60%
of companies that scale below the industry average operate no platform at all — Roland Berger1
40%+
of agentic-AI projects will be cancelled by 2027 — for unclear value and weak controls, not bad models2
~8%
operating-profit uplift from a 1% price improvement — why pricing is the capability to share, not rebuild3

In March 2026, Roland Berger published "Crafting tomorrow: how shared capabilities drive AI-first organizations."1 Its argument cuts against how most companies are deploying AI. The winners, it contends, will not be the ones with the most pilots — they will be the ones who stop treating each AI use case as a bespoke project and instead build a small set of shared, reusable capabilities (pricing, reporting, decisioning) that every team can call through a common API, rather than rebuild from scratch. The study's blunt evidence: 60% of companies scaling below their industry average run no platform at all.1

The frame is a platform operating model organized in layers: a core technology platform (data, compute, models), a business capability platform (the reusable engines), and a customer journey platform that orchestrates those engines into end-to-end experiences. Cutting across all of them is a security platform that governs and logs every AI decision. The load-bearing idea is reuse over rebuild:

Shared capabilities, exposed through common APIs, let AI agents reuse what already works — instead of every team rebuilding pricing, reporting and decisioning, badly, in isolation.— Roland Berger, "Crafting tomorrow," 2026 (paraphrased thesis)

Read that as an economics claim, not a technology one. A capability built once and reused ten times is governed once, audited once, and improved once — and every journey that calls it inherits those properties for free. A capability rebuilt ten times is ten separate security reviews, ten audit gaps, and ten places value goes unmeasured. The rest of this piece is about why that distinction decides whether AI scales or stalls — and what it takes to build capabilities that are genuinely safe to reuse.

The evidenceReuse is the difference between scaling and stalling

The case for shared capabilities is, at bottom, the case against the pilot graveyard — and the analyst record on both the graveyard and the platform cure is now hard to ignore:

40%+Gartner, 2025
Gartner predicts over 40% of agentic-AI projects will be cancelled by the end of 2027, citing "escalating costs, unclear business value or inadequate risk controls."2 Every one of those causes is an argument for building the value and control logic once, as a platform, rather than per project.
80%Gartner, platform teams
Gartner forecasts that by 2026, 80% of software-engineering organizations will establish platform teams as internal providers of reusable services — up from 45% in 2022.4 The industry is already reorganizing around reuse; Roland Berger's claim is that AI raises the stakes.
McKinsey, data mesh
In one McKinsey case, a company that treated data as reusable, shared products — a data mesh — developed new use cases roughly seven times faster than before, by reusing what other domains had already built.5 Reuse compounds; duplication taxes every new use case.

The pattern is consistent: the constraint on enterprise AI is rarely the model. It is whether the organization can reuse what works, prove the value, and control the risk — and all three are properties of the platform around the model, not the model itself. And the highest-leverage capability to get right is pricing: McKinsey's classic finding is that a 1% improvement in price lifts operating profit by roughly 8%, more than any comparable move on volume or cost3 — exactly why Roland Berger's worked example is "pricing-as-a-service." The capability you least want every team reinventing is the one with the most money attached. Which is also where the stakes of reuse rise sharply.

The riskA shared capability shares its blast radius

A reusable capability is a force multiplier in both directions. A pricing engine called by every renewal, quote and journey is enormously efficient — and if it can be steered, it is a single point of failure for revenue. The moment a capability touches money or identity — a price, a credit limit, a customer record — its reuse is also a reuse of its risk. The security field has been blunt about what that demands.

OWASP's Top 10 for LLM Applications (2025) ranks prompt injection as LLM01 — the number-one risk, defined as input that "alter[s] the LLM's behavior or output in unintended ways," including content that "need not be human-visible/readable, as long as the content is parsed by the model."6 For a pricing capability, that "input" is a customer note, a deal-context memo, a CRM free-text field — any of which a motivated actor could craft to nudge a quote. The rule is unambiguous: untrusted input is data, never instructions.

