitor AI systems. This is precisely where a new commercial model begins to emerge. Instead of building digital workers internally, organisations can increasingly subscribe to them. In the same way that SaaS allowed businesses to consume software without managing infrastructure, Digital Workers‑as‑a‑Service allows organisations to deploy autonomous agents without building the underlying AI architecture themselves.

The analogy with cloud computing is striking. Few companies today build their own data centres. Instead they rely on cloud providers such as Amazon Web Services, Microsoft Azure, or Google Cloud. The same dynamic is beginning to appear with agentic AI.

Specialist providers are developing domain‑specific digital workers that can be deployed across industries: compliance agents, procurement agents, supply chain optimisation agents, and financial reconciliation agents. For smaller organisations in particular, this model dramatically lowers the barrier to entry. A mid‑sized manufacturer, for example, may never build an advanced AI operations platform internally.  But subscribing to a digital supply chain agent that continuously optimises production schedules is entirely feasible.

New Business Models Emerge

This is where the real strategic opportunity lies. In previous technology waves, the companies that dominated were those that recognised how to translate technical capability into scalable commercial models. Google and Amazon emerged from the early internet economy. Salesforce and ServiceNow defined the SaaS era. Agentic AI will produce its own generation of platform leaders. But the opportunity is not limited to technology companies. One of the most interesting possibilities is that organisations will begin to package their own operational expertise as digital workers. Consider a global logistics firm that has spent decades refining supply chain optimisation algorithms. Instead of simply using those capabilities internally, the company could offer autonomous logistics agents to other businesses as a service.

A legal consultancy could deploy AI agents trained on its regulatory expertise to act as automated compliance advisors for smaller companies. A cybersecurity firm could provide continuous AI‑driven threat monitoring agents that operate across thousands of client networks simultaneously. In each case, the company is no longer selling software. It is selling operational capability. That distinction matters enormously.

Governance and Trust

Of course, the rise of digital workers also introduces new governance challenges. In earlier writing I have argued that AI governance must evolve beyond traditional IT risk management.  When organisations deploy autonomous agents capable of executing decisions, oversight frameworks must address transparency, accountability, and human supervision. Encouragingly, regulators and international organisations are already moving in this direction. The European Union’s AI Act establishes risk classifications for AI systems and mandates governance controls for high‑impact deployments. Similarly, the OECD and various industry bodies have developed frameworks for responsible AI deployment that emphasise auditability, human oversight, and ethical safeguards.

In practice, organisations adopting digital workers will need new internal capabilities: AI supervision roles, model validation processes, and operational guardrails. Digital workers may perform tasks, but accountability will always remain human.

Why Leaders Should Pay Attention Now

One of the most consistent lessons in technology history is that early signals of structural change are often underestimated. Cloud computing initially appeared to be simply a more convenient way of delivering software. In reality it reshaped the economics of the entire technology sector. Agentic AI may prove to be an equally transformative shift.

When digital workers become widely deployable through service models, the cost structure of organisations begins to change.  Routine operational tasks can be automated at scale, allowing human employees to focus on creativity, strategy, and complex decision‑making. Importantly, this does not imply the disappearance of human work.  Rather, it signals the emergence of hybrid organisations where human and digital workers collaborate.

In many ways, the future enterprise may resemble a mixed workforce composed of people and autonomous systems working together. For business leaders, the strategic question is not whether this shift will occur. It is how quickly.

Organisations that begin experimenting with agentic systems today will develop the operational knowledge needed to manage digital workforces tomorrow. Those that delay may find themselves competing against companies whose operational efficiency has been radically transformed by autonomous systems.

