← Back to list

Summary card

EN 2026-05-08 23:00
OKRGenerative AIInformation Security

TransMove's closed generative AI construction request. OKR uncovered the coexistence of risk avoidance and adoption promotion, and progress measured through four outcome indicators.

ROI Case File No.498 'Don't Leak, Make Them Use'

EN 2026-05-08 23:00

ICATCH

Don't Leak, Make Them Use

Chapter One: The Unused AI, and the Leaking Information

"We trial-implemented Microsoft Copilot, but utilization is below 20 percent."

Naoto Osada, DX Promotion Office director at TransMove, opened internal AI usage logs. Six months after implementation, business utilization was limited, and the project was effectively stalled. "Management is hopeful about generative AI, but the field isn't using it."

"Why is it not used?" Claude confirmed.

"Multiple reasons," Osada answered. "First, they don't know what to ask AI. Second, they're anxious about whether to input business confidential information. Third, the misconception that input information is used for training. The moving industry handles customer addresses, family composition, and financial information. One mistake becomes a major incident."

"What's management's recognition?" I asked.

"Strong interest in business efficiency," Osada answered. "However, many members aren't AI-literate. Without showing both risk and outcomes through specific indicators, judgment stalls. It's been stalled for six months."

"You want to build AI that runs in a closed environment," Gemini confirmed.

"Yes," Osada answered. "Use generative AI for business on the premise of not exporting data outside the company. I hear it's technically possible, but the construction scale, operational structure, and adoption promotion methods—I haven't been able to organize where to start."

"Goals and outcome indicators need to be set together," I said. "OKR suits that design."

Chapter Two: OKR Asks About Connecting Goals and Outcomes

"This case requires OKR."

Claude wrote three letters on the whiteboard: O, K, R.

"OKR stands for Objectives and Key Results, a framework that connects qualitative goals (Objectives) and quantitative outcome indicators (Key Results)," I explained. "Known for Google's adoption, but it's also effective for advancing internal DX projects. AI projects tend to have high qualitative goals but vague quantitative indicators. Designing both simultaneously through OKR makes progress visible and establishes dialogue between management and the field."

"Let's first measure current costs," Gemini said, opening ROI Polygraph. She entered Osada's business data.

"Monthly business costs and opportunity loss are out," Gemini read. "Data entry and reconciliation work averages 500 hours per month. At 3,000 yen per hour, that's 1.5 million yen monthly. Document creation and summarization: 200 hours, equaling 600,000 yen. Internal inquiry response: 120 hours, equaling 360,000 yen. Information leak risk expected value tentatively placed at 600,000 yen monthly—an expected value considering the scale of personal information. Unrecovered Copilot implementation investment: 200,000 yen monthly. Total: 3.26 million yen monthly. Annualized: approximately 39 million yen."

Osada studied the figures. "This scale remains as opportunity loss."

"Now let's design with OKR," I continued.

[O—Objective: Coexisting Defense and Offense]

"We narrow the goal to one," Claude said. "'Establish generative AI as a standard tool in business while ensuring information security.' A goal that coexists defense and offense. Objective shows direction, not numbers. We agree with management here first."

"Neither just defense nor just offense," Osada confirmed.

"With only one, the other side collapses," I responded. "Strengthening only security means it won't be used. Promoting only adoption means information leaks. Only when an objective that establishes coexistence is set does the project move."

[KR1—Closed Environment Construction]

"The first outcome indicator is technical foundation," Gemini continued. "Completion of generative AI construction operating in a closed environment. Specifically, place LLMs in an internal data center or private cloud, completing a design where data doesn't leave the company. Indicators are 'launch date' and 'audit results showing zero data leakage.'"

"What's the specific technology selection?" Osada asked.

"Multiple open-source LLMs are now available for enterprise use," Claude answered. "Select with the balance of accuracy and operational load. Rather than training on internal data, we use a mechanism for referencing—RAG (Retrieval-Augmented Generation). This resolves concerns about data being incorporated into training."

[KR2—Zero Information Leak Risk]

"Second is the security indicator," I continued. "Quantitatively bring information leak risk close to zero. Specifically, prohibit access to external AI from the internal network, retain all input logs to internal AI, implement filtering functions for confidential information. Indicators are 'access count to external AI from internal network' and 'audit log complete retention rate.'"

[KR3—80 Percent Utilization Rate]

"Third is the adoption indicator," Claude continued. "Bring monthly user proportion to 80 percent or more of all employees. Utilization rate is the most important KPI for AI implementation. However, only chasing utilization rate generates 'pretending to use.' As a combination, we list practical use case count alongside it."

[KR4—Number of Automated Operations]

"Fourth is the impact indicator," I continued. "Bring data entry and reconciliation work automation to a monthly average equivalent of 500 hours. This matches current manual work hours. Rather than complete automation by AI, 'AI collaboration' where AI creates drafts and humans verify is the realistic goal."

[Calculating Investment Recovery]

"Let's run the numbers with ROI Proposal Generator," Gemini suggested.

