How It Works
Free Checklist
UK Agencies Are Losing Enterprise Contracts They Never Knew They Qualified For

71% of your team uses unauthorised AI tools. That's Shadow AI—ungoverned usage creating cascade risk, GDPR exposure, and procurement barriers with Enterprise clients
who need documented governance before they'll sign.

GovernFirst, not AI-First. That's how UK agencies win Enterprise contracts their competitors can't.
The Problem
The Operational Reality
Your team is already using AI.
ChatGPT for briefs. Claude for copywriting. Midjourney for concepts. Multiple tools across 10+ people creating operational invisibility you can't govern.
When Enterprise procurement asks "How do you govern AI tool usage?", you're guessing. 80% of Enterprise buyers demand documented governance. Meanwhile, 58% of agencies report pricing pressure they can't monetise.
The Leadership Dilemma
You're caught between two impossible positions.
Enable innovation and risk regulatory fines, IP contamination, or lost Enterprise contracts. Or restrict AI usage and become the bottleneck who slowed the team down while competitors accelerated ahead.
Without governance frameworks, you're building dependencies faster than you can track them.
What Should Be True
You shouldn't have to choose between speed and safety.
You shouldn't discover governance failures during crisis—when Enterprise clients ask questions you can't answer, when the ICO investigates a breach you didn't see coming, when your key team member leaves with all the AI knowledge.
Governance enables speed. Innovation can be safely accelerated.
The Solution
Value Pillar 1: Visibility Before Restriction
Most governance approaches start with prohibition. I start with visibility.
You can't govern what you can't see. The £500 Shadow AI Audit maps every tool, every workflow, every data exposure point across your agency. Most agencies discover 8-12 unauthorised tools. You'll know exactly what's running before deciding what to keep.
Governance isn't about control. It's about survivability under conditions you don't control.
Value Pillar 2: Three Simple Rules (Not 30 Principles)
Complex policies get abandoned. Your team remembers three rules, not thirty.
  • Data Traffic Light: Classify data as Red (never AI), Amber (approved tools only), Green (use freely).
  • Human Wrapper: Every AI output requires human review before client delivery.
  • Prompt Dividend: Track and capture effective prompts as organisational IP—don't let clients extract them as discounts.
Constraints drive creativity. Three Simple Rules create the clarity that accelerates innovation.
Value Pillar 3: Enterprise-Ready in 4 Weeks
Enterprise procurement is a binary filter. You either satisfy security requirements or you're disqualified before creative evaluation.
The £3,500 Governance-Ready Pilot Blueprint implements complete governance in 4 weeks: policies, training, documentation, and an AI Assurance Pack that answers the 20 questions ungoverned competitors struggle with.
What takes 6-12 months DIY, I deliver in one month. You pass Enterprise questionnaires your competitors can't.
Governance Alignment
Enterprise-Ready. GovernFirst™. No-Build.
Brains Before Bots helps agencies meet enterprise AI governance expectations by putting the foundations in place before AI systems are built or scaled.
Our work aligns with recognised AI governance principles (including those associated with the International Association of Privacy Professionals) by governing workflows, data, and decision rights — not by deploying or managing AI models.
Outcome: Clear visibility, accountable AI use, and RFP-ready governance evidence.
What This Means in Practice
Visibility into existing AI use (including Shadow AI)
Clear data handling and human-oversight rules
Governance documentation enterprise buyers expect
You can't govern AI if you haven't governed the work AI is touching.
Disclaimer: Brains Before Bots provides upstream AI governance and does not design, train, or deploy AI models.
I Understand This Pressure
I understand the pressure to innovate while protecting your firm.
For nearly fifteen years, I ran two agencies simultaneously in South Africa. XEIOH served pharmaceutical clients—Roche, Boehringer Ingelheim, Sanofi. Zonke handled consumer go-to-market—consumer electronics, telecoms, FMCG.
Both approaches worked—until they didn't.
When a major client's internal governance failed, both agencies were caught in the blast radius. Payments frozen. 12-14 months of uncertainty. Nothing we did wrong. External crisis we couldn't control.
XEIOH survived because formalised governance created financial firewalls, documented processes, and operational resilience.
