buildinganai-drivekgkic: Stage Gates: Discover to Deploy

When “yes” becomes expensive: why stage gates exist

A product leader asks for a “quick pilot” of a generative AI copilot for sales proposals. The demo looks great, so leadership pushes to roll it out broadly. Two weeks later, security asks where the prompts are logged, legal asks whether customer data is being sent to a vendor, and the sales ops team asks how proposal quality will be measured. Everyone is now negotiating under deadline pressure, and the AI team is stuck retrofitting controls into a solution that already has momentum.

This is exactly where stage gates earn their keep. They create a deliberate sequence of decisions—each tied to a specific evidence bar—so you can move quickly without letting excitement outrun proof. Stage gates aren’t “process for process’ sake”; they’re an executive mechanism to control investment, risk, and organizational commitments (like integration work and change management).

If intake standards make a request decisionable, stage gates make delivery fundable and governable from discover through deploy. The goal is simple: learn cheaply early, and only pay the full cost (engineering, integration, operational ownership, governance burden) when the evidence justifies it.

The stage-gate language: decisions, not paperwork

A stage gate is a formal decision point that controls whether a use case moves forward, pauses for more evidence, changes shape, or stops. The “gate” is not the meeting; it’s the decision rule: what must be true, what evidence is acceptable, and who has the authority to approve. In practice, stage gates work best when they are understood as investment checkpoints. Each stage has a typical cost profile (time, data work, build effort) and a typical risk profile (privacy, brand, customer harm, operational brittleness).

Key terms you’ll use throughout:

Stage: A bounded phase of work with a clear learning goal (e.g., prove value plausibility, prove feasibility, prove operational readiness).
Gate: The decision to proceed, pivot, pause, or stop—based on an explicit evidence bar.
Evidence bar: The minimum acceptable proof for that gate (not “perfect certainty,” but sufficient confidence for the next investment).
Go / No-go / Pivot / Park: Common gate outcomes. “Park” is important—it preserves good ideas that aren’t ready (data access, ownership, or risk constraints not resolved).
Operational readiness: Ability to run the system in real workflows with monitoring, incident response, and clear owners—not just a working model.

A useful analogy is clinical trials. You don’t jump from a hypothesis to mass prescription. You move from early signals to controlled trials to monitored deployment. Each phase answers a different question, and each has stricter standards because the blast radius grows as you scale.

Stage gates connect directly to the prior lesson’s “five proofs” (value, feasibility, ownership, risk awareness, measurement). Those proofs don’t get collected once; they get strengthened at each gate as uncertainty decreases and commitments increase.

From Discover to Deploy: what each gate is really trying to prove

Most AI delivery failures are not “model failures.” They’re sequencing failures: teams build before they’ve validated value, they scale before governance is designed, or they deploy before operational readiness exists. A Discover→Deploy stage-gate system prevents that by asking the right question at the right time and matching it to the right level of evidence.

Gate 1 — Discover: prove the problem is real and worth solving

Discover exists to prevent a common portfolio trap: funding “AI-shaped ideas” that don’t have a crisp decision point, a measurable outcome, or a committed owner. At this stage, your goal is not to prove the model works. Your goal is to prove the use case is coherent: a bounded workflow, a baseline, and a plausible path to value with known constraints. This is where the proof of value and proof of ownership from intake start to become non-negotiable.

The evidence bar in Discover should be intentionally lightweight but decisive. You should be able to answer: What operational decision changes if this works? What metric moves, and what guardrail must not degrade? Who is accountable for adopting it, not just requesting it? Teams often think Discover is “just brainstorming,” but high-performing AI programs treat it as structured hypothesis formation. Without that structure, later stages become expensive experiments with unclear success criteria.

Common pitfalls show up right here. One is using model metrics (accuracy, BLEU score, “looks good”) as a substitute for business outcomes. Another is letting “strategic” become a label that bypasses evidence. Discover works when it forces translation: from ambition (“reduce churn”) into a testable claim (“reduce churn in Segment B by 2 points within 90 days via earlier retention offers triggered by X”). It also surfaces early governance constraints—especially privacy and data classification—so you don’t accidentally build a popular prototype that can’t legally be used.

A typical misconception is that risk review belongs later. In reality, Discover is where you decide whether the idea can be shaped into something governable. If you can’t define acceptable failure modes, escalation paths, or data boundaries, you don’t have a use case—you have a hope.

Gate 2 — Feasibility (and shaping): prove you can build the end-to-end system

Feasibility is where many teams mistakenly ask only one question: “Do we have data?” The better question is: “Can we reliably run the full loop—from inputs to outputs to measurement—inside real constraints?” This includes data access, refresh rates, latency, integration points, and the “last mile” of delivery into the workflow. A notebook model might be feasible while a production system is not, and stage gates exist to catch that mismatch early.

