AI Transformation in 3 Months

AI Transformation in 3 Months : How to Create Momentum ?

AI transformation has become a major strategic challenge for all companies, but it is easier to decree change than to make it a reality. Even in a tech company, AI adoption is far from spontaneous. Moreover, many have failed to generate business value and confirm ROI.

At Yogosha, Offensive Security Platform, we initially observed the evolution of LLMs with caution until 2025, when the stars aligned and we decided to lead an ambitious AI transformation in only 3 months. Setting a strategic ambition is one thing; anchoring it in the daily life of a company in 12 weeks is another.

So, how do you move from a noble intention to true collective momentum?

We approached this pivot not as a technical project, but as a change management challenge, structured around four fundamental questions, the WWWH:

• Who should lead the AI transformation?
• Why has AI become essential for us?
• What to do concretely with AI?
• How to organize the transformation daily?

We would like to share the behind-the-scenes of this transformation and the many lessons we gathered along the way

WHO must embody the AI transformation?

According to the adage: “the fish always rots from the head,” for a transformation to take hold, there must be a sponsor at the highest level, capable of engaging the leadership team and all employees.

Without this condition, the project can be swept away by shifting priorities from above or slowed down by decision-making and budget allocation processes.

Ideally, the sponsor should also have a strong cross-functional impact to facilitate team coordination while taking into account the reality of each one.

At Yogosha, our COO-CPO took on the role of Chief AI. His privileged position alongside the CEO and his managerial role with the delivery teams allowed this initiative to be fully realized in the company’s daily life, while his passion for AI enabled him to act as an evangelist across various roles.

WHY has AI become essential for us?

Top management can shout about the urgency to change, but if the rest of the company doesn’t feel the same need, the transformation is doomed to failure. The storytelling must therefore be clear and adapted to both collective and individual stakes.

Why AI at the collective scale?

To drive engagement, we began by sharing hard facts and a precise market analysis. The reality is that a small but growing portion of our clients and prospects are now demanding an AI-augmented value proposition. Meanwhile, we are seeing competitors arming themselves with AI-boosted tools, while new “AI-native” players are making significant noise and positioning themselves as potential disruptors

To ensure everyone understood the situation, we asked a simple question:

“Would you be willing to commit to a 3 or 5-year contract for a tool without AI? To pay tens or even hundreds of thousands of euros for a tool that would be unable to adapt to the evolution of your roles or make you more efficient?”

Regardless of the person, the answer is always “no”. This is how everyone understood that the market was at a tipping point and that change had become a sine qua non for the company’s mid-term survival. Along the way, our AI project gained particularly committed allies: the Sales team.

Why AI at the individual scale?

However, a company is more than just the sum of the individuals who compose it. To truly convince people, it is essential that everyone finds personal meaning in the change.

To achieve this, we focused on two main pillars:

• Showing concrete examples of how AI can facilitate work and eliminate daily frictions for every team, profession by profession.
• Inviting everyone to project themselves into the future beyond their current position, asking how their employability will evolve depending on whether they have concrete AI experience to showcase.

Consequently, a large number of our employees developed a real motivation to upskill and create their own “success stories” as quickly as possible.

This is how our first “AI enthusiasts” emerged from the Dev, Ops, Product, Cyber, Sales, and Marketing teams. Each was able to envision concrete use cases that would improve their daily lives and reinforce their technical skills.

WHAT to do concretely with AI?

A clear vision and quantified objectives

Doing AI for the sake of AI has no interest, and no change can materialize without a clear and precise vision.

In terms of a pitch, our ambition to orchestrate the best of human and artificial intelligence is beautiful and impactful, but it is far from enough to convince. That is why we have broken it down into concrete objectives anchored in the reality of our business and our daily life.

Augmenting our Cyber users

We have defined use cases integrated into our value chain with very high ROI potential for our clients as well as for ourselves. We selected the two most promising use cases and set a goal to develop and test advanced POCs with end-users in just 3 months

Facilitating integration with our clients’ AIs

Beyond the agents we can produce, we know that our clients are conducting their own research to improve their daily tasks with AI. We have therefore set ourselves the goal of opening our Yogosha MCP to facilitate integrations between their agents and our platform, and always within this 3-month timeframe.

