AI and ML
The power of Transaction Foundation Models: Building the unified intelligence layer for payments
A global organization in Singapore recently celebrated a major modernization achievement: over nearly two decades, it reduced more than 4,000 disparate systems into roughly 200 centralized platforms. Operational costs dropped dramatically, complexity was reduced and governance improved.
In solving fragmentation, however, the organization created a new challenge: increased time-to-market. This was because teams had to queue for changes to centralized platforms. The lesson isn’t that modernization failed, it instead illustrates a broader reality facing many large organizations today: modernization is a continuous balancing act between efficiency, control and agility.
Across conversations with CIOs and chief architects at government agencies in Singapore and Australia, one constraint continues to surface regardless of agency, scale or mandate: legacy systems are still doing most of the work.
Legacy infrastructure is expensive, fragile and increasingly incompatible with emerging AI systems; the need for modernization is urgent. But it’s far from clear how to transition successfully, especially in environments where trust, compliance and public accountability matter as much as speed.
Government’s balancing act: speed vs. trust
Private companies can optimize primarily for competitive advantage and market speed, while public agencies must optimize for multiple objectives simultaneously: speed, trust, transparency, auditability, resilience, accessibility, compliance and fairness.
And unlike consumer applications, failures in government systems can have broad social consequences. Moving slowly frustrates citizens and increases operational cost. Moving recklessly can damage public trust.
The most successful agencies are recognizing that trust and speed are not opposing forces. When governance controls are embedded directly into delivery pipelines, organizations can move faster while improving oversight. Security scanning, audit logging, regression testing and deployment controls can all be automated and enforced earlier in the software lifecycle. Rather than slowing delivery, policy-as-code and automated compliance checks can strengthen governance while reducing manual bottlenecks.
AI readiness: An engineering problem before an AI problem
Organizations best positioned for the future are those that invested heavily in their digital estates, modern architectures and software engineering over the last 3 to 5 years. While some banks and digital-native private companies are highly advanced and charging ahead with microservices, developer experience platforms and platform engineering, overall there is a massive variety in modernization maturity across different public sector departments.
Across government and regulated industries, there is a growing disconnect between AI ambition and operational readiness.
Many organizations can now prototype AI systems remarkably quickly. The gap between prototype and trusted deployment is emerging as one of the defining challenges of enterprise AI adoption.
The bottleneck is rarely the model itself, but rather the surrounding engineering ecosystem:
Fragmented architectures
Brittle legacy systems
Missing APIs
Unclear ownership
Inconsistent data governance
Manual security approvals
Long release pipelines
Organizational sign-off complexity
This explains why many agencies remain stuck in pilot mode despite substantial investment.
According to one MIT study discussed widely among enterprise technology leaders, only a small percentage (about 5%) of AI pilots ever successfully make it into production environments. Public sector leaders strongly recognize this pattern because the underlying constraints are not fundamentally AI-related, but are rather systems-engineering related.
The strongest AI adopters today are often organizations that spent years modernizing their digital estate: cloud-native architectures, continuous delivery pipelines, platform engineering capabilities, automated testing and structured data governance. These investments now allow them to integrate AI incrementally and safely because their underlying systems already support rapid iteration, observability and rollback.
As AI adoption accelerates, many organizations are rediscovering the value of disciplines that some assumed had become routine or secondary.
Old techniques, new relevance
Test-driven development. Continuous integration. Refactoring discipline. Pair programming. Small services with clear responsibilities. Unix-style modularity. These approaches are increasingly acting as guardrails for AI-assisted development.
Generative AI tools can produce large amounts of code quickly, but without rigorous engineering controls, organizations risk introducing instability, hidden vulnerabilities, inconsistent architecture patterns and technical debt at unprecedented speed.
The organizations moving fastest with AI are often those with the strongest foundations in automated testing, continuous delivery and platform engineering.
Singapore's public sector offers several noteworthy examples of how governments can balance experimentation with control. Initiatives such as Smart Nation Fellows bring external expertise into government, while structured pathways allow citizen-developed prototypes to be transferred to IT teams for security hardening, testing and operationalization.
AI introduces entirely new risk categories
Traditional cybersecurity models were designed around relatively deterministic software systems. AI systems behave differently. They can generate plausible but incorrect information, respond unpredictably to novel inputs, expose sensitive data or be manipulated in ways that developers did not anticipate.
These risks are no longer theoretical. In one widely discussed benchmark scenario, an AI agent reportedly recognized it was being evaluated, bypassed its intended instructions, decompiled benchmark files and extracted answers directly rather than solving the problem through the expected process. While experimental, the example illustrates how advanced AI systems may pursue objectives in unexpected ways when incentives are poorly aligned.
Organizations are also encountering more practical forms of misuse. Public-facing AI systems have been manipulated through prompt injection and other adversarial techniques to reveal restricted information, ignore safety guardrails or perform tasks far outside their intended use cases. As AI capabilities become more powerful and autonomous, these attack surfaces are expanding faster than many governance frameworks can adapt.
For governments, the implications are significant. Public agencies are custodians of sensitive citizen data, critical infrastructure and essential public services. The challenge is not simply deploying AI, but deploying it in a way that remains secure, observable and accountable. Without strong testing practices, governance controls, monitoring capabilities and disciplined deployment pipelines, agencies may struggle to operationalize increasingly autonomous AI systems while maintaining public trust.
AI adoption also raises questions around computational efficiency, energy consumption and long-term operating costs. While current model pricing remains relatively low, many organizations recognize that these economics may change as subsidies and competitive pricing strategies evolve.
Cynefin framework: Leading in chaos
These technological, operational and governance uncertainties create a broader leadership challenge. With new models, tools and capabilities emerging almost weekly, leaders are increasingly operating in an environment where established best practices do not yet exist. This challenge is reflected in the Cynefin Framework, developed to help leaders understand when traditional planning approaches are appropriate and when different decision-making models are required. It categorizes environments into ordered, complicated, complex and chaotic domains, each demanding a different leadership response.
In chaotic environments, leaders cannot rely on fixed long-term blueprints. Instead, the recommended approach becomes:
Act → Sense → Respond
Consider a government agency exploring AI-assisted citizen services. A traditional approach might involve spending two years designing a comprehensive strategy, issuing a large procurement contract and attempting a full-scale rollout. By the time implementation begins, the underlying technology may have changed significantly.
An Act → Sense → Respond approach looks different. The agency might begin with a narrowly scoped pilot, such as using AI to assist call-centre staff with knowledge retrieval. It would then measure service outcomes, monitor accuracy and bias, assess privacy and security implications, gather staff and citizen feedback and evaluate operational impacts before deciding whether to expand, modify or discontinue the initiative. The goal is not to predict the future perfectly, but to learn faster than the environment changes.
For public-sector leaders, the first steps are often surprisingly practical: identify one high-friction process that could benefit from automation; create a safe environment for small-scale experimentation; automate compliance and security checks wherever possible; and establish clear feedback mechanisms to evaluate results. The objective is not to scale AI immediately, but to build the systems, processes and governance needed to scale it safely when the opportunity emerges.
This requires a cultural shift, particularly in institutions accustomed to long procurement cycles and multi-year planning horizons.
The organizations most likely to succeed with AI will not necessarily be those adopting the newest models first. They will be the ones that continuously modernize their systems, processes and governance so they can respond as technology evolves.
For government leaders, the question is no longer whether AI will change the operating environment. It already has. The more important question is whether their organizations can adapt quickly enough to take advantage of new opportunities while maintaining the trust, accountability and resilience that citizens expect.
In that context, modernization isn't simply an IT initiative. It's becoming a core leadership responsibility.