The evidence bar here should force teams to enumerate the operational chain. What data sources will be used, and how are they accessed? What data is excluded (e.g., payment info, special categories) and why? How will outputs be presented—suggestions, rankings, classifications—and where? This gate is where you start converting risk awareness into design: logging decisions, retention windows, human-in-the-loop controls, and constraints on automation. If the use case touches customers, regulated decisions, or sensitive data, feasibility must be treated as socio-technical feasibility: not just “can we compute it,” but “can we operate it responsibly.”

Pitfalls at this stage are predictable. Teams promise “we’ll integrate later,” then discover integration is the bulk of the work. They assume downstream teams will adopt outputs without incentives or training. Or they ignore throughput constraints—building a system that flags 10,000 cases weekly when operations can review 200. Feasibility gates should therefore require basic capacity alignment: what happens to each prediction or generated output, who reviews it, and at what volume.

A misconception worth correcting: feasibility is not “proving you can reach production.” It’s proving the unknowns are identified and resolvable within time and policy constraints. Passing this gate often means you have a realistic plan and a controlled prototype path—not that everything is solved.

Gate 3 — Validate (pilot): prove impact in the real workflow, not just offline

Validation is where “prototype theatre” either ends or gets institutionalized. The purpose of this stage is to prove that the system improves the outcome metric under real operating conditions, with guardrails holding. This is the point where offline performance must be translated into business impact via an experiment design: A/B testing, phased rollout, shadow mode, or human-in-the-loop evaluation—chosen to match the workflow and risk.

The evidence bar here should require clarity on measurement: baselines, time windows, and how you’ll attribute impact. It should also require guardrail monitoring for unintended effects. For agent-assist, that might include escalation rates, customer satisfaction, and policy violations. For risk models, it might include fairness checks across segments, false positive handling, and complaint rates. The key is that validation evidence must be operationally grounded: humans override model outputs, data quality changes, and edge cases appear only in the field.

Common pitfalls include over-relying on “good pilot feedback” without quantifying outcomes, or selecting a pilot group that makes results look better than reality (e.g., only top-performing agents). Another pitfall is ignoring adoption mechanics. If adoption is optional, impact depends on workflow fit, training, and trust. Validation should therefore explicitly measure not just performance, but usage and adherence: how often are suggestions used, edited, or ignored, and why?

A misconception that slows teams down is believing validation requires production-grade engineering from day one. In many cases, you can validate safely via constrained deployment patterns—limited scope, strong human review, strict logging and access controls—while still generating high-quality evidence. The goal is not perfection; it’s credible proof that scaling is warranted.

Gate 4 — Deploy (scale): prove operational readiness and governance completeness

Deploy is not “turn it on.” Deploy is the decision that the system is ready to become part of the organization’s normal operations. That requires operational readiness: monitoring, alerting, drift detection (where applicable), incident response, auditability, access controls, documentation, and clear ownership for ongoing changes. This gate also finalizes governance commitments: who can change prompts/models, how changes are tested, how approvals happen, and how the system can be paused if harm occurs.

The evidence bar for Deploy should be the strictest because the blast radius is largest. You need proof that the system can be run safely at scale, not just that it can be built. That includes handling failure modes: what happens when data pipelines break, when the model degrades, or when user behavior shifts. For generative AI, you also care about content risks—hallucinations, policy violations, sensitive data leakage—and the operational controls that reduce these risks (citations, blocked topics, human review, and logging).

A common pitfall is letting deployment happen because “the pilot succeeded” while leaving ownership and runbooks fuzzy. Another is treating monitoring as a future enhancement rather than a launch requirement. The operational truth is harsh but useful: if you can’t monitor it, you can’t govern it; if you can’t govern it, you shouldn’t scale it.

A misconception at this stage is that governance slows delivery. In mature organizations, the opposite is true: explicit governance accelerates scaling because stakeholders stop renegotiating safety requirements during every expansion. Deploy gates convert “trust me” into “here is how the system stays trustworthy.”

A compact view: what changes as you move through gates

The biggest shift across gates is not technical complexity—it’s commitment and risk exposure. The following table shows how the focus, evidence, and decision rights typically evolve.

