The Enterprise AI Framework: A Capability Stack for Enterprise AI Enablement

Part 1 of 7 in The Enterprise AI Framework Blog Series

By Dean Jerding, Jon Bolt, Nael Alismail, Kapil Chandra, and Vincent Picerno

Enterprises are drowning in AI tools. ChatGPT licenses sit unused next to Copilot deployments. Teams build their own solutions in Slack bots and Power Automate flows, while IT struggles to keep track of what exists and support requests from others who can’t build their own solutions. Meanwhile, executives face decision paralysis: Which AI platform should we standardize on? How do we govern the sprawl? Who owns the vendor lock-in risk?

The problem isn’t a shortage of AI tools. It’s the absence of a strategy that matches the right capability to the right user, at the right complexity level, with a governed, discoverable platform that ties it all together.  Recognizing that while the underlying technology is and will be evolving, different artifacts created in the agentic AI ecosystem can and will be reusable across platforms.  Organizations need to move forward and embrace that churn.  

Introducing the Enterprise AI Framework

The Enterprise AI Framework is not a single product. It’s a capability stack — a set of layered use cases organized around two dimensions: who builds the AI tool and how much complexity it requires. This structure acknowledges a simple truth: not every user needs the same capability, and not every use case demands the same investment and organizational support.  The Enterprise AI Framework is built on a principle: match capability to need, not need to capability.  All layers are discoverable in the same Exchange. All respect the same identity and permissions model. All can be monitored, rated, and improved. The structure enables distributed empowerment with centralized governance — which is exactly what enterprises need at this moment in the AI transition.

The Four Layers of the Framework

The Enterprise AI Framework is organized into four primary layers, each serving a distinct authoring model and use case complexity:

• Layer 1: Employees Use (No Build). These are foundational capabilities that IT configures and deploys to all users — a knowledge assistant grounded in enterprise documents, or an agentic desktop that lets any employee delegate multi-step tasks to AI. The end user consumes; IT administers.

• Layer 2: Business Users Build. Non-technical employees create simple automations (connecting apps without code) or build their own AI-powered applications and share them with their team. Power users, business analysts, and citizen developers empower themselves without waiting for IT.

• Layer 3: Technical Users and IT Build. IT and technical business analysts construct more complex automations with AI decision-making logic, or build polished departmental applications for specific business functions. This is where the agentic complexity lives, and where IT governance intensifies.

• Layer 4: Software Developers Build. Engineers and architects design and implement end-to-end solutions that orchestrate multiple AI agents, integrate legacy systems, and transform entire business processes. This is the tier of mission-critical, production-grade systems.

The Cross-Cutting Platform: AI Exchange, Permissions, and Deployment

Layering alone doesn’t create a platform. Three cross-cutting services bind the entire stack into a governed, discoverable ecosystem.

Enterprise AI Exchange. Employees can’t use a tool or resource they don’t know exists. The Exchange is a unified portal where employees search, browse, install, and launch all available AI tools — whether they’re a simple prompt, a skill, an MCP, a workflow, or a full application. Every listing includes a crowd-sourced 1–5 star rating, usage metrics, and author feedback. IT uses ratings and usage data to govern the portfolio, featuring high-performing tools and retiring underperformers. This solves the discovery problem that exists in every enterprise today.

Enterprise Permissions and Access Control. Every application published to the Exchange respects role-based access control integrated with enterprise identity (SSO, Entra ID, Okta). Teams publish with defined audience scopes — personal, team-scoped, department-wide, or tenant-wide. For organizations deploying autonomous agents, specialized governance frameworks enforce security policies that map to HIPAA, SOC 2, and EU AI Act compliance without manual overhead.

Deployment Targets. A single AI tool can be deployed to multiple surfaces: Teams, Slack, Web, Cloud APIs, or Desktop. The Framework abstracts the deployment complexity so that a tool built once can reach every user, regardless of their primary environment.  Business authors can’t be saddled with the details of the deployment architecture, which developers are more used to dealing with.

What’s Next - The Blog Series

The remainder of the blog series unpacks the Enterprise AI Framework in detail. Each subsequent blog explores a specific layer or cross-cutting service, with real-world examples, platform architecture, and guidance on how to implement each capability in your organization. 

Part 2 — “The Missing Piece: Why Every Enterprise Needs an AI Exchange”
This part focuses on the Exchange itself. It’s the discovery and governance layer that makes all of the above possible. Without it, you have scattered tools. With it, you have a platform.

Part 3 — “AI Tools Every Employee Can Use Today”
This part covers Layer 1. Employees ask questions about company knowledge and delegate routine tasks to an AI agent without any IT configuration needed. This is the trust-builder, the deployment that proves AI works in your enterprise.

Part 4 — “When Business Users Build Their Own AI”
This part explores Layer 2. Non-technical employees create simple automations and AI applications, publish them to their team, and watch adoption happen organically. No IT backlog. No six-month project cycle.

Part 5 — “The Technical Build: Agentic Workflows and IT Applications”
This part dives into Layer 3. Here is where IT and technical analysts build complex, reasoned automations and departmental applications. The complexity increases, but so does the business impact.

Part 6 — “The Deep End: Enterprise Value Streams and Developer Platforms”
This part addresses Layer 4. Software engineers orchestrate multi-agent systems that transform end-to-end business processes. Developers adopt AI as a core capability across the SDLC.

Part 7 — “Governance Across the Stack: Securing the Enterprise AI Framework”
This part wraps the series. Governance doesn’t live in one layer; it runs through all of them. This blog addresses compliance, security, and the human judgment required to govern responsibly at scale.

Frequently Asked Questions

What is the main problem the Enterprise AI Framework solves? It solves the issue of AI tool sprawl and executive decision paralysis. Rather than just acquiring more disjointed licenses or dealing with shadow IT, the Framework provides a strategic capability stack. It matches the right AI capability to the right user based on their needs and technical expertise, tying it all together in a governed, discoverable platform.

What are the four layers of the Enterprise AI capability stack? The framework is organized by who builds the tools and the complexity of the application:

• Layer 1 (Employees Use, No Build): Foundational, IT-administered tools like knowledge assistants.

• Layer 2 (Business Users Build): Simple automations and apps built by non-technical citizen developers.

• Layer 3 (Technical Users & IT Build): Complex automations and departmental applications requiring technical logic.

• Layer 4 (Software Developers Build): Mission-critical, end-to-end systems and multi-agent orchestrations.

How does the Enterprise AI Exchange fix the tool discovery problem? The Exchange acts as a unified portal where employees can search, browse, install, and launch all available AI tools (prompts, skills, workflows, or apps) across the organization. It features 1–5 star crowd-sourced ratings, author feedback, and usage metrics, which allows IT to govern the portfolio by featuring high-performing tools and retiring underperformers.

How is security and compliance managed across different AI tools and layers? Security is enforced via cross-cutting Enterprise Permissions and Access Control. Every tool published to the Exchange respects role-based access control integrated directly with enterprise identity systems like SSO, Entra ID, or Okta. Authors can define specific audience scopes, and specialized governance frameworks ensure autonomous agents comply with HIPAA, SOC 2, and the EU AI Act.

Do we need to build different versions of an AI tool for Teams, Slack, and the Web? No. The Framework utilizes "Deployment Targets" to abstract deployment complexity. An AI tool built once can be seamlessly deployed across multiple surfaces—including Teams, Slack, Web, Cloud APIs, or Desktop—without saddling the business author with the complexities of deployment architecture.