Zonke closed owing significant operational debt despite great work and strong relationships. Informal governance couldn't scale to match crisis pressure.
Michael MacDonald
Founder, Brains Before Bots
"I didn't build Brains Before Bots because governance is theoretically important.
I built it because I've lived both outcomes."
Why Listen To Me?
Operator experience. Not consultant theory. 15+ years agency leadership across pharmaceutical and consumer markets. I've run vendor audits, built governance systems under pressure, and learned what works when resources are constrained.
Lived failure and success. Zonke taught me what happens when governance can't scale to crisis. XEIOH taught me what resilience looks like when systems are documented. I've lived both sides.
International perspective. South African agencies master resourcefulness under constraint—exactly what UK agencies need as AI changes their cost structure. US AI training from Wharton, Vanderbilt, and Northeastern combined with UK regulatory calibration. I bring emerging market practicality, cutting-edge methodology, and UK compliance knowledge.
Three Simple Rules framework. Proprietary IP built from agency operations. Not adapted Big 4 methodology. Frameworks designed for creative teams in professional services—lightweight, memorable, actually followed.
Your team using ungoverned AI tools is the exact pattern. Client concentration killed businesses loudly. Shadow AI concentration kills them silently.
The question isn't whether you'll face pressure that tests your governance. The question is whether you'll have governance when that moment arrives.
The Plan
STEP 1: SURFACE
Price/Duration: £500 Shadow AI Audit | 2 Weeks
I map what's actually happening. Tool inventory across your team. Risk assessment against GDPR, IP exposure, procurement barriers. Prioritised action plan.
90 minutes together. You get an 8-12 page report showing exactly where Shadow AI lives in your operations. No obligation to proceed. Complete visibility first.
STEP 2: STRUCTURE
Price/Duration: £3,500 Governance-Ready Pilot Blueprint | 4 Weeks
I implement the Three Simple Rules with full documentation and training.
  • Week 1: Current state mapping.
  • Week 2: Policy development.
  • Week 3: Team training.
  • Week 4: AI Assurance Pack creation and handover.
You exit Enterprise procurement-ready. Policies your team will follow. Documentation that passes security questionnaires. Training that builds capability, not resentment.
STEP 3: SUSTAIN
Price/Duration: £2,500/Month Momentum Advisory Retainer | Ongoing
AI regulations evolve. Tools change. Your governance needs to keep pace.
  • Monthly advisory calls.
  • Quarterly policy updates.
  • On-demand procurement support when Enterprise clients ask hard questions.
  • Tool evaluation for new capabilities.
  • Incident response if something breaks.
Your external AI governance team. Protection that evolves with the landscape.
Services Snapshot
Explore our tiered approach to AI governance, from initial assessment to ongoing support, designed to integrate seamlessly into your agency's operations.
Success & Failure
What Success Looks Like
You answer Enterprise questionnaires competitors struggle with. Security requirements that disqualify ungoverned agencies become your competitive advantage.
Your team runs AI confidently. Data Traffic Light decisions happen automatically. Human Wrapper protocols protect quality. Prompt Dividend captures value clients can't extract as discounts.
Innovation accelerates because governance provides the framework. You're not choosing between speed and safety. You've built the infrastructure that enables both.
What Failure Looks Like
The ICO announces AI governance as their top enforcement priority for 2025-26. Your agency operates with ungoverned tools processing client data across international borders. Three simultaneous GDPR breaches happening daily.
Enterprise procurement rejects your agency during security review. You never get to creative evaluation. £500K contract lost to a competitor whose governance documentation you could have built in 4 weeks.
Your best team member leaves. All the AI knowledge walks out the door. No documentation. No Prompt Dividend capture. Tribal knowledge you can't recover.
"Governance only reveals its value after something breaks. During growth, it feels like bureaucracy. During crisis, it determines whether you survive."
Free Resources
Two ways to assess your Shadow AI exposure:
Option 1: Quick Awareness Check (30 Seconds)
Shadow AI Red Flags -
Completely Free
10 warning signs Shadow AI is running ungoverned in your agency. Recognise 3 or more? You're not alone—78% of UK agencies have the same blind spots. No form. No email. Just immediate clarity.