  • Initial cost: Closed AI infrastructure construction, RAG implementation, security measures, employee training, operational structure construction. Total: 15.2 million yen
  • Monthly cost: Infrastructure operation, LLM inference, support: 420,000 yen
  • Monthly reduction: Semi-automation of data entry and reconciliation = 750,000 yen (half of 500 hours), document creation and summarization efficiency = 300,000 yen, AI first-line for internal inquiry response = 180,000 yen, information leak risk reduction = 420,000 yen. Total: 1.65 million yen monthly
  • Net monthly reduction: 1,650,000 − 420,000 = 1,230,000 yen
  • Payback period: 15,200,000 ÷ 1,230,000 = approximately 12.4 months

"Payback in just over a year," Gemini summarized. "The large initial investment is closed environment construction cost. From year two onward, net reductions on the scale of 15 million yen per year continue. Furthermore, internal infrastructure can be updated in response to generative AI technology evolution, so technology obsolescence risk is low."

Osada confirmed the figures and said, "We can now explain risk and outcome to management together. The decision stalled for six months might move on this."

"Connecting goals and outcome indicators shares the basis of judgment," I responded.

Chapter Three: Showing Progress Through Four Outcome Indicators

"Let me organize the approach," I said, standing at the whiteboard.

"Months 1–2—Technology selection and PoC, prototype closed AI infrastructure. Months 3–4—Main infrastructure construction, RAG-ization of internal data. Month 5—Security audit, external AI access blocking rule implementation. Month 6—Trial begins at three pilot departments. Month 7—Employee training and staged rollout. Month 8 onward—Company-wide rollout, quarterly KR progress reviews."

"To whom do we conduct KR progress reviews?" Osada confirmed.

"Bring together management, field, and IT department three parties," Claude answered. "Quarterly, share the numbers of each of the four KRs and visualize achievement levels. The essence of OKR isn't setting and finishing—it's quarterly dialogue for course correction."

Osada took notes and said, "Even creating goals, without a place to see progress, it doesn't move—this was the reason for the six-month stall."

Chapter Four: The Day Used AI Remained in the Company

Fourteen months later, a report arrived from Osada.

The closed AI infrastructure launched as scheduled. Going through pilot start in month 6 to company-wide rollout in month 8, monthly user rate reached 83 percent at the 12-month mark. It exceeded the KR3 target. "Once you start using it, you can't go back," employee comments were attached to the report.

Data entry and reconciliation automation reached the equivalent of 420 hours at the 12-month mark, against the initial target of 500 hours equivalent. While not fully achieved, it functioned as the central indicator of business improvement. The flow of "AI creates draft, humans verify in 30 seconds" took root, and verification time was shorter than initially expected.

The biggest change was the structural resolution of information leak risk. Access to external AI from the internal network became zero, and all generative AI usage completed within the closed environment. With audit log complete retention, who asked AI what and when became trackable. "For the first time, the information security department evaluated us as 'able to recommend AI usage,'" Osada wrote.

The quality of dialogue with management also changed. In quarterly KR reviews, four numbers lined up, and progress was objectively shared. Members not AI-literate could judge by looking at the numbers. "Decisions stalled for six months began moving by the month at the review setting," the report noted.

As a secondary effect, internal knowledge was organized. Document maintenance for RAG reference promoted structuring of internal documents. Long-neglected operation manuals and procedure documents were updated, triggered by AI utilization. "Preparation for AI implementation resulted in business document inventory," Osada wrote.

Industry evaluation also rose. Inquiries about TransMove's AI utilization came from competitors, and an industry magazine interview was conducted. "Even in industries handling personal information, generative AI can be used in closed environments"—this message began reaching the entire industry.

The end of Osada's report read: "Don't leak, make them use—whether these two can be pursued simultaneously was the essence of generative AI utilization. OKR became the language of that coexistence."

Used AI had become natural infrastructure within the company.

"Generative AI utilization is a domain where risk avoidance and adoption promotion coexist. What OKR asks is connecting goals and outcome indicators. Defense-only goals produce unused AI; offense-only goals produce leaking information. Setting goals that establish coexistence and measuring progress through four outcome indicators—this structure moves decisions stalled for six months. Don't leak, make them use—an organization that can pursue both simultaneously gains AI as a tool."

okr

Tools Used

  • ROI Polygraph — Visualizing business workload, information leak risk, and unrecovered investment
  • ROI Proposal Generator — Investment recovery simulation for closed generative AI construction

Describe Your Case

Related Files

Mar 13, 2026 EN

ROI Case File No.442 'The Ghost of Ten Years'

Preview is available on the detail page.

OKRManufacturingCost Reduction
Jan 08, 2026 EN

ROI Case File No.378 | 'TechNexus Inc.'s Unknown Quantity of AI Agents'

Preview is available on the detail page.

OKR
Nov 16, 2025 EN

ROI Case File No.321 | 'NexBridge's Invisible Goals'

Preview is available on the detail page.

OKR