AboutBlogBusiness First AIFounder FreedomBook a conversation

Using AI to stress-test your plans before you commit

May 17, 2026
A business owner at a desk reviewing a printed document with a pen, natural light from a nearby window
TL;DR

A pre-mortem is a structured planning technique where you assume a project has already failed and work backwards to find the causes. Used with AI, it lets you generate failure scenarios across demand, delivery, finance, and regulatory risk faster than a human team can do in a single sitting. For a small UK services firm, building this into your planning process before any major commitment is a practical way to catch the risks you have not thought of yet.

Key takeaways

- A pre-mortem asks you to assume failure and work backwards before committing; AI speeds up the failure-scenario generation but the human team still makes the calls. - The most useful moments to run one are before hard-to-reverse decisions: major contracts, pricing changes, senior hires, and new AI tool adoptions. - Organise AI outputs into risk categories (demand, cashflow, delivery, people, legal, tech or vendor) and keep only the five to ten that could genuinely kill the plan. - If your plan involves confidential client data, check the ICO's data protection requirements before using a public AI tool for stress-testing. - Pre-commit to kill criteria before you start: define what evidence would make you stop, delay, or redesign the plan, and write it down.

Three weeks before a services firm signed their biggest contract to date, the founder had a nagging feeling. The numbers worked, the client seemed credible, and the team had capacity on paper. She couldn’t put her finger on what was off. She spent 90 minutes with an AI model, asked it to argue against every assumption the plan rested on, and got fourteen specific failure scenarios. Three she hadn’t considered at all. She adjusted the payment milestones, built in a scope clause, and signed with confidence.

That is what an AI-assisted pre-mortem looks like in practice.

What is a pre-mortem, and what does AI add to it?

A pre-mortem is a planning technique where you assume a project has already failed and work backwards to find out why. Gary Klein popularised it, and Harvard Business Review published his account in 2007. The aim is to catch overconfidence before you commit. AI speeds the technique up by generating failure scenarios across demand, delivery, finance, and regulatory risk far faster than a human team can manage in a single sitting.

The judgement stays with you. The failure modes AI surfaces are hypotheses, not predictions. Your job is to decide which ones are worth acting on, which to monitor, and which to set aside. The value is in the breadth of the first pass, not the authority of the output.

To get useful output, give the AI a complete brief: the decision you’re making, the stakeholders involved, the timeline, and what a successful outcome looks like. Vague prompts produce vague scenarios. Specific prompts produce scenarios you can actually act on.

Why does stress-testing plans matter for a small services firm?

For a 5 to 50 person firm, one bad decision lands harder than it does in a larger organisation. A client who can’t pay, a hire who leaves after three months, a vendor who doubles their fees: any of these can hurt a small firm in ways a corporate absorbs in a quarterly footnote. The FCA’s operational resilience regime requires regulated firms to set impact tolerances and test against severe scenarios for exactly this reason.

The Competition and Markets Authority’s work on AI foundation models also flagged vendor lock-in and outage risk as real business threats. For an owner-operated firm, those warnings apply directly. If you are about to adopt an AI tool and build a workflow around it, a pre-mortem on your vendor dependency is worth 60 minutes before you commit.

The return on that time is asymmetric. A bad plan costs far more to unwind than an afternoon catching it early.

Where in your business does AI stress-testing actually help?

The most useful moments to run one are just before major, hard-to-reverse commitments: signing a contract above your usual size, changing your pricing, making a senior hire, launching a new service, or adopting an AI tool you are about to build a workflow around. Each of these involves assumptions that cost more to get wrong after the fact than to test before committing.

For each, write the plan out in plain English first: the decision, the client outcome or business result, the deadline, and what good looks like. Then ask the AI to act as a sceptical operations director, a difficult client, a cyber attacker, and a tired junior member of staff. Collect the failure scenarios and group them by category: demand risk, cashflow risk, delivery risk, people risk, legal and compliance risk, and tech or vendor risk.

Keep only the five to ten risks that could genuinely make the plan unprofitable or undeliverable. For each, ask: what would you do the following week if this happened? Then, before you commit, define what evidence would make you stop, delay, or redesign the plan entirely. Pre-committing to those kill criteria is the step that separates a useful stress test from an optimistic brainstorm.

A final pass worth adding: once you have your mitigations, ask the AI to argue against them. It will often surface where you have created false comfort by addressing the visible symptom rather than the underlying risk. This second pass takes 20 minutes and regularly surfaces the most actionable insight of the whole exercise.

When does AI stress-testing fall short?

AI generates failure scenarios quickly, but it cannot substitute for legal, financial, or cyber assurance. The Information Commissioner’s Office is clear that organisations using AI remain responsible for compliance with data protection law, including fairness, transparency, and accountability. If your plan involves confidential client material, running it through a public AI tool without a data protection review may create risks that outweigh the benefit.

The National Cyber Security Centre’s AI security guidance identifies prompt injection, data poisoning, and model misuse as practical threat categories. These make useful red-team themes for your pre-mortem, but they are not a substitute for a professional security assessment. If the uncertainty in your plan is a legal question, you need specialist advice. AI can generate the list of things to worry about; it cannot resolve the ones that require professional judgement. There is also a simpler version of this limit: if the plan is already highly standardised and low-risk, a manual checklist may do the job just as well.

