In a 2025 survey, 88% of organizations had adopted AI.
Also, 70% used generative AI in at least one business function.
At the same time, safety frameworks separated biological/chemical and cyber into distinct tracking categories.
They prioritized response when a risk was “plausible, measurable, severe, net new, and instantaneous or irremediable.”
As capabilities spread, revenue may shift away from the model itself.
It may move toward deployment controls, accountability, workflow integration, and access restrictions.

TL;DR

• AI adoption reached 88% in 2025, and 70% used generative AI in business functions, while high-risk domains stayed separate.
• This matters because broad deployment and high-risk capability markets can follow different control and monetization patterns.
• Readers should sort products into three categories and design controls, audits, and deployment methods for each one.

Example: A team adopts an AI assistant across common work tools.
The assistant speeds up routine tasks.
A separate system handles sensitive research requests.
That system needs tighter review, narrower access, and clearer accountability.

Current situation

The broadest confirmed signal is demand.
According to Stanford HAI’s 2026 AI Index Report, 88% of surveyed organizations had adopted AI in 2025.
The same report said 70% used generative AI in at least one business function.
These figures suggest AI is not limited to pilot projects.
They also suggest commercial adoption has entered routine work systems.
Examples include customer support, marketing, and information processing.

Not all AI follows the same deployment logic.
OpenAI’s Preparedness Framework identifies biological/chemical and cybersecurity as frontier capability tracking categories.
These risks extend beyond ordinary misuse.
Biological/chemical refers to lowering barriers to creating or using weapons.
Cyber refers to creating new risks of large-scale attacks and vulnerability exploitation.

Deployment rules also differ.
General-purpose models can support broad user and developer ecosystems.
This can place more weight on usage policies and post-deployment risk management.
By contrast, high-risk systems should pass risk assessments before deployment.
OpenAI states that systems reaching High capability should have risk-mitigating safeguards before deployment.
Anthropic also states that certain thresholds trigger ASL-3 security or deployment standards.
It also strengthens access controls at those thresholds.

Analysis

There is a useful tension here.
Model performance may become more widely distributed over time.
If that happens, the premium on the model alone may weaken.
But enterprise spending can remain concentrated elsewhere.
It can move to operational layers.
These include internal data access, incident reduction, access records, capability blocking, narrow permissions, and response processes.
Research demos may be easier to replicate.
Field deployment systems may be harder to replicate.

This split can divide the market into two broad structures.
Research-support AI can raise productivity.
Still, it often faces strong demands for reliability and transparency.
It is also often attached as an auxiliary service.
Everyday workflow automation moves through broader channels.
The 70% figure supports that pattern.
High-risk dual-use AI differs again.
Here, greater capability can increase the value of closed operation, approvals, security investment, and restricted access.
That does not necessarily mean a larger market.
Stronger controls can narrow the customer pool.
They can also raise regulatory and reputational risk.
Pricing power may rise.
Transaction volume may still be limited.

Practical application

Decision-makers should first reclassify a basic question: “Where does our product belong?”
Many teams still build strategy around one model performance chart.
That approach alone may not be sufficient.
The same Language Model can require different deployment structures across use cases.
A research tool differs from a call center system.
A sensitive cyber or biology-related capability differs again.
Monetization can also change with that structure.
Broad-sale products often depend on integration and lower operating costs.
Sensitive products can treat access control and audit systems as part of the product.

If a tool supports paper summarization and search for internal researchers, source attribution and validation may take priority.
If it supports customer service automation, CRM integration and record retention may matter more.
Human handoff conditions may also matter more.
If a tool includes candidate sensitive cyber or biological/chemical functions, disclosure scope should narrow first.
Pre-deployment evaluation and approval procedures should also be designed.

Checklist for Today:

• Reclassify current AI functions into research support, workflow automation, and high-risk capability candidates.
• Write a one-page policy for each category covering access, logs, human review, and deployment approval.
• Recalculate pricing based on integration savings, accountability needs, and security operations burden.

FAQ

Q. If performance becomes standardized, will AI companies ultimately find it difficult to make money?
The answer appears more mixed than that.
If general-purpose performance becomes less scarce, model-level differentiation may weaken.
Operational elements can still retain value.
These include workflow integration, deployment control, security, and auditability.

Q. What makes high-risk dual-use AI different?
Official frameworks describe it as a frontier capability with possible severe harm alongside beneficial use.
The disclosed tracking categories include biological/chemical and cyber.
Such capabilities are subject to pre-deployment risk assessment and stronger safeguards.

Q. For our company, which metric should we look at first: model performance or adoption rate?
It may help to consider both, but in a different order.
First determine the workflow and risk category.
Then evaluate performance.
When adoption rates are high, operational fit and control design may outweigh performance differences in cost.

Conclusion

The monetization pattern is fairly simple.
As performance spreads, money may not leave AI entirely.
It may move from the model toward deployment control, accountability, and field integration.
That shift is a useful point to watch.
Start by deciding whether your AI should be broadly opened or more narrowly controlled.

Further Reading

• AI Resource Roundup (24h) - 2026-06-04
• Why Intervention Timing Matters for Long-Running Agents
• Optical-Guided Neural Collapse for SAR Incremental Learning
• Post Hoc Uncertainty for Autonomous Driving Object Detection
• Pre-Deployment Verification for RL Safety Under Transition Perturbations

References

• Preparedness Framework - cdn.openai.com
• Our updated Preparedness Framework | OpenAI - openai.com
• OpenAI’s Frontier Governance Framework - openai.com
• Announcing our updated Responsible Scaling Policy | Anthropic - anthropic.com
• Responsible Scaling Policy Updates | Anthropic - anthropic.com
• Economy | The 2026 AI Index Report | Stanford HAI - hai.stanford.edu