Conclusion

When I wrote about the vulnerability of SaaS in the age of Agentic AI, the argument was not that SaaS would disappear. Far from it. SaaS will remain a critical foundation of enterprise technology. But its role is changing. Instead of being the destination, SaaS increasingly becomes the infrastructure layer upon which autonomous digital workers operate. We are witnessing the emergence of a new organisational paradigm: the digital workforce. And just as cloud computing democratised access to computing power, Digital Workers‑as‑a‑Service may democratise access to advanced AI capability. If that happens, the next decade of business innovation will not simply be driven by better software. It will be driven by autonomous systems that work alongside us, augmenting human capability and reshaping how organisations operate. The companies that recognise this shift early will not just adopt new technology. They will redesign how work itself is done!

Why AI will make great consulting more valuable, not less — and why Bolgiaten’s AI Maturity Assessment is becoming an essential boardroom tool.

The old consulting pyramid was built on leverage. The next generation of consulting will be built on judgment, governance, enterprise design, and the human leadership needed to turn AI from a tool into a transformation.

For decades, the consulting business was built on a familiar structure: a broad base of junior analysts and associates feeding insight upward to a narrow band of partners and senior advisers. That model rewarded scale. Firms could deploy teams of smart graduates to gather data, build decks, perform benchmarking, document processes, and power the analysis behind recommendations. It was efficient, profitable, and deeply entrenched.

Artificial intelligence is now breaking that structure apart.

The market has been quick to notice the obvious part of the story: work once assigned to junior consultants can increasingly be completed faster, cheaper, and often more consistently by AI-enabled tools. Research synthesis, first-draft presentations, pattern recognition, market scanning, scenario generation, and parts of due diligence no longer require the same labor model they did even two years ago. In professional services, this is not a marginal productivity gain. It is a structural shock.

Yet this is only half the truth. The deeper truth is more important for clients, advisers, and firms deciding what kind of business they want to become. The same force that is eroding the old consulting pyramid is creating a much larger market for a new kind of consultancy: one built on judgment, enterprise architecture, governance, change leadership, and the disciplined translation of AI capability into operating reality.

This is the paradox at the heart of consulting’s AI moment. AI destroys low-level advisory work while simultaneously expanding the need for high-value advisory work.

The New Scarcity Is Not Analysis. It Is Integration.

The analytical scarcity that once justified large consulting teams is fading. What organizations increasingly lack is not information, but the ability to integrate AI safely, strategically, and at scale. Many enterprises now have pilots, proofs of concept, and isolated use cases. Far fewer have an enterprise-wide model that links AI strategy to governance, process redesign, workforce capability, data readiness, risk controls, and measurable commercial outcomes.

That gap is where the next generation of consulting value sits.

Recent global research points to the same conclusion from different angles. McKinsey has reported that while almost all companies are investing in AI, only a tiny minority describe themselves as genuinely mature in adoption, and the major barriers are leadership alignment, operating change, and scaling discipline rather than employee enthusiasm alone. NIST’s AI Risk Management Framework reinforces that AI deployment is not simply a technical issue but a governance and lifecycle challenge. The OECD’s AI Principles and its recent work on enterprise adoption likewise emphasize trustworthy governance, human-centered design, transparency, and capability-building as prerequisites for durable value creation. In Europe, the phased implementation of the EU AI Act is pushing organizations to translate AI ambition into documented controls, accountability, literacy, and risk-based operating practices.

Taken together, these developments point to a simple reality: enterprises do not need more AI theatre. They need AI orchestration.

This is why senior advisory work is becoming more valuable. The enterprise challenge is no longer “Can AI do this task?” It is now “How should this business redesign itself so that AI creates measurable value without creating unmanaged risk, fragmented workflows, regulatory exposure, or employee resistance?”

That question cannot be answered by a chatbot alone.

From Project Work to Enterprise Transformation

The strongest global practice is moving beyond isolated use cases towards enterprise transformation. Leading organizations are not treating AI as a bolt-on technology layer. They are redesigning decision flows, clarifying governance, upgrading data foundations, defining accountable ownership, and investing in AI literacy across both executives and delivery teams.

In practical terms, best practice now rests on six connected disciplines.

