CEO Brief — AI Workforce Governance

arxsec-site market docs/briefs/ceo-brief.md

| | | |---|---| | TO | Chief Executive Officer | | FROM | Chief of Staff / Strategy | | RE | ARX engagement decision — AI Workforce Governance | | DATE | May 2026 | | DECISION REQUESTED | Authorize a Q3 engagement signing — ~$5.0M engagement fee, ~$24.0M Year-1 retainer (Tier 5 / 90,000-employee shape). Forecast: 3–4× return at steady state, Year 3. | | READ TIME | 4 minutes |

---

In one breath

You have publicly committed to AI productivity. The board expects to see the proof point in the next two earnings cycles. Your enterprise has deployed AI agents already — engineering copilots, sales drafters, customer-support routers, internal automation. None of them have an operating model. No badges, no managers, no performance reviews, no personnel records, no defined exits. Right now they are strangers with access. ARX gives every AI agent the same five things every human employee gets on day one — implemented as workforce infrastructure, so governance happens structurally instead of one approval at a time.

The category is AI Workforce Governance. The decision is whether this enterprise treats AI as labor (governed by workforce primitives, owned by the CHRO + CFO with the CISO validating) or as a security threat (governed by a SIEM, owned by the CISO). It is a CEO decision because the framing decides who runs it.

---

What you need to know

1. The risk is structural, not behavioral

The risk is not that an agent will do something careless. The risk is that the operating model under your AI workforce doesn't exist, so when the first peer enterprise has the headline incident — agent makes an unapproved customer decision, agent accesses regulated data outside scope, agent operates for nine months with drifted behavior — the narrative flips overnight from "AI productivity story" to "AI liability story." Being more careful does not fix this. An operating model fixes it: credentials don't exist outside scope, actions can't bypass approval gates, records can't be modified retroactively, terminations are atomic.

2. Where peer enterprises are stuck

Most peer enterprises are at Stage 02 — Stuck: the agents are built, the demos are good, and they cannot deploy at scale because every deployment goes through one-by-one vendor review, security review, and compliance review. Backlogs run nine months. The cost of Stage 02 for a 10K-employee enterprise is $40–80M/year of foregone productivity, growing every quarter. The exit from Stage 02 is not "better reviews" — it is putting workforce-shaped governance underneath the agents so reviews stop being one-off.

3. What ARX is, in three sentences

ARX is the operating model under every AI agent the enterprise hires. Five governance pillars — Onboarding (scoped credentials), Supervision (named-human approval gates), Evaluation (continuous performance review), Records (hash-chained audit log on customer infrastructure), Termination (atomic cross-system revoke) — each agent runs through all five at hire and continuously. 150 connector integrations to the customer's existing tooling (Workday, Salesforce, GitHub, Okta, Splunk, CrowdStrike, etc.), 188 reference agent manifests across 14 functions, and Atlas — the customer-private workforce reasoner that produces the manifest set the executive team signs off on, the same way a CHRO signs off on a human-headcount plan.

4. Who buys, who validates

| Role | Decides | Validates | |---|---|---| | CEO (you) | Whether this enterprise treats AI as labor or as a security threat. The category-level call. | — | | CHRO | Workforce composition, hiring cadence, manager structure. | Personnel records, manager queue UX, termination procedure. | | CFO | Engagement fee + retainer + pay-for-performance true-up. | Cost-to-serve, productivity-gain measurement, FTE-equivalent rollups. | | CISO | (Not the buyer.) | Credential model, audit chain, supervision posture — same role security plays for human employees. |

If your CISO is the lead buyer, your enterprise is at Stage 02. The CISO is the validator, not the operator.

---

What it costs, what it returns

Year 1 commercials (Tier 5 — 75,000+ employees):

| Component | Amount | |---|---| | Engagement fee (one-time, at signing) | $5.0M | | Performance retainer (Year 1, paid forward annually) | $24.0M | | Year 1 paid forward | $29.0M | | Projected positive true-up (against forecasted deliverables) | +$3.0M | | Year 1 expected total | ~$32.0M |

Three-year cumulative spend: ~$80–100M. Three-year expected return: ~$300M of FTE-equivalent productivity at steady state. Engagement returns: ~3–4× annually.

