IOV LABSMost "adopt AI" advice is a list of tools. That is the wrong list. We built a vendor-neutral playbook from five deep-research passes (multi-source search plus adversarial three-vote verification) and direct spot-verification, and the central finding is not about any tool: the tools are already mature, and what decides ROI is the control system around them, not the tool itself.
The honest numbers
Adoption is near-universal. The 2025 DORA report finds 90% of technologists use AI and over 80% feel more productive. But the gap between feeling and reality is large: a randomized trial of skilled open-source developers (METR) found they were 19% slower with AI, while believing they were 20% faster. Organizationally, S&P Global reports 42% of companies scrapped most of their AI projects in 2025, more than double the prior year, and Gartner found only 6% of Microsoft 365 Copilot pilots scaled. We rejected the widely cited "MIT 95% of pilots fail" and "IBM 25% ROI" figures: adversarial verification could not trace them, so they are not in the playbook.
The pilot is easy. Production and ROI are hard. The differentiator is the control system: automated tests, mature version control, fast feedback, human review.
Four domains, in situational detail
Development: pick the model by task difficulty (a cheap model for sub-15-minute tasks where it scores 93%, a top model plus a human for complex refactors), spend at the $20 tier daily and the $200 tier for heavy work, and gate every AI pull request with a smell checklist (zombie code, additive bias, hallucinated APIs).
Design and marketing: the generic "AI look" comes from the model outputting the statistical median of its training data when the prompt is vague. The remedy is an explicit, text-based design system, negative constraints (ban the purple gradient and the default font), concrete references, and human post-processing.
Operations: even RAG does not stop hallucination (legal RAG tools hallucinate 17 to 33%, per Stanford). Treat retrieval quality as a first-class metric, build vs buy by a decision tree, and keep a human in the loop for high-stakes actions.
Governance and security: measure with objective metrics rather than self-report, map your systems to OWASP LLM Top 10 and NIST AI RMF, and check your obligations under the EU AI Act, GDPR Article 22, and Korea's PIPA Article 37-2 (the right to refuse and to an explanation of automated decisions, in force since March 2024).
The full playbook, the PDF, and the sources are public.