One other risk to name: if your team treats AI-generated scenarios as authoritative rather than as a starting list, the exercise can reinforce bad assumptions rather than challenge them. The pre-mortem works because it creates structured disagreement with your own plan. If the output is accepted uncritically, that disagreement never happens.

What else is worth knowing before you start?

Two things stand out from the current UK regulatory environment. The Information Commissioner’s Office has published specific guidance on generative AI, including the requirement for meaningful risk assessment when AI assists consequential decisions. If your stress-testing involves personal data, a Data Protection Impact Assessment is not optional. Separately, if your firm serves EU clients, the EU AI Act entered into force in 2024 and introduces risk-based obligations that may apply to AI-assisted planning processes.

The UK Treasury Committee’s 2025 report called for AI-specific stress testing by the Bank of England and the FCA, noting that current supervisory approaches may not be equipped for AI-driven shocks. That is a financial services concern at institutional scale, but the underlying logic applies to any firm using AI in its decision-making. Building the habit now, before a regulator or a client asks for evidence of it, is considerably cheaper than retrofitting it later.

Start small. Pick one major decision you are about to make in the next four weeks. Write the plan out in plain English, run it through an AI model, and see what comes back. Ninety minutes of stress-testing before commitment is a reasonable investment for any decision that would take months to unwind if it went wrong.

Sources

- Gary Klein (2007). 'Performing a Project Premortem.' Harvard Business Review. The original published account of the pre-mortem technique as a method for surfacing overconfidence before commitment. https://hbr.org/2007/09/performing-a-project-premortem - Information Commissioner's Office (2024). 'Artificial intelligence and data protection.' ICO. Guidance on organisations' ongoing responsibility for data protection compliance when using AI, covering fairness, transparency, and accountability requirements. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/artificial-intelligence/ - Information Commissioner's Office (2024). 'Guidance on generative AI.' ICO. Specific guidance on appropriate technical and organisational measures for generative AI, including requirements for meaningful risk documentation. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/generative-ai/ - Information Commissioner's Office (2023). 'Data Protection Impact Assessments (DPIAs).' ICO. Requirement to carry out DPIAs for AI-assisted processing of personal or regulated data before deployment. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-impact-assessments-dpias/ - National Cyber Security Centre (2023). 'AI security guidance.' NCSC. Identifies prompt injection, data poisoning, and model misuse as practical AI threat categories; useful as red-team themes in a pre-mortem. https://www.ncsc.gov.uk/collection/ai-security - Financial Conduct Authority (2023). 'Operational resilience.' FCA. Sets out requirements for regulated firms to define important business services, set impact tolerances, and test against severe-but-plausible disruption scenarios. https://www.fca.org.uk/firms/operational-resilience - House of Commons Treasury Committee (2025). 'AI in financial services.' UK Parliament. Recommended that the Bank of England and FCA conduct AI-specific stress testing, noting that current supervisory approaches may not be equipped for AI-driven shocks. https://committees.parliament.uk/publications/46761/documents/241319/default/ - Competition and Markets Authority (2024). 'AI foundation models: initial report.' CMA. Flagged market power, opacity, and vendor dependency risks for businesses relying on a small number of AI suppliers; a prompt to pre-mortem vendor lock-in before adoption. https://www.gov.uk/government/publications/ai-foundation-models-initial-report - European Parliament and Council (2024). EU Artificial Intelligence Act (Regulation 2024/1689). Risk-based AI compliance framework in force from 2024; UK firms serving EU clients may need to account for its obligations in AI-assisted planning processes. https://eur-lex.europa.eu/eli/reg/2024/1689/oj

Frequently asked questions

How do I run an AI pre-mortem on a business plan?

Write the plan in plain English first. Then ask the AI to act as several different critics: a sceptical operations director, a difficult client, a cyber attacker, and a tired junior staff member. Sort the failure scenarios into categories, rank by impact and likelihood, keep the top five to ten, and for each ask what you would do the following week if it happened. A human should review and sign off on any decisions that follow.

Can I use any AI tool for a pre-mortem, or are there restrictions?

You can use a general-purpose AI tool for generating failure scenarios as long as your input does not contain confidential client data or personal information. The ICO is clear that organisations using AI remain responsible for data protection compliance. If your plan involves regulated information, carry out a Data Protection Impact Assessment before using a public AI tool. For lower-risk planning, tools like ChatGPT or Claude work well.

What is the difference between a pre-mortem and a risk register?

A risk register records known risks and tracks their mitigation over time. A pre-mortem surfaces risks you have not yet identified by asking you to imagine failure before it happens. The two complement each other: a pre-mortem is most useful just before committing to a major plan, while a risk register tracks what you have found and what you are doing about it. An AI-assisted pre-mortem is a good way to seed a new risk register with realistic content.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

A person at a desk reviewing handwritten notes beside an open laptop

Prompt patterns that help LinkedIn posts sound human

The difference between LinkedIn content that sounds like a real practitioner and content that reads like an AI press release comes down to how well you brief the model.

A person at a desk with an open notebook and laptop, looking thoughtfully at handwritten notes

Picking AI tools for slower, higher-quality thinking

AI tools split into two camps: those that execute tasks faster and those that help you think harder. Here's how to tell which one you actually need.

A person sitting at a desk with a laptop and open notebook, pausing in thought with a pen in hand

How to work with AI as a better thought partner

A practical guide for service firm owners on using AI as a structured thinking partner for strategy, pricing and decisions, not just as a content tool.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd