Anthropic's enterprise revenue crossed $14 billion annualised in February 2026. The Anthropic/Deloitte deal covers nearly 500,000 professionals. TCS has committed 50,000 associates to Claude. The frontier AI market is consolidating rapidly around governed, private, enterprise-grade deployment.
The window for "we'll use ChatGPT for now" as a professional AI strategy is closing. And for some firms, it has already closed.
What has changed since 2023
Regulatory frameworks are now in force. The EU AI Act applies strictly from August 2, 2026. The EU Cyber Resilience Act mandates incident reporting from September 11, 2026. The UK's Sovereign AI Unit has made data residency a procurement requirement for government-adjacent work. The ICO has published specific guidance on AI in professional services. None of this is moving toward permissiveness.
Enterprise clients are starting to ask. In regulated sectors, procurement questionnaires now routinely include: what AI tools do you use? Where is client data processed? Is your data used to train models? Are your AI outputs cited to their sources? A firm that cannot answer credibly is disadvantaged before the work starts.
Governed AI is now at price parity. In 2023, private governed AI was expensive and complicated. In 2026, it is neither. The cost of professional-grade AI — with compliance documentation, private infrastructure, cited outputs, and contractual data protection — is comparable to an enterprise subscription to a public model.
The hallucination problem — and the only solution that scales
The instinctive response to hallucination risk is caution: use AI less, check everything manually. This does not scale and eliminates most of the productivity benefit.
The structural solution is cited answers: AI that attributes every output to its source document, or explicitly labels outputs drawn from model training. When every response comes with a citation, verification becomes a check rather than a search. You are not asking "is this correct?" and hoping — you are asking "does this match the document it cites?" That is a question you can answer efficiently, at scale.
For professional services firms, cited answers are what make AI output professionally defensible — the difference between a deliverable you can stand behind and one you are hoping nobody checks too carefully. For commercial teams, cited signals are what make AI intelligence actionable rather than merely interesting.
The copy-paste data sprawl problem
Most professionals using AI in 2026 are running multi-tool workflows: research in Claude, reformatting in ChatGPT, deck in Gamma. Each transition is a data exposure event. The client material in Claude is now in OpenAI's environment. The output from ChatGPT is in Gamma's.
What governed AI actually requires
"The tacit knowledge of your firm is leaking every time an AI tool processes your client work on shared infrastructure. If you leak it, it's a one-way door. You're done."
The opportunity in the transition
The professional services and commercial organisations that move to governed AI now — before their clients require it, before regulatory scrutiny intensifies — are building a differentiator. A consulting firm that can hand a regulated client a complete AI compliance pack at the start of an engagement is signalling infrastructure that most competitors cannot currently match. A commercial organisation that can demonstrate its AI sees what other tools miss — including what its teams never formally logged — and cites every recommendation to its source, is removing a procurement objection before it arises.
PAL — for consulting & professional services
UK GDPR DPA on day one. Ringfenced client vaults. Every response cited. Model routing across Claude, GPT, Gemini, Llama and Mistral. No usage caps. Data never trains any model.
Try PAL for Free →Cai — for CCOs & commercial teams
100% of customer data interrogated — including what your team never formally logged. Every revenue signal cited to its source. Private by architecture. Never resigns.
Request a Cai Demo →