How Goldman Sachs Scaled AI to 46,000 Employees Safely

In January 2025, Goldman Sachs CEO David Solomon stood at the Cisco AI Summit in Palo Alto and told the room that AI could now complete 95% of an S-1 filing in minutes. 

An S-1 is the document a company files with the Securities and Exchange Commission (SEC) when going public. It used to take a six-person team two weeks, hundreds of pages of financial disclosures, risk factors, and regulatory language, every line reviewed by lawyers before it left the building.

The audience wasn't surprised that AI could do this. What surprised them was who was saying it. 

Goldman Sachs operates under three separate regulators: the Federal Reserve for banking, the SEC for securities and public disclosures, and FINRA for broker-dealer activities. Together, this means Goldman Sachs has compliance requirements that most enterprises never encounter. If AI governance oversight were a brake on AI adoption, Goldman should have been among the last institutions to show results. 

Instead, it became one of the examples everyone else was citing.

By June 2025, Goldman had rolled out its GS AI Platform to all 46,500 employees, starting with an initial cohort of 10,000 before expanding firm-wide, with more than half actively using it. Developers reported a 20% increase in productivity and a 15% reduction in post-release bugs.

"We launched our GS AI Assistant, which allows more people across the firm to get access to leading-edge models, to be able to use them in a safer, more reliable, and more compliant way, which, befitting our role as a regulated financial institution, is important."

—George Lee, Co-Head of Goldman Sachs Global Institute

Goldman Sachs' success raises a broader question for leaders: What is governance and oversight of AI systems? It isn’t an added layer of process but a set of accountability structures, risk frameworks, and approval processes that determine how AI is built, deployed, and monitored across an organization. Most enterprises treat governance as a final checkpoint. Goldman Sachs built it before deployment began.

That sequencing made the difference. When governance is in place before the first model goes live, every subsequent deployment inherits it. Approval processes stop being rebuilt from scratch, and compliance stops being a reason to slow down. What Goldman built first wasn’t the AI platform itself, but the framework that allowed it to scale safely across 46,500 employees.

In this article, we look at how three enterprises built AI governance oversight before deployment began and the measurable results that decisions produced.

Why 42% of Enterprise AI Never Reaches Production

The Goldman Sachs AI success story is easy to misread as a product of resources, scale, or regulatory experience. The evidence points to something simpler than that. 

By 2025, 42% of companies had abandoned most of their AI initiatives before reaching production, up from 17% the year before. The abandonment rate nearly tripled in a single year. The difference at Goldman wasn’t what it spent or who it hired. It was a decision made before the first deployment began.

That decision was to build governance before building the platform. And governance isn’t the same thing as security or compliance, though enterprises often treat them as interchangeable. Security determines how data is protected and who can access it. Compliance focuses on whether a deployment satisfies legal and regulatory obligations. Governance defines the accountability structures, risk frameworks, and approval paths that determine how AI is built and deployed across the organization. It’s what Goldman put in place first.

In practice, that meant the GS AI Platform hosted GPT-4, Gemini, Llama, and Claude entirely within the firm's own network. Every query was logged, every interaction passed through a compliance gateway, and access was controlled by role, department, and use case before any employee could use the system. Teams inherited those foundations rather than rebuilding them for every new use case.

Most organizations are still operating without that foundation. According to a survey by Deloitte, only 30% rate themselves highly prepared for risk and governance, the lowest score across the five dimensions of AI adoption, below technology infrastructure, strategy, data management, and talent. This continues to challenge responsible AI in the enterprise initiatives. 

The gap widens as AI systems become more autonomous. Nearly three-quarters of companies expect to deploy agentic AI within two years, yet only 21% have a mature governance model already in place. Unlike generative AI tools that assist employees, agents can act across live business processes with limited human intervention, increasing the need for effective AI governance oversight.

Shadow AI, Stalled Pilots and Late Governance: Where Enterprise AI Breaks Down

Most enterprise AI teams have experienced a governance review that delayed a deployment. That friction is visible, easy to measure, and easy to blame.

What rarely gets measured is the opposite: the ungoverned deployment that created compliance debt, triggered a rollback, or collapsed the moment legal requested an audit trail. Those costs are harder to see because they surface weeks or months after the decision that caused them.

The data points to where they land most often. Data privacy and security ranks as the top enterprise AI risk at 73%, followed by legal and regulatory compliance at 50%, and governance capabilities and oversight at 46%. Behind those numbers, three failure modes account for most of the breakdown.

