Six modes of AI use, and why we built the sixth differently
The question is not whether a company uses AI. The question is where the trust boundary sits — on the employee or on the system.
TL;DR
Public ChatGPT and Claude default to permissive: the model picks role, source, and fallback behavior on its own. AirOrchestra is the same class of assistant with four constraints locked: fixed role, fixed source, fixed scope, citation-or-refusal. The alternative — training employees to prompt well — has seven structural downsides this page walks through.
Six modes of AI use
The market splits not by industry but by mode of use. Six modes — not a "smarter / dumber" ladder, but a map of who carries the cost of getting an answer right. Pew Research (Feb 2025) and Gallup (Dec 2025) track AI use at work: a fast rise mostly among white-collar roles; many workers still rarely use AI on the job.
No AI
The employee finds the answer alone: phone the office, search a shared drive, ask a coworker, rely on memory. AI is not in the workflow.
Public chat
ChatGPT, Claude, Gemini, Microsoft Copilot. The employee writes a question like a message to a friend. The model picks role from phrasing, draws on its general knowledge, and decides what to do when uncertain. The model knows nothing specific about the company.
Prompt engineering
The employee learns to set the frame manually: role, format, constraints, examples. Quality improves for that employee. The frame lives in their head and their chat. Corporate prompt-engineering training programs sit at this mode.
Personal setup
Custom GPTs (OpenAI), Projects (Anthropic), Copilot Agents (Microsoft). One employee builds a tool once: files, instructions, name. A personal tool with memory; the frame is configured. Architecturally the model still has the option to ignore loaded files and answer from general knowledge.
Company-connected assistant
Glean, Notion AI, Microsoft Copilot Studio, ChatGPT Enterprise + Connectors, Onyx, Azure AI Search. The company connects an AI to its internal documents through an engineering team. Search retrieves; citations attach. Microsoft Copilot Studio in 2026 exposes an explicit "Allow ungrounded responses" toggle — the market acknowledges that model autonomy is a spectrum. In most configurations the model is still permitted to fall back to general knowledge when retrieval is thin.
Framed company assistant
AirOrchestra. The same AI, with autonomy locked architecturally: fixed role, fixed source, fixed scope, citation-or-refusal. Not "better" than mode 4 — a different setting of model autonomy for tasks where the cost of error is real.
The standard path: train employees to prompt well
When a company decides AI is useful but unframed AI is unpredictable, the common response is to train people. Prompt engineering courses, AI literacy programs, vendor user-enablement sessions.
The logic: an employee who learns to ask well will get useful answers.
In practice, that approach has seven structural downsides.
Quality variance
Fifty employees produce fifty quality levels on the same technical question. One picks it up in a week, another in six months, another never. Quality stops being a property of the company and becomes a property of the individual.
Trained people leak too
Disciplined professionals with mandatory security training have leaked sensitive material to public assistants. The summer 2025 CISA case (see below) is the clearest public example. If discipline fails at a federal cybersecurity director's desk, it fails harder for an apprentice without that infrastructure.
Cost in time and money
Training hours come off the tools or off evening time. Programs, trainers, materials. Continuous reinforcement because the skill fades. With turnover, training restarts for every new apprentice.
Training content goes stale faster than people relearn
AI tools change every three to six months — new models, new interfaces, new best practices. Material taught in January is partly obsolete by June. The retraining cadence outpaces what most companies actually run.
Knowledge does not accumulate in the company
A strong prompt engineer leaves and the prompts leave with them. The company does not get smarter, because the knowledge lives in heads, not in systems.
Prompt engineering does not scale to the field
Training works at a laptop in the office. An employee on a roof with tools in hand does not write a 200-word prompt. The places where AI matters most are the places training does not reach.
Training teaches positive use, not abstention
Training programs cover security awareness modules, but in practice they cannot enforce the moment of restraint — the moment when the employee, under deadline pressure, decides "this is too sensitive to paste." Architecture refuses the action; training only encourages restraint.
When training is not enough: the CISA case
In summer 2025 the acting director of CISA — the U.S. federal Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security — uploaded documents marked For Official Use Only into public ChatGPT.
The incident was reported publicly in January 2026 by TechCrunch, Ars Technica, and MeriTalk; Federal News Network later referenced the same reports in coverage of congressional scrutiny of the agency's leadership.
CISA is not an average organization. It runs mandatory security training, it operates its own DLP, it conducts regular tabletop exercises, and the position is held by people whose careers were built on cybersecurity. If discipline in that environment fails — not from malice, just from the friction of getting work done — the assumption that an ordinary employee in any other company will hold up does not survive examination.
The lesson is not "train harder." The lesson is that training and discipline are not the right layer to enforce information boundaries.
The CISA case proves a structural point: the leak is a byproduct of normal work without architectural constraints around the assistant.
The four constraints
AirOrchestra is an AI assistant. Same product class as ChatGPT, Claude, Microsoft Copilot. The difference is not the category; it is the degree of autonomy the model has.
Public ChatGPT and Claude default to permissive behavior. The model picks role from how the question is phrased, fills gaps from general knowledge, and decides how to respond when it is not sure.
AirOrchestra is the same assistant with four architectural constraints locked in advance.
Fixed role
The assistant operates as an HVAC specialist tied to the user's role in the company. Not a universal chatbot, not legal advice, not medical, not lifestyle. Off-scope topics return "out of scope for this assistant."
Fixed source
Answers are built only from approved company documents: submittals, OEM manuals, company SOPs, project files, RFI register. The model's general knowledge and the open internet are not in the source set. This is enforced at the retrieval layer — the endpoint indexes only the approved corpus, not by an instruction in the system prompt.
Fixed scope
Access to documents is filtered by user role and project assignment before retrieval runs. An employee assigned to one project does not retrieve from another. Roles are pre-set, not inferred per request.
Citation or refusal
Every answer carries a citation to document, section, and page. When retrieval finds no supporting passage, the system answers "not found in approved documents." A post-processing service runs between model output and the user reply: if the response text does not contain a citation token matching a chunk ID returned by retrieval, the service replaces the message with the refusal string. The check is deterministic — not a system-prompt instruction.
Still an assistant. Different setting on autonomy. The employee does not learn to prompt, does not pick a model, does not configure context — the frame is set in advance, and the work is to ask a question and get a cited answer or an explicit refusal.