The CFO question
Most companies cannot answer it. "What did AI cost us last month, and what did it return?"
Their CFO asked at the all-hands. The AI Change Leader said they would have an answer by month-end. Three weeks later they have a spreadsheet, six contradictory numbers, and a renewed appreciation for the difficulty of the problem. The Anthropic key is on someone's personal Console account. ChatGPT Enterprise is paid monthly on a corporate card with no department tag. GitHub Copilot seats sit assigned to people who left. The Vertex AI bill is buried inside Google Cloud somewhere.
This is the rough shape of every AI program we've talked to. Multiple pilots, very few in production. A board that approved the AI line item a year ago and is now asking for ROI. A CFO who would like a number, please. A CISO who is increasingly nervous about the bots that have started showing up in audit scope. And one person, the Chief AI Officer or the VP of Operations who got handed the file, accountable for all of it.
The bet WorkReef makes
Every shop will plug Claude into Salesforce inside 18 months. That part is not defensible. Building an agent that does a thing is not a moat anymore.
What's defensible is the layer between the AI you already run and the company that needs to govern it. The panel of frontier models that votes on every consequential call. The audit log a CISO can verify offline on her own hardware. The promotion gate that refuses to advance a candidate without thirty shadow runs at eighty-five-percent agreement. The hybrid-workforce abstraction that lets the org-map show humans and AI agents both filling positions with capacity and cost.
That's what we're building. We call it the governance layer for agentic AI. The platform companies can run their existing AI and their next AI inside of, with the controls and visibility leadership won't give them in a spreadsheet.
Four moves
WorkReef takes four moves on its own once a customer connects their stack. None of them is a setup wizard.
Discover. The Cartographer agent ingests Microsoft 365, Salesforce, Pylon, QuickBooks, Jira, GitHub, Snowflake, AWS, Datadog, and 19 more connectors. People, departments, workstreams, applications. The shadow AI nobody told us about. Spend nobody tracks. By the end of the first hour, the customer has the org as it actually operates, not the Visio diagram their COO drew in 2023.
Understand. Humans and AI agents both fill positions in the org. Capacity, cost, task portfolio. When a position is pressed, the customer sees it before the people in it tell them. The Steward agent watches AI spend the way a comptroller watches money. Anomaly above fifty percent week-over-week fires as a flag, not a trend.
Transform. For every task that might become AI, the Architect drafts the analysis. Then Claude, GPT-5, and Gemini each vote on four questions. Does the math work. Is this human-sensitive. Is the customer at risk. Does compliance allow it. The recommendation gate refuses to surface "do now" when the panel does not agree. The home page never shows an unvetted "AI takeover ready" call.
Drive. This is the differentiator. Approve a candidate, and the platform provisions the agent itself. A placeholder lands in the org-map with an intentionally narrow tool scope. It runs in shadow alongside the human baseline. Agreement rate climbs, or it does not. Promotion to live requires thirty runs at eighty-five-percent agreement. Backward moves are always allowed.
Why now
Two things changed in the last year. The first is that the frontier models got good enough that AI rollouts started actually working at non-trivial scale. The second is that the CISOs caught up to the fact, and the third meeting with the CISO became the meeting agent rollouts go to die at.
We built WorkReef to survive that meeting. Bring your own LLM provider (Azure OpenAI, Bedrock, on-prem, our managed providers). Bring your own KMS key. Tamper-evident audit log she can export and verify on her own hardware. Per-action approval gates with named approvers. Per-customer monthly AI spend cap. The hardening posture is published inside the product (what's done, what's mid-stride, what's deferred) so the security review starts on shared ground instead of a debate about marketing claims.
Private beta
We are taking a small number of design partners now. Five to seven companies. Sweet spot 500 to 10,000 employees, Microsoft 365 stack, an active AI program, a named accountable buyer. Movemedical is customer one (medical device + field services, HIPAA, FDA-relevant). If WorkReef earns its place inside Movemedical, it earns its place inside anyone.
If you have an AI rollout that is mid-evaluation and the patience to be involved while the platform is still wet, request access. We read every request the same day and reply within one to two business days.
— Bo Molocznik, founder