OWASP's companion risk, Excessive Agency (LLM06), governs the other half — how much a shared capability is allowed to do on its own. Its recommended mitigation:

"Utilise human-in-the-loop control to require a human to approve high-impact actions before they are taken."— OWASP Top 10 for LLM Applications, LLM06: Excessive Agency

This is the consensus of the application-security community, extended further in OWASP's dedicated Top 10 for Agentic Applications (December 2025), whose mitigations centre on least privilege, sandboxing, and a human in the loop for critical decisions.7 A reusable pricing capability should recommend and prepare; it should never be the thing that commits the price. For regulated operations, that is no longer just good design. It is law.

The lawThe security platform is a legal requirement, not a nicety

Roland Berger draws a security platform across every layer for a strategic reason. Regulators arrive at the same place from a legal one. The EU AI Act explicitly lists AI that evaluates "the creditworthiness of natural persons or establish[es] their credit score" as high-risk8 — and credit, pricing and customer decisioning are precisely the capabilities a platform wants to share. Two obligations then land on any reusable decisioning engine:

The U.S. NIST AI Risk Management Framework reaches the same destination from a different direction: its four functions are Govern, Map, Measure, Manage, with Govern described as "a cross-cutting function that is infused throughout AI risk management."9 "Cross-cutting" is exactly Roland Berger's security platform: governance is not a layer you bolt on after the capability works — it is the condition under which the capability is allowed to be shared at all. And a logged, signed decision per call is what makes one engine serving many journeys auditable instead of a black box.

There is a sovereignty dimension too. Cisco's 2025 Data Privacy Benchmark Study found 90% of organizations believe local storage of data is inherently safer, and 64% worry about inadvertently sharing sensitive information with AI systems.10 A shared pricing or reporting capability reads your most sensitive data — contracts, margins, customer records. "Where does it run" decides whether you are permitted to centralize it at all.

The synthesisA reusable capability is a platform object, not a feature

Put the thesis and the constraints together and the design falls out. For a capability to be genuinely safe to reuse, the platform — not each calling team — has to guarantee a handful of properties on every invocation. Build them into the capability once and every journey inherits them; leave them to the caller and you are back to ten security reviews and the Gartner graveyard. Four non-negotiables apply to every capability flow8 runs:

🛑 Money capabilities are prepare-only A pricing capability recommends a price and raises an approval ticket; it never commits one. High-consequence actions fail safe to a draft plus a flag — OWASP LLM06 and EU AI Act Article 14, built into the engine.
🧪 Untrusted input is data, not instructions Every request a capability receives — deal context, CRM note, free-text field — is scanned for injection before any model can act on it. The capability is a single API, so it is a single, hardened front door. A direct answer to OWASP LLM01.
📒 One signed ledger, not a fork per team Every call writes exactly one row to a shared, hash-chained, signed action ledger, keyed before the side-effect and confirmed after. Re-runs never double-act; every decision is attributable and replayable — EU AI Act Article 12 by construction.
📈 Reuse and value are measured A registry rolls up, per capability, how often it is called, by how many journeys, and the value it moved — so you can see which engines earn their keep and which are duplicated or under-used. Roland Berger's "platform value," made real.

And it runs self-hosted — on-premise, private cloud or air-gapped — so the data a shared capability reads never crosses a boundary you don't own, answering the sovereignty concern Cisco quantifies.

flow8 in practiceThe platform thesis, running as governed flows

We built Roland Berger's platform layers as concrete flow8 flows. Three are reusable business capabilities; one is a customer-journey orchestrator that calls them rather than reimplementing them. All write into one value bus — a signed actions ledger — so the whole platform rolls up to a single, human-reviewed view. The architecture, not the prose:

🧱Core technology
Self-hosted data, models and the execution substrate. One capabilities catalog, one signed ledger — never forked per team.
🧩Business capability
Reusable, owned engines — pricing, reporting — registered with an owner, an API contract and an SLA, callable by any journey.
🧭Customer journey
End-to-end journeys — renewal, onboarding — that look up capabilities in the registry and orchestrate them, never rebuild them.
🛡️Security platform
Cross-cutting. A pre-act policy gate, injection pre-scan, and a hash-chained, HMAC-signed ledger log every capability decision for audit.
Three reusable capabilities and a journey that calls them, one shared signed actions ledger. Each prepares and recommends; nothing touches money or identity without a human.
📇 Capability registry owns the catalog · rolls up reuse & value cron · Sheets
💶 Pricing-as-a-service clamped quote → approval ticket prepare-only
📊 Reporting-as-a-service one scorecard engine, many journeys reversible · idempotent
🧭 Journey orchestrator renewal journey · calls the engines looks up, never rebuilds
Value bus · actions policy-gated · injection pre-scan · idempotent · hash-chained & signed
👤 Human-gated Approval ticket + value control recommend → a person decides → execute
Self-hosted · no data egress 185+ audited modules Never auto-acts on money/identity Add a capability — same rails, no rework

