The Landscape
What's changed — and why waiting is its own decision.
The objection is predictable: 'AI changes every six months — we'll wait.' But the trajectory is not hype. Capability has doubled every 12–18 months, and open-weight models now run on private hardware. The firms building infrastructure today are accumulating an advantage that's expensive to claw back.
The pace of capability change
- 2023GPT-4GPT-4 launchParams: 1.8T (MoE)Context: 8K tokensFirst broadly capable reasoning model. Hallucination still a barrier for professional use.
- 2024Claude 3.5Claude 3.5 SonnetParams: ~300B (est.)Context: 200K tokensReliable document analysis at scale. First model professional services could trust for draft review.
- 2025Llama 3.3 70BLlama 3.3 70BParams: 70BContext: 128K tokensOpen-weight frontier model. Runs on private hardware. Fine-tunable on firm data.
- 20262026 frontierFrontier open modelsParams: TBDContext: 200K+ tokensPrivate deployment now matches or exceeds public API quality. The infrastructure gap has closed.
- 2023GPT-4GPT-4 launchParams: 1.8T (MoE)Context: 8K tokensFirst broadly capable reasoning model. Hallucination still a barrier for professional use.
- 2024Claude 3.5Claude 3.5 SonnetParams: ~300B (est.)Context: 200K tokensReliable document analysis at scale. First model professional services could trust for draft review.
- 2025Llama 3.3 70BLlama 3.3 70BParams: 70BContext: 128K tokensOpen-weight frontier model. Runs on private hardware. Fine-tunable on firm data.
- 20262026 frontierFrontier open modelsParams: TBDContext: 200K+ tokensPrivate deployment now matches or exceeds public API quality. The infrastructure gap has closed.
What stays vs what changes
What stays
- ✓Your client relationships — AI assists; professionals decide
- ✓Your workflows — M365, FYI Docs, Xero, Active Workpapers remain unchanged
- ✓Your obligations — APES 320, Privacy Act, TPB Code still apply
- ✓Your audit trail — every AI interaction can be logged and reviewed
What changes
- ↻How long tasks take — document review, drafting, reconciliation
- ↻What junior staff spend their time on — less data grunt work
- ↻How quickly you can query your firm's own precedents and templates
- ↻The competitive gap between firms that acted early and those that waited
“The question is not whether to adopt AI. It is whether you are choosing your adoption path, or it is choosing itself through shadow usage.”
Australian regulatory floor
Privacy Act 1988 + APPs
Personal information handled by AI must meet APP 11 security obligations. Any tool that processes client data — knowingly or not — must comply.
View source →TPB Code of Professional Conduct
Confidentiality and competence obligations extend to AI assistance. Using an unapproved tool for client work may breach Code sections 5 and 10.
View source →APES 320
Quality management systems must explicitly address AI use. Unmanaged shadow AI sits outside the QMS scope — a gap auditors will increasingly flag.
View source →ASIC REP 798
AI governance is a board-level responsibility, not an IT one. Firms cannot delegate oversight of AI tools to their technology teams.
View source →Risk of Inaction
The cost of waiting is not zero.
Each risk below is a present exposure — not a hypothetical — that grows with every month of unmanaged adoption.
Buying a SaaS AI tool (Copilot, ChatGPT Enterprise) addresses shadow usage — but it substitutes one data exposure for another. Client data still leaves your network, processed in a vendor's cloud. For SMSF clients, high-net-worth individuals, and medical professionals, that answer may not hold. See the Options page for a full comparison.