First, strategy. High-performing organizations are explicit about where AI will create value and where it will not. They prioritize a small number of mission-critical business outcomes rather than chasing dozens of disconnected experiments.

Second, operating model. AI needs a home inside the organization. That means clear sponsorship, role definition, investment logic, model ownership, and a decision-rights framework that prevents innovation from becoming chaos.

Third, data and technology foundations. AI maturity is constrained by the quality, accessibility, and governance of enterprise data. No amount of enthusiasm compensates for poor metadata, fragmented systems, or weak integration architecture.

Fourth, governance and trust. Responsible AI is no longer a compliance side note. It is a business requirement. Firms need controls around model risk, human oversight, security, auditability, third-party tools, and policy compliance. This is especially urgent for regulated sectors and for organizations operating across jurisdictions.

Fifth, workforce and change. The organizations that succeed treat AI adoption as a human transformation. They redesign roles, reallocate work, retrain managers, and engage employees early. Change management is not the packaging around the transformation; it is the transformation.

Sixth, value realization. Mature adopters define metrics in advance. They measure cycle-time reduction, cost-to-serve, quality uplift, revenue impact, risk reduction, and adoption depth. Without this discipline, AI becomes another innovation story rather than a business result.

Every one of these domains is advisory-intensive. None can be solved by technology procurement alone. This is why consulting is not disappearing. It is being re-priced around deeper capability.

Why the Old Pyramid Is Collapsing

The traditional consulting pyramid assumed that clients would continue paying for labor-intensive analytical assembly. That assumption no longer holds. If AI can compress work that once took five analysts and two weeks into a few hours of guided review, then the economics of leverage change dramatically. Clients will be less willing to fund armies of junior staff producing outputs that can now be generated, compared, and refined by machines.

This does not mean junior talent becomes irrelevant. It means the apprenticeship model must change. Tomorrow’s consultants will need stronger problem framing, industry context, facilitation, governance awareness, and data fluency much earlier in their careers. The premium will shift away from producing slides and toward shaping decisions.

For consulting firms, this creates a stark strategic choice. They can defend the old model and watch margins erode, or they can redesign around senior expertise, domain-led teams, AI-enabled delivery, and repeatable transformation frameworks. The winners will not be those with the largest bench. They will be those with the clearest method for helping clients move from experimentation to enterprise maturity.

The Bolgiaten Proposition: AI Maturity Assessment as a Strategic Entry Point

This is exactly why Bolgiaten’s AI Maturity Assessment is not a nice-to-have diagnostic. It is an essential executive instrument.

Most enterprises are currently trapped between ambition and execution. Boards want AI value. Business units want faster tools. Risk teams want assurance. IT wants standardization. HR worries about capability and workforce impact. Legal and compliance want clarity on obligations. Everyone is right, but very few organizations have a common picture of where they actually stand.

An AI Maturity Assessment solves that problem.

At its best, such an assessment gives leadership a clear, evidence-based view of current capability across the dimensions that matter most: strategy, governance, data readiness, technology architecture, operating model, workforce capability, responsible AI controls, and value realization. It reveals where the enterprise is genuinely ready, where it is exposed, where investment should be prioritized, and what sequence of actions will unlock scale.

For Bolgiaten, this creates a compelling market proposition.

First, it establishes a trusted advisory entry point. Instead of selling abstract AI transformation, Bolgiaten can begin with a structured diagnosis grounded in enterprise reality.

Second, it converts uncertainty into a roadmap. Clients do not simply receive a score; they receive a staged transformation pathway tied to business outcomes, risk posture, and organizational readiness.

Third, it creates board-level relevance. AI has now moved into the language of competitiveness, resilience, compliance, and workforce redesign. An assessment translates technical noise into executive decisions.

Fourth, it opens downstream consulting opportunities. Once maturity gaps are visible, the follow-on demand becomes clear: governance frameworks, operating model redesign, use-case prioritization, AI policy development, vendor evaluation, workforce capability building, and enterprise change management.

In other words, the assessment is both a client value tool and a consultancy growth engine.

