Experts’ advice for companies adopting AI: ‘Start small, scale fast’

Businesses looking to adopt artificial intelligence should resist the temptation to move too fast without structure, instead focusing on small, targeted implementations that can be scaled over time, IT expert Jovan Pehcevski said during the closing session of the IBM & Tech Trends in Maltese Businesses conference.

The message emerged during a panel discussion featuring representatives from IBM and local technology firms, where speakers explored how organisations in Malta can navigate the rapidly evolving AI landscape while managing risk, governance and operational complexity.

The conversation was between Menicos Mavrommatis – Business Development Malta at IBM, Vince Vella – CTO/CCO FinTech Division at Computime, David Vassallo – CTO at Cybersift, Pierre Attard – CCO at PTL, and Jovan Pehcevski – Enterprise Technology Lead at SG Solutions.

Start small, scale fast, but build structure from day one

A key takeaway from the discussion was the importance of starting with clearly defined, manageable AI use cases before expanding across the organisation.

While interest in AI continues to surge, businesses are increasingly facing the challenge of balancing speed with control. The rapid pace of development – with new AI models emerging almost daily – is creating pressure to adopt quickly, often before proper structures are in place.

Dr Pehcevski warned that this approach can lead to unnecessary complexity, particularly when organisations attempt to deploy AI across multiple systems without a clear roadmap. Instead, companies were encouraged to build strong foundations early, ensuring governance, data structures and processes are in place from the outset.

AI agents, cybersecurity and the race to keep up

The discussion also highlighted the growing role of AI agents: Systems capable of autonomously executing tasks across different software environments to achieve specific outcomes.

These tools are increasingly being integrated into business operations, from infrastructure management to customer service, signalling a shift towards more automated and intelligent workflows.

At the same time, cybersecurity remains a critical concern. As AI adoption increases, so too does the potential attack surface for organisations, prompting businesses to explore how AI can be used defensively to detect and prevent threats.

Speakers noted that one of the biggest challenges is visibility, understanding what is happening across systems and ensuring that risks are identified early. However, even with improved monitoring, teams are often overwhelmed by the volume of alerts, raising questions about how much can realistically be automated using AI tools.

Earlier in the session, Denis Vella of PTL addressed the growing complexity of risk and regulatory compliance, outlining how organisations must navigate multiple interconnected areas including risk management, due diligence and certification requirements.

A structured approach to risk was presented through four key strategies: tolerating, treating, transferring or terminating risk, depending on the nature and severity of the threat.

AI, when properly integrated, can support better decision-making in these areas by providing faster insights and improving time to value. However, speakers cautioned that governance is often treated as an afterthought, rather than being embedded into AI strategies from the beginning.