In April 2026, cloud-hosting platform Vercel disclosed that hackers had breached its internal systems and stolen customer data. The breach occurred because a Vercel employee had signed up for a third-party AI productivity tool using their corporate Google account and granted it full-access permissions. When that AI tool’s own systems were compromised, the attackers used the trust relationship as a bridge straight into Vercel’s internal environment. The stolen database was listed for sale on a hacker forum for $2 million.
Note that the breach did not directly attack a software vulnerability. Rather, it exploited an architectural gap. The technology worked as designed, but the architecture was not fit for purpose in the brave new world of artificial intelligence.
This is a common pattern. Organizations across industries are deploying AI tools, building AI-powered workflows, and experimenting with autonomous AI agents—all on top of enterprise architectures that were designed for a different era.
{“blockType”:”mv-promo-block”,”data”:{“imageDesktopUrl”:”https:\/\/images.fastcompany.com\/image\/upload\/f_webp,q_auto,c_fit\/wp-cms-2\/2025\/10\/creator-faisalhoque.png”,”imageMobileUrl”:”https:\/\/images.fastcompany.com\/image\/upload\/f_webp,q_auto,c_fit\/wp-cms-2\/2025\/10\/faisal-hoque.png”,”eyebrow”:””,”headline”:”Ready to thrive at the intersection of business, technology, and humanity? “,”dek”:”Faisal Hoque’s books, podcast, and his companies give leaders the frameworks and platforms to align purpose, people, process, and tech—turning disruption into meaningful, lasting progress.”,”subhed”:””,”description”:””,”ctaText”:”Learn More”,”ctaUrl”:”https:\/\/faisalhoque.com”,”theme”:{“bg”:”#02263c”,”text”:”#ffffff”,”eyebrow”:”#9aa2aa”,”subhed”:”#ffffff”,”buttonBg”:”#ffffff”,”buttonHoverBg”:”#3b3f46″,”buttonText”:”#000000″},”imageDesktopId”:91420512,”imageMobileId”:91420514,”shareable”:false,”slug”:””,”wpCssClasses”:””}}
That pattern should concern every leadership team. The success of AI deployments—both whether they work and whether they scale—depends on the technical systems they are embedded in. There is no point trying to build cutting-edge AI systems on top of legacy infrastructure that is fundamentally incompatible with the new technology. The 90-day plan below gives you a step-by-step playbook for jump-starting the process of bringing your technical architecture up to date for the AI era.
What AI-Ready Architecture Requires
The contemporary AI technology stack comprises five interdependent layers. Each one places specific demands on the enterprise, and weakness at any layer limits what the other layers can accomplish.
- Data and storage: AI systems are only as good as the data they operate on, and in most enterprises, that data is fragmented, inconsistently governed, and riddled with quality problems nobody has had reason to fix until now.
- Compute and acceleration: AI workloads are GPU-intensive, arrive in unpredictable spikes, and are sensitive to where data physically resides—fundamentally different from the steady-state transactional computing most enterprise infrastructure was built for.
- Model and algorithm: Most enterprises treat model selection as an ad hoc decision made by individual teams, producing redundant spending, inconsistent risk profiles, and no organizational view of what models are in use or what they are being asked to do.
- Orchestration and tooling: The APIs, middleware, and automation frameworks that connect models to business workflows are also where architectural brittleness does the most damage—if your integrations are undocumented or ungoverned, AI will amplify that fragility at speed.
- Application and governance: This is where AI meets users, policies, and oversight—the interfaces, guardrails, monitoring, and audit trails that determine whether the organization can actually explain what happened when something goes wrong.
The 90-day plan that follows addresses all five layers concurrently rather than sequentially, because architectural weaknesses in any one layer constrain what every other layer can accomplish.
Technology architecture is one component of the broader strategic enterprise architecture of any business. For a fuller treatment of how these layers connect, see my article on strategic enterprise architecture for AI.
The 90-Day Plan
Days 1–30: Map
The goal of this phase is to produce a comprehensive and precise picture of your current architectural landscape.
1. Inventory your data estate. Map every system of record, every data warehouse, every data lake, and every significant file repository the organization relies on. For each, document what it contains, who owns it, how it is governed, and its current state of quality. In most organizations, this inventory produces surprises, such as critical data in ungoverned repositories, redundant records, and unmanaged data that nobody has thought to catalog.
2. Map your integration landscape. Catalog every very automated data flow currently in production. Flag the brittle ones, the undocumented ones, and the ones held together by the knowledge of a single person.
3. Audit your identity and access architecture. Inventory both human and nonhuman identities in your environment. How many service accounts exist? How many have excessive privileges? How many are unused but still active? When AI agents begin operating autonomously inside your systems—and they will—each one will need a governed identity, scoped privileges, and a defined life cycle. The Vercel breach is a case study in what happens when this layer is inadequate.
4. Assess your cloud and compute posture. AI workloads have different infrastructure characteristics than traditional enterprise applications. They are GPU-intensive, sensitive to where the data physically resides, and arrive in unpredictable surges that legacy capacity planning cannot handle. Map your current cloud footprint, your data residency constraints, and your ability to scale GPU compute under load if needed.
5. Force the worst-case conversations. For each major component of your architecture, ask: What happens when an AI system with autonomous privileges operates on top of this? Where does it break? Where does it expose us? What happens if a model hallucinates and triggers an automated action downstream? What happens if an AI agent’s credentials are compromised? This exercise borrows directly from the “Catastrophize” step of the CARE framework for AI risk management. Its value lies in surfacing the architectural weaknesses that only become visible under AI-era loads.