Dimension	Discover	Feasibility / Shaping	Validate (Pilot)	Deploy (Scale)
Primary question	Is this the right problem and outcome?	Can we run end-to-end within constraints?	Does it move the outcome in the workflow?	Can we operate and govern it sustainably?
Evidence bar (minimum)	Baseline + target metric, named owners, preliminary risk categories, measurement sketch.	Data sources + access path, workflow placement, integration plan, constraints (privacy/logging), operational throughput alignment.	Experiment design, outcome impact vs baseline, guardrails stable, adoption and override behavior measured.	Monitoring & incident response in place, auditability, access control, change management, final sign-offs and runbooks.
Typical investment	Low (analysis, stakeholder alignment).	Medium (data work, prototype architecture, initial controls).	Medium-high (pilot build, integration for test, measurement).	High (production engineering, hardening, operating model).
Most common failure mode	Vague scope; “strategic” without metrics; no owner.	“We’ll integrate later”; ignoring last-mile workflow; capacity mismatch.	Demo success mistaken for impact; biased pilot group; weak guardrails.	Scaling without monitoring; unclear ownership; governance retrofits.

[[flowchart-placeholder]]

Two end-to-end examples: how stage gates prevent predictable failures

Example 1: Customer support agent assist (GenAI) — fast learning without a governance cliff

In Discover, the request is framed as: “Reduce average handle time by 8% without decreasing CSAT or increasing escalations.” The team defines a bounded workflow placement: the assistant drafts suggested replies inside the existing ticketing tool, and agents always approve before sending. Ownership is explicit: the support leader owns the outcome metric, and a support ops owner is accountable for rollout, coaching, and adherence. Risk awareness is declared early: customer text may contain sensitive information, so data classification and retention constraints must shape the design.

At the Feasibility gate, the team proves end-to-end reality: ticket text and knowledge base articles are accessible, but categories containing payment details are excluded. They decide what can be logged (prompts and outputs with redaction) and set boundaries on automation (no auto-send, no customer-facing new channel). They also confirm integration feasibility: the assistant appears as a side panel in the current tool with low-latency responses, and the knowledge base is the only allowed grounding source. This prevents the classic pitfall where a great demo later fails security review because the chosen architecture can’t meet logging and retention requirements.

In Validate, the pilot is run with a defined cohort and time window. The team measures handle time and CSAT, but also tracks guardrails: escalation rate, policy violations, and agent override behavior (accept/edit/reject). They learn a limitation: junior agents benefit more than senior agents, and certain ticket types (billing disputes) have higher risk and lower utility. Instead of scaling blindly, they adjust scope and add controls (stricter grounding and blocked topics) before Deploy. At Deploy, they finalize monitoring (e.g., spike in hallucination reports, policy flags), establish an incident path (“pause assist feature for Category X within 30 minutes”), and lock change management so prompt and model updates require lightweight review.

Impact and benefits: Faster cycle time from idea to safe pilot, fewer late-stage surprises, and a scaling plan that includes adoption mechanics.
Limitations: Results depend on workflow fit and agent behavior; “good outputs” don’t guarantee consistent operational impact without training and measurement.

Example 2: Credit risk early warning model — when the gate must be strict

In Discover, the use case is treated as a governed decision system, not just a predictive model. The outcome is defined as loss reduction (or delinquency reduction) with explicit guardrails: false positives must not trigger punitive actions, and fairness must be monitored across relevant segments. Ownership is split deliberately: a finance leader owns the business outcome, and an operations leader owns the intervention process (outreach scripts, hardship offers, review steps). The team also identifies governance constraints early: legal basis for using specific features, documentation needs, and potential requirements for explainability or adverse action processes depending on jurisdiction and usage.

At Feasibility, the team proves the intervention pipeline can exist. They map feature sources and confirm which are allowed, then align model outputs with operational capacity: the outreach team can contact only 5% of accounts weekly, so the system must support prioritization, not just risk scoring. They also define human-in-the-loop controls: a flagged account leads to review and outreach offers, not automatic credit tightening. This addresses a frequent pitfall where technically strong models create real-world harm because the organization operationalizes them in the most aggressive way possible.

In Validate, the evidence bar focuses on real-world outcomes and harm prevention. The pilot compares outcomes for contacted vs non-contacted groups and checks whether interventions genuinely reduce loss rather than simply shifting delinquency timing. The team evaluates performance across segments and monitors complaint rates and remediation outcomes as guardrails. They also surface a limitation: model lift is strong, but outreach scripts and staffing constrain realized benefit. The response is not “deploy anyway”; it’s to adjust the operating model (capacity, playbooks) or narrow scope where the intervention can be effective.

At Deploy, operational readiness includes audit trails for predictions and actions taken, clear escalation paths for disputes, periodic fairness reviews, and change control for model updates. The gate is intentionally strict because the stakes are high: customer harm, regulatory scrutiny, and reputation risk. The result is slower than a casual rollout—but dramatically faster than recovering from a governance failure after deployment.

Impact and benefits: Higher probability that scaling produces net benefit without hidden harm, and governance is embedded into design choices early.
Limitations: Strong models can still underperform if the intervention capacity, incentives, or processes aren’t aligned—stage gates make that mismatch visible before full-scale rollout.

