A four-pillar profile is a picture, not a prescription. The picture shows you where you are; reading it well tells you where to go next. Most organisations make the mistake of investing in their strongest pillar — the one where the team is confident, the roadmap is clear, and the wins are visible — when the right move is almost always to invest in the weakest. The radar tells you which dent is load-bearing.
Reading the shape
A balanced radar — all four pillars at roughly the same level — is rare, and not necessarily the goal. What matters is the relationship between the pillars. Certain imbalances are benign; others are dangerous. A firm that scores high on Governance and low on Use Cases has a policy apparatus in search of something to govern — a manageable problem. A firm that scores high on Orchestration and low on Governance has built a machine that can act faster than it can be stopped — a dangerous one.
The radar in Figure 31.1 shows a representative profile from a financial services firm: strong Governance (L4), moderate Use Cases (L3), weak Orchestration (L2), weak Integration (L2). The interpretation is immediate: this organisation's agents are well-governed in principle but under-instrumented in practice. The policy says agents must log every tool call; the orchestration layer does not actually do so. The policy says agent identities must be scoped; the integration layer issues credentials with excessive scope because the identity model for agents has not been built. The risk is not that the governance is weak — it is that the governance is strong on paper and weak in execution.
Pillar interaction effects
The four pillars interact. A Use Case portfolio that is rated at L4 — well-scored, well-governed, with clear kill criteria — is only as safe as the Orchestration layer running those use cases. If the Orchestration pillar is at L2, the kill criteria exist in a document but not in a circuit breaker. Similarly, an Integration pillar at L3 — APIs catalogued, secrets managed, data classification in place — becomes a liability if Governance is at L1, because the agent can reach data that no policy has decided it should be allowed to reach.
The OWASP Agentic AI Security Initiative documents this interaction effect in its threat model: the highest-risk scenarios are not those where one pillar is weak but those where two adjacent pillars are mismatched. A strong Use Case selection process (L3) running on a weak Orchestration layer (L1) is the setup for a prompt-injection incident. A strong Integration spine (L4) with weak Governance (L1) is the setup for a data-exfiltration incident. The radar reveals these mismatches at a glance.
McKinsey's State of AI research consistently finds that enterprises with the highest returns from AI investment are those that develop governance and technical capabilities in parallel, rather than sequentially. The radar is the instrument that keeps those two tracks synchronised.
The six archetypal profiles
Across dozens of enterprise assessments, six recurring profile shapes emerge. The Compliance-first profile (high Governance, low everything else) is common in regulated industries: the legal team arrived before the engineers. The Engineer-first profile (high Orchestration, low Governance) is common in technology companies: the engineers arrived before the legal team. The Pilot-heavy profile (high Use Cases, low Orchestration and Integration) is common in consulting-influenced organisations: the strategy was clear, the execution was not. The Data-rich profile (high Integration, low Use Cases) is common in data-mature organisations that have yet to identify what the agent should actually do with all the data it can reach. The Balanced-low profile (all pillars at L1–L2) is the most common of all: the organisation has started but has not yet committed. The Balanced-high profile (all pillars at L3–L4) is the rarest and the most valuable.
Investment sequencing from the radar
The practical output of a radar reading is an investment sequence: where to spend the next six months, and in what order. The sequencing heuristic is straightforward: close the most dangerous gap first, then the gap that blocks the most value. The most dangerous gap is defined by the interaction-effect analysis above — the two-pillar mismatch that creates acute risk. The most value-blocking gap is the pillar whose low score is holding down the ceiling for every other pillar.
In the financial services example from Figure 31.1, the most dangerous gap is Governance/Orchestration mismatch — paper policies with no runtime enforcement. The first investment should be in an orchestration layer that enforces the existing policy automatically: structured logging, circuit breakers, scoped identities. This does not require new policy work; it requires implementing the policy already on paper. Once the mismatch is closed, the integration investment follows: agent credentials scoped to the data classification already defined by Governance.
The radar reading also reveals what not to invest in. An organisation at L2 across all four pillars that is tempted to acquire an enterprise AI platform at L4 sophistication will find it unusable: the organisation lacks the governance, the evals culture, and the integration plumbing to operate the platform. Tools are only as good as the maturity level of the organisation operating them.
The radar as communication tool
Beyond its diagnostic function, the radar is the most effective communication tool available for briefing a board or executive committee on the state of an agent program. Four pillars, five levels, one picture — it takes thirty seconds to read and generates the right questions. Where are we weakest? What would it take to close the gap? What is the risk of not closing it?
Chapter 33 structures the twelve-month roadmap explicitly around radar checkpoints: a baseline at Q0, a progress read at Q2, and an expected target state at Q4. The roadmap is not a project plan in isolation; it is a commitment to move a specific set of pillars by a specific number of levels in twelve months, with the evidence to prove it.