Evangelizing our ecosystem on AI and cybersecurity best practices

Building on our experience in AI security testing, we have set a goal of market evangelization with a designated number of publications, awareness webinars, and participation in collective publications.

In parallel, we aim to share the results of this transformation project and each of our POCs so that our shared experiences can benefit as many people as possible.

This is precisely the context in which we wrote this article.

Augmenting every member of our teams

Because you cannot master a tool without using it, we decided to enable everyone to gain comfort and performance through AI, thereby developing a true AI culture across the entire company.

To remain ambitious yet pragmatic, we set a target of 70% adoption of AI tools and 100% upskilling in the understanding of AI systems, their limitations, and associated security issues. Once again, this objective is part of a 3-month roadmap, a timeframe particularly well-suited for change management. No major change can be achieved in such a short period, but key milestones must be “locked in” to ensure progress.

AI Transformation in 3 Months

Integrating AI at the heart of company processes

AI is not a ‘side project’! Treating it as such would be equivalent to nipping the initiative in the bud. To succeed, the transformation must take its full place in the priorities of each team. To do this, it is essential to integrate the subject into all of the company’s decision-making and implementation processes.

To start, AI must be addressed in the strategic alignment process. We therefore introduced the subject into the ritual that, every two months, leads us to take stock of strategic issues and the projects that support them. If AI had not managed to climb to the top of the priorities among all decision-makers, we would not have carried out this project, as its implementation would have inevitably faced priority conflicts with other strategic axes deemed more important.

Once recognized as a priority strategic axis, execution capacity must be secured by breaking the initiative down into concrete objectives. We have therefore introduced the subject into all other key bodies and processes, such as the Security and GDPR governance committees, the bodies for validating marketing, communication, and customer relationship roadmaps, and, of course, the product and technology roadmap cycles.

Communicating internally

Since all teams have aligned on the priority status of AI, we have ensured that it is fully integrated into our internal communication processes:

• We have included tracking of the initiative in our monthly All Hands meetings, which bring the entire company together.
• We have set up dedicated Slack channels to share our insights, foster cross-team collaborations, and allow early enthusiasts to evangelize others.
• We have prioritized AI in our Security communications and awareness efforts.
• We have internally shared all of our marketing publications related to AI.
• We have created a dedicated space in our Notion documentation area so that everyone can find resources and decisions related to AI.

Equipping and defining a collective playground

To adopt AI, one still needs agents to play with. In this regard, not all companies are equal in terms of budget and regulations to follow. In any case, it is essential to be clear about the provided playground and the rules to be respected.

We decided to remain faithful to our “Privacy-by-Design” and SecNumCloud approach. For business uses, we chose to prioritize AI embedded in our existing tools with two strict rules:

• Never feed a public AI with confidential data.
• “Keep the data where it lives“—meaning, do not provide an AI with data it would not already have access to.

For the development of POCs, we created dedicated test environments on a private server made available to teams 5 days a week and 12 hours a day, in order to control the budget.

In parallel, we closely monitored and continuously reassessed the cost of the agents used.

Facilitating training

Having tools in your hands is good, but you still need to know how to use them. Rather than seeking expensive off-the-shelf training, and given the diversity of our profiles and needs, we opted for a “geeks and makers” approach.

We began by evaluating the teams’ proficiency through a quick assessment, which also gathered the type of support they wanted.

Next, we created a database of courses, videos, books, and articles, which we populated both collaboratively—with help from all the enthusiasts—and semi-automatically using an AI curation agent built for the occasion.

The content is sorted by type, profession, subject, and level so everyone can find what they need. New entries in the knowledge base trigger Slack posts to notify the entire company.

The initial evaluation helped us prioritize the type of support, and we notably started by providing support and templates to ensure everyone masters the fundamentals of prompting.

However, the most important part isn’t the training itself, but the time freely allocated to everyone for learning and experimentation. We invited all teams to set aside dedicated learning time, and for POCs, we protected “FOCUS time” for both learning (25% of development time is dedicated to continuous improvement) and execution (where only urgent maintenance operations took priority over AI initiatives).