Why This Is a Massive Consultancy Opportunity

The opportunity is massive because nearly every medium and large enterprise now needs the same sequence of support. They need to understand their AI maturity. They need to prioritize use cases. They need to redesign processes. They need to establish governance. They need to upskill leaders and teams. They need to embed trust, compliance, and accountability. And they need to prove measurable value.

That demand is horizontal across industries and vertical within them. Financial services, telecoms, public sector, logistics, infrastructure, energy, health, and professional services all face the same core challenge: AI cannot remain a pilot portfolio. It must become an enterprise capability.

This is precisely the territory where seasoned consulting earns its keep. The work is cross-functional, politically sensitive, operationally complex, and deeply human. It requires facilitation, judgment, pattern recognition, and the ability to move senior stakeholders from fragmented enthusiasm to coordinated action.

That is why the future consultancy will look different. It will be smaller at the base, stronger at the center, and far more valuable at the top. It will use AI aggressively in delivery, but it will sell wisdom, not labor. It will package diagnostics, roadmaps, governance architectures, and transformation methods. It will blend technology fluency with organizational design and change capability.

The Bottom Line

The consulting industry is not facing extinction. It is facing selection.

The firms under pressure are those still organized around work that AI now performs adequately. The firms that will grow are those that understand AI as a force that raises the premium on human judgment. As analytical work becomes automated, the value migrates upward to synthesis, leadership, architecture, governance, and change.

The pyramid is collapsing. But what rises from its foundations will be something more strategic and more durable: a professional services model built not on scale, but on wisdom; not on volume, but on vision.

And in that new model, tools such as Bolgiaten’s AI Maturity Assessment will become indispensable. They provide the starting point every serious enterprise now needs: an honest view of readiness, a practical route to maturity, and a disciplined bridge from AI ambition to enterprise performance.

That is not simply a service offering. It is the gateway to the next great consultancy market.

Bolgiaten Offer a free one hour consultation with Professor Paul Morrissey to discuss this and other related AI issues across your organization please send a request to PJM@bolgiaten.com

Whenever technology evolves, cyber threats evolve alongside it. The arrival of autonomous and agentic artificial intelligence is accelerating that evolution in ways that many organisations are only beginning to understand. The real shift is not simply the automation of attacks, but the emergence of penetration at scale across multiple attack surfaces.

In practical terms, this means attackers will increasingly be able to automate the entire attack cycle—from reconnaissance and vulnerability discovery to credential compromise, data extraction, and deception-based intrusion. AI systems can simultaneously probe identities, applications, networks, cloud environments and human decision-makers. The result is not a single attack vector but a coordinated campaign that unfolds across an organisation’s entire digital ecosystem.

This represents a profound departure from the traditional model of cyber intrusion. Historically, human attackers focused their attention on a limited number of targets, investing time in reconnaissance before launching an intrusion. Artificial intelligence changes that equation dramatically. Autonomous tools can continuously scan for vulnerabilities across thousands or millions of potential targets, learning from each interaction and refining their approach in real time.

The implication is clear: the future threat environment is defined by scale, persistence and simultaneous pressure across multiple attack surfaces.

Penetration at AI Scale

Human cybercriminals have historically been constrained by time and operational capacity. Identifying vulnerable systems, crafting convincing phishing campaigns, or attempting credential theft required careful manual effort. AI-enabled systems remove many of these constraints.

Autonomous tools can perform reconnaissance continuously, mapping attack surfaces across identities, APIs, cloud infrastructure, and enterprise systems. They can generate and test thousands of phishing messages, automatically adapt social engineering techniques, and exploit exposed credentials within minutes of discovery.

The attack does not occur in a single place. Instead, it unfolds across multiple surfaces simultaneously:

• Identity systems such as authentication platforms and privileged accounts
• Cloud infrastructure and software-as-a-service environments
• APIs and interconnected digital services
• AI models and data pipelines themselves
• Human users targeted through increasingly convincing deception

This is what penetration at scale looks like: not one entry point, but many potential openings tested continuously until one succeeds.