By the end of this phase, you should have a clear assessment of your architecture and its readiness—or otherwise—for AI.
For a deeper look at the systemic risks that architectural mapping is designed to surface, see AI’s butterfly effect: The danger of cascade failures.
Days 31–60: Build
In this phase, the goal is to begin filling in the architectural gaps identified earlier. No AI initiatives should launch during this phase—this is purely about ensuring robust foundations before anything goes live.
1. Stand up a data governance operating model. Data will never be ready for AI if its governance is treated as an afterthought. Establish clear ownership for every critical data domain, define quality thresholds and the processes for maintaining them, and create a data governance forum with genuine authority to enforce standards.
2. Invest in the data platform. Begin consolidating fragmented data into a modern platform capable of supporting AI workloads. This may involve a consolidated data platform with stronger pipelines and clearer standards for how data is defined and described. The key principle is prioritization: Start with the data domains most relevant to the AI use cases your organization is already pursuing or preparing to pursue.
3. Modernize the integration layer. Make API-first the default for every new system. Catalog the APIs you have. Retire integrations that cannot be governed. Put an API management capability in place that can support both human developers and AI agents as first-class consumers of your systems.
4. Reimagine identity for the AI era. Zero-trust is no longer a security posture reserved for highly regulated industries. It is the baseline requirement for any enterprise that intends to deploy systems capable of autonomous action. Every AI agent operating in your environment should have a distinct identity with scoped privileges, monitored behavior, and a defined life cycle—just as every human employee does.
5. Establish the model layer. Consolidate AI models and related decisions into a managed model layer: a defined set of approved models, a mechanism for evaluating new ones, guardrails for how models are invoked, and the ability to monitor usage across the organization.
6. Build your monitoring capability. You need visibility into model performance, changes to the underlying data, output quality, cost, and behavioral change over time. Create this capability early in the process rather than bolting it on after deployment. Without observability, the AI systems you deploy will be black boxes that nobody can explain when something goes wrong.
By the end of this phase, you will have your core architectural capabilities in place. These now need to be tested under real conditions.
For a detailed breakdown of the AI technology stack and why leaders need to understand it, see For CEOs, AI tech literacy is no longer optional.
Days 61–90: Embed
The goal of this phase is to ensure that architectural discipline becomes permanent rather than a one-off initiative that erodes the moment attention shifts elsewhere.
1. Wire architecture review into the intake process. No new AI initiative should be able to enter the organization’s portfolio without an architecture review that assesses data readiness, integration requirements, security implications, and alignment to the target architecture. This is the mechanism that prevents the enterprise from accumulating another generation of technical debt under a new label.
2. Run the first end-to-end deployment. Select a real, meaningful AI use case and run it through the new architecture from beginning to end—from data ingestion through model deployment to downstream action. This is where the gap between the architecture you designed and the architecture you actually built becomes visible.
3. Stress test security and identity. Run adversarial testing against the new architecture. The Vercel breach should concentrate minds here: The most dangerous attacks are the ones that travel through legitimate trust relationships, not the ones that try to break through the front door.
4. Formalize architecture governance. Establish a standing architecture review body with clear authority, a defined cadence, and the power to enforce its decisions. Its purpose is not to slow the organization down but to keep the enterprise architecturally coherent as AI accelerates the rate at which new systems, models, agents, and integrations enter the environment.
5. Build the skills inventory and the gap plan. The architecture you have built requires people who can operate it. Do not assume the existing team can absorb a shift of this magnitude through willpower alone. Assess your engineering, data, security, and platform teams against the capabilities the target architecture demands. Where the gaps are largest, make explicit decisions: hire, develop, or partner.
6. Iterate. By day 90, you have live data from a real deployment running through real infrastructure. What worked? What didn’t? Where is the friction highest? Use what you have learned. Building your technical architecture is not a one-off project—it needs to be continuously maintained and improved.
For a complementary road map for building the governance frameworks that sit on top of this architecture, see Here’s how to jump-start your company’s responsible AI governance in 90 days.
Conclusion
Every enterprise deploying AI today faces a mismatch between its technological architecture and the new demands of AI. This plan delivers the foundation for a sustained response: a mapped and understood data estate, integration and identity infrastructure fit for the AI era, a managed model layer, observability across the stack, and the governance machinery to keep it all coherent as you scale.
Perhaps most importantly, it moves you decisively forward. The question now is how you will use that momentum.
{“blockType”:”mv-promo-block”,”data”:{“imageDesktopUrl”:”https:\/\/images.fastcompany.com\/image\/upload\/f_webp,q_auto,c_fit\/wp-cms-2\/2025\/10\/creator-faisalhoque.png”,”imageMobileUrl”:”https:\/\/images.fastcompany.com\/image\/upload\/f_webp,q_auto,c_fit\/wp-cms-2\/2025\/10\/faisal-hoque.png”,”eyebrow”:””,”headline”:”Ready to thrive at the intersection of business, technology, and humanity? “,”dek”:”Faisal Hoque’s books, podcast, and his companies give leaders the frameworks and platforms to align purpose, people, process, and tech—turning disruption into meaningful, lasting progress.”,”subhed”:””,”description”:””,”ctaText”:”Learn More”,”ctaUrl”:”https:\/\/faisalhoque.com”,”theme”:{“bg”:”#02263c”,”text”:”#ffffff”,”eyebrow”:”#9aa2aa”,”subhed”:”#ffffff”,”buttonBg”:”#ffffff”,”buttonHoverBg”:”#3b3f46″,”buttonText”:”#000000″},”imageDesktopId”:91420512,”imageMobileId”:91420514,”shareable”:false,”slug”:””,”wpCssClasses”:””}}