Here’s an overview of the three failure modes that keep enterprise AI stuck before production and the decisions that helped overcome them:

• Every Deployment Rebuilds From Scratch: Without reusable governance infrastructure, every AI use case triggers new legal and compliance reviews. Teams answer the same questions repeatedly, reassess previously approved components, and rebuild trust from scratch. As a result, it takes an average of 8 months to move a generative AI project from prototype to production, and only 48% ever make it there at all. The fix is reusable governance infrastructure: shared frameworks, governed data platforms, pre-approved model repositories, and repeatable AI governance auditing practices. 
• Ungoverned Tools Fill the Gap: When the governed path is slower, employees find alternatives. Today, 69% of organizations suspect or have confirmed the use of prohibited AI tools, 38% of employees share confidential data with AI platforms without approval, and companies experience an average of 223 shadow AI incidents per month involving sensitive data. The fix is making the governed path faster and easier than the ungoverned one. 
• Governance Arrives Too Late: Most organizations deploy AI first and address governance later, leaving explainability, audit requirements, and risk controls for a future phase that rarely arrives on schedule. A McKinsey survey published in Stanford HAI's 2026 AI Index Report found that responsibility for AI governance is spread across at least nine business functions, with no single team owning the problem. By the time compliance teams engage, the architecture is already fixed, and changes are expensive. The fix is building governance before the first model goes live. 

Next, we’ll walk through how leading enterprises turned AI governance from a bottleneck into a business enabler and the specific changes that helped them scale AI beyond the pilot stage. 

What Helped DBS Cut AI Deployment Time by More Than 80%?

DBS Bank is Southeast Asia's largest bank, operating across 18 markets with hundreds of AI use cases spanning consumer banking, institutional banking, and support functions. Its challenge wasn't building models. It was getting them into production.

The bank had been experimenting with AI since 2014, beginning with an IBM Watson partnership for wealth management. As adoption grew, every new use case triggered legal, compliance, and risk reviews. The same questions were answered repeatedly, and even components that had already been approved were sent back through the assessment process. Moving from concept to production often took 12 to 15 months, slowing delivery and reducing confidence among business teams.

To reduce these delays, DBS established a shared governance infrastructure that enabled AI deployments to scale while strengthening AI governance and compliance across the organization. This foundation had three parts. 

First was the PURE framework, introduced in 2019, which required every AI use case to be Purposeful, Unsurprising, Respectful, and Explainable. Teams completed self-assessments before deployment, while higher-risk cases were reviewed by a Responsible AI council and other key AI governance stakeholders. 

Similarly, ADA is a centralized platform containing 5.3 petabytes of governed data. This eliminated the need for teams to obtain separate data approvals for every project and supported consistent AI governance oversight. 

Building on both, ALAN provided developers with pre-approved model components and deployment patterns. Teams could reuse approved building blocks rather than restarting reviews, assessments, and AI governance auditing processes for every new use case. 

"This work has reduced time to value for AI and machine learning from 18 months to about 2 to 3 months, and contributed to an economic outcome of approximately SG$1 billion in 2025."

—Eugene Huang, Group Chief Information Officer, DBS Bank

The scale of that impact is visible across the business. 

“Today, DBS deploys over 2,000 AI models across more than 430 use cases in different parts of the bank. While it was no easy feat to build this foundation, it has helped us scale generative AI use cases and prepare for agentic AI use cases.”

—Eugene Huang, Group Chief Information Officer, DBS Bank

Those use cases span the entire business: the CSO Assistant reduced call-handling time by 20%, and over 90% of employees now have access to DBS-GPT. AI-generated economic value grew from S$370 million in 2023 to S$1 billion in 2025, and the bank reported an 81% reduction in system incidents from AI-governed change requests.

DBS didn't move faster by reducing governance. PURE, ADA, and ALAN meant every new use case inherited the AI governance oversight foundation rather than rebuilding it from scratch. 

What Happens When Governed AI Becomes Easier Than Shadow AI?

In 2023, Walmart was ready to scale generative AI across its 10,900 stores in 19 countries. But the infrastructure to do it safely didn’t yet exist.

"We want to go all in with AI, but there was no enterprise ChatGPT or enterprise Gemini, and the data privacy element was not where it needed to be."

—David Glick, SVP of Enterprise Business Services, Walmart 

Without a governed path, teams would create their own. Unsanctioned tools would fill the gap, leaving compliance and security risks to surface after deployment rather than before it.

Walmart's response was to build a governed path that was faster than any alternative. That effort brought together technology, legal, compliance, and information security teams, with each group working to make AI both accessible and safe. These cross-functional teams became critical stakeholders in AI governance during deployment, reinforcing responsible AI in the enterprise. 