And once access is achieved, AI-driven tools may accelerate lateral movement, privilege escalation and data discovery far more quickly than human attackers could manage. Sensitive data can be identified, aggregated and exfiltrated automatically, while malicious software can be inserted to enable future exploitation.

At the same time, organisations themselves are rapidly deploying AI agents across their operations—from customer service and internal knowledge management to supply chains and decision support. While these systems deliver clear efficiency gains, they also introduce new vulnerabilities and attack surfaces that traditional cybersecurity frameworks were not designed to address.

In particular, researchers have highlighted the risk of prompt injection attacks, data poisoning, model manipulation and agent misalignment. These vulnerabilities allow malicious actors to manipulate AI systems themselves, turning internal automation tools into potential attack vectors.

In short, the defensive environment is becoming more complex at the same moment that offensive capability is becoming more automated.

A New Cybersecurity Landscape

We are therefore entering a new phase of cybersecurity where defence must operate at the same scale and speed as AI-enabled threats. Reactive models of cybersecurity—where incidents are analysed and mitigated after detection—will increasingly struggle to keep pace with automated attacks unfolding in real time.

Governments and regulators are already recognising this shift. Emerging initiatives such as AI risk management frameworks, secure AI system development guidance, and new cybersecurity standards are being developed to help organisations manage these risks. The direction of travel is clear: cybersecurity must become more proactive, predictive and resilient.

For businesses, this means developing a cybersecurity playbook designed specifically for the AI era.

A Cybersecurity Playbook for the Agentic Era

Every organisation should now be developing a strategic framework that prepares it for penetration attempts occurring simultaneously across multiple attack surfaces.

The first element of such a playbook is governance. Organisations deploying AI systems must implement clear policies defining how those systems operate, what data they can access, and how their actions are monitored. Robust identity and access management is essential, alongside detailed logging and audit mechanisms capable of tracking both human and machine decision-making.

Second, incident response strategies must evolve. Traditional response processes assume that human analysts investigate threats and then take action. When attacks unfold at machine speed, that model becomes increasingly impractical.

Defensive systems will need automated containment capabilities capable of isolating compromised services, revoking credentials, and limiting lateral movement in real time. This raises an important governance question for leadership teams: when should automated systems be authorised to take disruptive action in order to protect the organisation?

In many cases, cybersecurity platforms will need authority to shut down systems or restrict operations temporarily to prevent wider compromise. Determining where those boundaries lie will become a critical leadership decision in the coming years.

Third, organisations must prioritise workforce awareness. AI-powered deception techniques—including deepfake audio, synthetic video, and highly personalised phishing—are becoming increasingly sophisticated. Security awareness cannot remain confined to IT departments; it must become a universal organisational capability.

Employees need training to recognise emerging forms of manipulation and to understand the role they play in maintaining cyber resilience. Just as importantly, training programmes must evolve continuously as new attack techniques emerge.

Finally, organisations must remain aligned with emerging standards and frameworks. Cybersecurity policies that remain static will rapidly become obsolete in a rapidly evolving threat environment. Continuous review against global best practices ensures that defensive strategies remain current.

The Strategic Message

If there is one central message for business leaders, it is this: the emergence of AI-enabled penetration at scale across multiple attack surfaces represents more than simply another cybersecurity threat.

It represents a transformation of the entire threat landscape.

Defensive strategies built for a slower, more predictable era of cyber intrusion are no longer sufficient. Organisations must now prepare for a world in which attacks occur continuously, adapt dynamically, and operate simultaneously across infrastructure, software, identities, data and human behaviour.

In such an environment, cybersecurity resilience depends not only on stronger tools but on stronger strategy.

The organisations that succeed will be those that recognise the scale of this transformation early, rethink their security playbooks, and build defences capable of operating at the same speed and scale as the threats they face.