30 seconds
No email required
Option 2: Complete Assessment (5 Minutes)
Shadow AI Risk Checklist -
Free Email Delivery
5-minute self-assessment across 5 governance dimensions:
  • Whether your team's AI usage creates GDPR violations
  • Which tools pose IP contamination risk
  • If you could answer Enterprise security questions today
  • Whether you're monetising AI capability or absorbing it as margin erosion
  • Your governance maturity score (0-30 points)
Enter your email to receive your checklist. Then decide if the £500 audit makes sense.
5 minutes
Email delivery
FAQ
Q: Are you AIGP certified or ISO 42001 certified?
Brains Before Bots is aligned with recognised AI governance principles referenced by bodies such as the International Association of Privacy Professionals, NIST, and ISO.
We do not present ourselves as a certification body or enterprise compliance auditor.
Our role is to put the governance foundations in place — inventory, workflow controls, data handling, and decision rights — so organisations can confidently meet enterprise AI governance expectations and engage specialist partners where required.
Q: Is this the same as enterprise AI governance?
No.
Enterprise AI governance typically focuses on model development, testing, monitoring, and lifecycle controls.
Brains Before Bots operates upstream, governing the work and data that AI systems rely on. This makes downstream governance possible — especially in agencies and professional services where AI use has already emerged informally.
Q: Do you deploy or manage AI systems?
No.
Brains Before Bots is a no-build consultancy. We do not design, train, fine-tune, or deploy AI models.
We ensure that when AI tools are used, they are used intentionally, visibly, and accountably.
Q: Will this help us respond to enterprise RFP and procurement questions?
Yes.
Our deliverables are designed to support common enterprise requirements, including:
  • Disclosure of AI use and tooling
  • Data handling and retention practices
  • Human oversight and accountability
  • Evidence of governance controls
Clients typically use our outputs directly in RFP responses, security reviews, and client audits.
Q: Is this relevant if we're not heavily using AI yet?
Yes — especially then.
Most enterprise governance frameworks assume organisations already have:
  • Documented workflows
  • Clear data ownership
  • Defined decision rights
Brains Before Bots helps you put these in place before AI adoption accelerates — reducing risk, rework, and lost deals later.
Q: How does this differ from AI implementation or automation consulting?
Implementation consultancies focus on what AI can do.
Brains Before Bots focuses on what AI should be allowed to do, where, and under whose authority.
We create the conditions for safe, defensible AI adoption — without pushing tools or builds.
Q: We're a small agency. Isn't governance overkill?
Shadow AI scales with team size — five people create the same GDPR exposure as fifty. Enterprise procurement cares whether you can answer security questions, not your headcount.
Small agencies need governance more. You don't have legal teams or compliance officers. One incident threatens the entire operation. The £500 audit shows if your exposure justifies investment.
Q: Why are your prices so much lower than competitors?
Strategic launch pricing. I'm pre-revenue, building in public, establishing UK proof points.
Big 4 consultancies charge £50K+ for similar work. Boutique firms charge £20-60K. I'm at £3,500 for complete implementation because I'm building the category, not matching competitors.
This pricing proves the GovernFirst philosophy: governance doesn't require enterprise budgets. After 10-15 implementations, I'll have proof points that justify £8-12K. Early adopters get operator expertise at implementation rates.
Brains Before Bots provides upstream AI governance and advisory services. We do not offer legal advice or perform formal certification audits.
Make the Invisible Visible Before External Pressure Requires It
Every day without visibility is another day building dependencies you can't track. Another Enterprise opportunity you're not qualified for. Another GDPR breach happening invisibly.
The £500 Shadow AI Audit takes 2 weeks. 90 minutes together. You get complete visibility into what's actually running, where the risks live, and what to do next.
No obligation to proceed. No high-pressure sales. Just an operator who's lived both outcomes showing you what he'd want to know if he were running your agency.
Book your audit. Make the invisible visible.
Or start with our free resources:
Brains Before Bots
Shadow AI Governance for UK Professional Services Agencies
BRAINS BEFORE BOTS is the trading name of Michael MacDonald.
Address: 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB
ICO Registration: CSN7870138
© 2026 Brains Before Bots. All rights reserved.