The company formalized that approach through its Responsible AI Pledge, establishing six commitments covering transparency, security, privacy, fairness, accountability, and customer-centricity. 

Element, Walmart's proprietary machine learning platform, turned those principles into a repeatable process. Every model undergoes multistage validation covering accuracy, information security compliance, and code lineage before going live, supporting ongoing AI governance auditing. A built-in pipeline visualizer uses generative AI to identify deployment issues and recommend fixes in real time.

"It allows only models that are compliant with our guidelines into production. We check for all those things before the code is in production, and that does not change with generative AI tools."

—Sravana Karnati, EVP of Global Technology Platforms, Walmart

Simply put, the governed path became the fastest route. AI coding tools saved approximately 4 million developer hours in a single year, while My Assistant, Walmart's internal generative AI tool, reached more than 75,000 corporate associates for daily tasks. At the store level, Ask Sam is now used by 900,000 associates and handles over 3 million questions each week, all under AI governance oversight. 

The same foundation powered operational gains. For example, the supplier negotiation agent closes deals with 64-68% of suppliers, delivering cost savings of 1.5-3% per negotiation. Meanwhile, route optimization AI eliminated 30 million unnecessary delivery miles and avoided 94 million pounds of CO2 emissions. The system performed well enough under Walmart's responsible AI standards that the company now sells it as a SaaS product to other businesses.

How AI Governance Oversight Helped AstraZeneca Reach Production in Six Months

Pharmaceutical AI carries a specific kind of compliance weight that most enterprises never face. Every deployment touching patient data or clinical trials must navigate FDA oversight, EU AI Act requirements, and multi-jurisdictional regulations simultaneously. Around 65% of leading pharma firms responded by banning AI tools outright rather than building the governance structures needed to support them. AstraZeneca took a different path. 

Many organizations build first and address governance later. AstraZeneca took the opposite approach, prioritizing AI governance and compliance before scaling any deployment. In November 2020, before generative AI entered the enterprise conversation, AstraZeneca's board published its Principles for Ethical Data and AI. Those principles quickly became operating structures. 

An AI Governance Framework, a Risk Framework, and a Responsible AI Playbook gave teams end-to-end guidance on developing, testing, and deploying AI systems. Cross-functional councils brought HR, legal, business, and AI accelerator teams into alignment before use cases launched. 

The company also tested its governance early. In 2021, AstraZeneca subjected its framework to an independent audit, strengthening AI governance auditing practices by identifying and closing gaps before models reached production. 

On top of this, governance was extended beyond policies and processes. AstraZeneca treated it as a workforce capability. Its AI Accreditation Program, launched in 2024, upskilled 12,000 employees through Bronze, Silver, and Gold certifications before deployment expanded across the business.

“We’re systematically looking at where we can redefine processes to go quicker. It’s about removing bottlenecks without removing accountability.“

—Brian Dummann, Chief Data Officer, AstraZeneca

That preparation shortened the path to deployment. When AstraZeneca’s Development Assistant moved from concept to production MVP in six months, teams didn’t need to wait for governance, security, or risk controls to be created. They were already in place. Every new use case inherited the framework rather than building from scratch.

That foundation also created a scalable operating model across clinical development, medical affairs, commercial functions, and internal operations, with each deployment tied to a defined business outcome.

The same foundation now supports AI-assisted workflows across more than 240 active global trials, with 85-93% of employees reporting productivity gains. When FDA guidance arrived in January 2025, and EU AI Act enforcement began phasing in, AstraZeneca didn’t need to redesign its approach. The governance architecture was already in place.

AstraZeneca treated governance as infrastructure rather than a final checkpoint. The company established standards before deployment began. This gave teams a faster path to production while maintaining strong AI governance and auditing discipline and staying ahead of evolving regulations. 

AI Governance and Compliance Are Becoming Strategic Priorities

Goldman Sachs showed what becomes possible when AI governance oversight is established before deployment begins. With the right foundation in place, the firm was able to scale AI across the organization while maintaining the controls expected of a highly regulated institution.

The same pattern appeared at DBS, Walmart, and AstraZeneca. Each organization invested in governance early through shared frameworks, governed data platforms, pre-approved deployment processes, and clear accountability structures. As a result, teams could move from pilot to production without rebuilding trust, approvals, and controls for every new use case.

That approach is becoming increasingly critical. By 2027, fragmented AI regulation is expected to cover 50% of the world's economies, with more than 1,000 AI laws already proposed and no two sharing a consistent definition of AI. Organizations that treat governance as infrastructure now will be better positioned to absorb that regulatory complexity without slowing deployment down.