A practical way to think about stage gates

Stage gates work when they are framed as progressive de-risking:

Early stages reduce value uncertainty: Is this worth doing, and how would we know?
Middle stages reduce technical and workflow uncertainty: Can we run it end-to-end where decisions happen?
Late stages reduce governance and operational uncertainty: Can we safely own it over time?

The most important habit is to keep the gate question crisp: “What must be true to justify the next investment?” When you do this well, you don’t just ship more AI—you ship AI that survives contact with real operations, real users, and real governance expectations.

Now that the foundation is in place, we’ll move into Lifecycle Documentation Expectations [25 minutes].

Last modified: Friday, 6 March 2026, 6:05 PM

Operating Model for AI at Scale

AI Operating Model Patterns

Quiz: AI Operating Model Patterns

Roles &amp; Decision Rights

Quiz: Roles &amp; Decision Rights

Ways of Working (Product/Platform/Squads)

Quiz: Ways of Working (Product/Platform/Squads)

Portfolio &amp; Funding for AI Outcomes

Quiz: Portfolio &amp; Funding for AI Outcomes

AI Strategy to Execution Roadmap

Outcomes and Metrics from AI Ambition

Quiz: Outcomes and Metrics from AI Ambition

Prioritisation: Value, Feasibility, Risk

Quiz: Prioritisation: Value, Feasibility, Risk

Roadmap Design: Horizons and Dependencies

Quiz: Roadmap Design: Horizons and Dependencies

Executive Alignment and Change Impacts

Quiz: Executive Alignment and Change Impacts

AI Use Case Lifecycle Governance

Intake Standards &amp; Evidence Bar

Quiz: Intake Standards &amp; Evidence Bar

Stage Gates: Discover to Deploy

Quiz: Stage Gates: Discover to Deploy

Lifecycle Documentation Expectations

Quiz: Lifecycle Documentation Expectations

KPIs, Ownership &amp; Accountability

Quiz: KPIs, Ownership &amp; Accountability

AI Risk Management for Deployment

Risk Categories for AI Deployment

Quiz: Risk Categories for AI Deployment

Model Risk: Bias, Drift, Misuse

Quiz: Model Risk: Bias, Drift, Misuse

Data Risk: Provenance to Retention

Quiz: Data Risk: Provenance to Retention

Third-Party Risk &amp; Incident Response

Quiz: Third-Party Risk &amp; Incident Response

AI Governance, Controls, and Assurance

Governance Frameworks &amp; Committees

Quiz: Governance Frameworks &amp; Committees

Control Design: Prevent/Detect/Correct

Quiz: Control Design: Prevent/Detect/Correct

Monitoring, Auditability &amp; Evidence

Quiz: Monitoring, Auditability &amp; Evidence

Regulatory &amp; Board Oversight Alignment

Quiz: Regulatory &amp; Board Oversight Alignment

Final Review

Course Synthesis: End-to-End View

Quiz: Course Synthesis: End-to-End View

Integration Exercise: Strategy-to-Control Map

Quiz: Integration Exercise: Strategy-to-Control Map

Practical Takeaways &amp; Next Steps Plan

Quiz: Practical Takeaways &amp; Next Steps Plan

When “yes” becomes expensive: why stage gates exist

The stage-gate language: decisions, not paperwork

From Discover to Deploy: what each gate is really trying to prove

Gate 1 — Discover: prove the problem is real and worth solving

Gate 2 — Feasibility (and shaping): prove you can build the end-to-end system

Gate 3 — Validate (pilot): prove impact in the real workflow, not just offline

Gate 4 — Deploy (scale): prove operational readiness and governance completeness

A compact view: what changes as you move through gates

Two end-to-end examples: how stage gates prevent predictable failures

Example 1: Customer support agent assist (GenAI) — fast learning without a governance cliff

Example 2: Credit risk early warning model — when the gate must be strict

A practical way to think about stage gates

Roles & Decision Rights

Quiz: Roles & Decision Rights

Portfolio & Funding for AI Outcomes

Quiz: Portfolio & Funding for AI Outcomes

Intake Standards & Evidence Bar

Quiz: Intake Standards & Evidence Bar

KPIs, Ownership & Accountability

Quiz: KPIs, Ownership & Accountability

Third-Party Risk & Incident Response

Quiz: Third-Party Risk & Incident Response

Governance Frameworks & Committees

Quiz: Governance Frameworks & Committees

Monitoring, Auditability & Evidence

Quiz: Monitoring, Auditability & Evidence

Regulatory & Board Oversight Alignment

Quiz: Regulatory & Board Oversight Alignment

Practical Takeaways & Next Steps Plan

Quiz: Practical Takeaways & Next Steps Plan