The retainer is denominated against the deliverable schedule the ARX Workforce Modeler produces — the CHRO + CFO sign the schedule before each engagement period. Quarterly true-up flexes ±25% (cap: +25% success fee, -15% retainer credit). This is a BCG-shape engagement, not SaaS. Procurement teams that buy strategy work already have the playbook.

---

What you would be deciding

By signing the engagement, you decide:

Category framing. AI is labor — the CHRO + CFO operate it,

the CISO validates it. Not a security threat the CISO buys tools to contain.

Operating-model scope. The five pillars — Onboarding,

Supervision, Evaluation, Records, Termination — apply to every AI agent in the enterprise. Stock from ARX, partner-built (Sierra, Harvey, Decagon, etc.), and the customer's own engineering all conform to the same framework.

Atlas as executive surface. Atlas becomes the morning brief,

decision-support surface, and quarterly audit on the digital workforce. Customer-private — runs entirely inside your network, no egress to ARX, audit chain on your S3 + your KMS.

CHRO ownership of the digital workforce. Same operational

cadence the CHRO already runs for the human workforce. Workforce composition, hiring waves, termination cadence — all rolled up on the same dashboard.

---

What you delegate

After the framing decision:

CHRO owns workforce composition + manager structure + cohort

termination cadence.

CFO owns the engagement letter, the retainer, the quarterly

true-up.

CISO validates the credential model + audit chain + supervision

posture — same role they play for the human workforce.

CIO/IT runs the 72-hour deployment runbook (Window 1 PROVISION,

Window 2 VALIDATE, Window 3 GO-LIVE) with ARX's engagement team.

Engineering / Partner ecosystem builds the agents. ARX provides

the framework, the manifest, the SDK, and ~37 stock agents to seed day-1 coverage.

---

What is at risk if we do not act this quarter

Earnings credibility. "AI productivity" remains a slide, not a

measured outcome. The board's tolerance for this gap is ~2 cycles, not indefinite.

First-incident liability. The first peer enterprise to take a

headline hit on an unauthorized agent action sets the regulatory and PR posture for everyone behind them.

Cost of staying at Stage 02. $40–80M/year of foregone

productivity, compounding. By the time we exit Stage 02 in 18 months without ARX, the cumulative cost is $60–120M.

Workforce-design lead. Stage 04 enterprises that operate the

digital workforce on the same cadence as the human workforce will have a structural cost advantage of 18 months before it becomes the new floor. The window to be early closes once the category consolidates.

What is at risk if we do act this quarter

Engagement fee is non-refundable once Atlas is deployed and

the first cohort is live. Before that point, withdrawal is prorated to work-in-progress.

Year-1 paid-forward commitment is $29M. The retainer credit

cap (-15%) bounds the worst-case ARX-side underperformance, but the cash is committed at signing.

Operating-model change is real change. The CHRO will operate

10K-20K agents inside three years; that is a workforce-design shift, not a tooling rollout. Plan for executive-team capacity on Atlas (the morning brief + quarterly audit) and for IT capacity on the 72-hour runbook.

Vendor concentration. ARX becomes the operating layer under

every digital employee. The audit chain runs on customer infrastructure (your S3, your KMS, no ARX read access) which bounds lock-in, but the manifest framework + connector library + Atlas are all ARX-shaped surfaces. Expected, but worth naming.

---

The ask

Authorize a Q3 engagement signing at Tier 5. ~$5.0M engagement fee plus ~$24.0M Year-1 retainer. Three-year cumulative ~$80–100M against ~$300M of forecasted productivity gain at steady state.

Decision needed by: end of Q2 2026 to make the Q3 deployment window. Atlas takes ~2 weeks to deploy into the customer environment; the 72-hour runbook is the first cohort going live in Window 3.

If yes, the CFO and CHRO co-sign the engagement letter and the deliverable schedule. The CISO validates the credential and audit posture in week 1. First cohort goes live in week 4. Atlas's manifest set for the full digital workforce is delivered in week 8 for executive-team review.

---