Leading by example or Dogfooding

The magic of AI is that it can be used for training purposes! We therefore used the tools at our disposal, notably the Google suite (Gemini, NotebookLM, Vid, etc.), to:

• Augment curation
• Generate training videos and documents
• Create knowledge validation quizzes
• Create a complete awareness cycle for the OWASP Top 10 LLM 2025 vulnerabilities

For each piece of content produced, we explicitly detailed the AI tools and approaches used to create them. As a result, we quickly found ourselves with over fifty pieces of content available, a private YouTube channel filled with short training videos, and teams well-versed in the basics of AI, capable of explaining the different types of LLM vulnerabilities and how to protect against them. At the same time, the use of agents for professional content production or task automation began to spread autonomously.

Developing Tailored Governance: The AI Committee

Unleashing such creative energy requires resources and involves risks. How can we control, secure, and facilitate without stifling innovation? This is where the final indispensable lever comes in: Governance, and in our case, the creation of the AI Committee.

From the very beginning of our project, we created a committee composed of key stakeholders from Security, Legal (and GDPR), Infrastructure, Application Architecture, Product, Finance, and Operations, all led by our COO Sponsor.

Its mission: To guide the responsible, secure, and strategic adoption of AI within Yogosha.

Its scope of responsibility:

• Definition of the reference framework: Establishing and maintaining safeguards for the responsible use of AI, encompassing security, privacy, and ethics.
• Risk management: Ensuring data security, compliance, and the consideration of ethical issues.
• Change management: Ensuring successful adoption and upskilling throughout the company to transform strategy into an internal culture.
• Validation of AI initiatives: Approving projects based on their strategic alignment, technical feasibility, and return on investment (ROI).
• Ecosystem oversight: Supervising AI tools, service providers, and ongoing initiatives.
• Resource coordination: Mobilizing the talents and tools necessary to support strategic AI projects.
• Leading our Community of Practice: Organizing recurring events to share knowledge and accelerate internal learning.

Its priorities:

• Prioritize ‘Quick Wins’ first (low complexity, high impact).
• Plan strategic investments as your AI capabilities mature.”

Its organization:

• A monthly meeting of less than an hour with a simple agenda:
  • Governance topics
  • Monitoring of security measures and tool requests
  • Development of ethical principles
  • Monitoring of adoption and steering of initiatives
  • Monitoring of POCs and budget/scope arbitration
• Transparent communication with the rest of the company with public meeting minutes and decision records
• A dedicated communication channel to follow up on actions

What might appear to be just another committee—an instrument of organizational inertia—has proven to be a real accelerator. Indeed, by bringing together all key players under the banner of innovation, we were able to intelligently address ethical, legal, and cyber risks while simultaneously and rapidly unlocking budgets and other necessary resources.

By avoiding hand-offs and back-and-forth exchanges, we accelerated decision-making, implementation, and compliance.

Conclusion

Creating momentum for an AI transformation is not a matter of magic, but of collective commitment supported by a structured methodology. At Yogosha, this pivot is no longer just an intention but an operational reality, and after only 3 months:

• Our Yogosha MCP server is now a technical reality, allowing our clients to orchestrate their own agents within our ecosystem.
• Our first AI-assisted vulnerability triage feature already shows a 90% success rate.
• Our dedicated offensive security testing workflow is already capable of assisting our internal pentesters, and its implementation has inspired many other potential use cases.
• Our teams have adopted the use of AI at over 70% in their daily work, and everyone is trained in the related cybersecurity and ethical issues.

We are at the beginning of our journey to achieve our vision, but the momentum is launched, and we have learned to realize our ambitions with pragmatism, speed, and at a sustainable pace.

---

6 Key Takeaways for your AI Dynamic

1. Ask the WWWH (Who, Why, What, How) questions together.
2. Embody from the top and lead by example.
3. Provide resources and focused time to teams.
4. Seek Quick Wins anchored in your value creation chain.
5. Pace by 3-month blocks with concrete results.
6. Create an “accelerating” Governance structure.

To learn more about the operational and technical aspects of our transformation, and to find out everything about the choice of use cases and technologies, we invite you to browse our other articles here:

AI pivot, under the hood: use cases, tools & budget

AI: From POC to Feature — The Guide to Safe Industrialization

AI and vulnerability triage: lessons learned from our automated assistance POC

Understanding and anticipating the impact of AI-based offensive tools in the field of cybersecurity