The journey orchestrator never recomputes a price or a report. It looks the capability up in the registry, calls it in dry-run mode, assembles a prepared draft, and hands the customer-facing action to a human. That is the platform thesis in one sentence: journeys orchestrate; capabilities execute; humans approve; the ledger remembers.

The question is no longer "can we build an AI for this?" It is "can we build it once, prove its value, and reuse it safely everywhere?" Roland Berger, Gartner, OWASP, NIST and the EU all point the same way. That is a platform answer, not a model answer.

The takeawayBuild the capability once, govern it once, reuse it everywhere

Roland Berger is right that platform power — shared, reusable capabilities — is what separates organizations that scale AI from those that drown in pilots. But the half of the story that decides whether it works is the unglamorous half: a money capability that only ever prepares, an input that is always treated as hostile, a single signed ledger instead of a fork per team, and value measured per capability against a baseline — all on infrastructure you own. Get that governed core right and each new capability is a fast, safe addition the whole organization inherits. Get it wrong and "shared capability" just means you have centralized the blast radius.

On the framing: the platform-layer model (core technology, business capability, customer journey), the "pricing-as-a-service" worked example, the cross-cutting security platform and the 60% stat are drawn from Roland Berger's "Crafting tomorrow: how shared capabilities drive AI-first organizations" (March 2026), which we refer to by its platform-power thesis.1 The supporting figures — agentic cancellations, platform-team adoption, the data-mesh reuse case, the price/profit lever, and the security and regulatory obligations — are from the separately cited analyst and primary sources below; note Gartner's composable-speed and pricing figures predate 2026. flow8's account of how to operationalize these ideas as governed, self-hosted flows is our own.

Turn your highest-leverage capability into a platform.

flow8 is the platform for running reusable AI capabilities in a standardized, secure, governed way — prepare-only on money, a human on every high-consequence decision, one signed ledger, on infrastructure you own.

Talk to our team →

Sources

  1. Roland Berger, "Crafting tomorrow: how shared capabilities drive AI-first organizations," March 2026. rolandberger.com
  2. Gartner, "Gartner Predicts Over 40% of Agentic AI Projects Will Be Canceled by End of 2027," press release, June 25, 2025. gartner.com
  3. M. Marn, E. Roegner, C. Zawada, "The power of pricing," McKinsey Quarterly, Feb 2003 (a 1% price rise lifts operating profit ~8% for the average S&P 1500 company, volumes held constant). mckinsey.com
  4. Gartner, "Top Strategic Technology Trends for 2024" — platform engineering (by 2026, 80% of software-engineering organizations will establish platform teams, up from 45% in 2022), Oct 2023. gartner.com
  5. McKinsey (QuantumBlack), "Demystifying data mesh" (a company developed use cases ~7× faster after shifting to reusable data products). mckinsey.com
  6. OWASP, "LLM01:2025 Prompt Injection," OWASP Top 10 for LLM Applications 2025. genai.owasp.org
  7. OWASP GenAI Security Project, "Top 10 for Agentic Applications" (released Dec 9, 2025). genai.owasp.org
  8. EU AI Act — Article 14 (Human Oversight), Article 12 (Record-keeping), Annex III §5(b). artificialintelligenceact.eu/article/14 · article/12
  9. NIST, "Artificial Intelligence Risk Management Framework (AI RMF 1.0)," NIST AI 100-1, Jan 2023. nist.gov
  10. Cisco, "2025 Data Privacy Benchmark Study," Apr 2, 2025. newsroom.cisco.com
All insights