What Happens After You Discover The AI Isn't Real: a Due Diligence Decision Framework

Every AI due diligence content piece ends at "here's how to assess." This one starts where the others stop.

You've done the technical due diligence. The findings are in. The AI isn't what the pitch deck claimed: the "proprietary models" are API wrappers, the "machine learning pipeline" is a rules engine with a modern interface, or the impressive demo hides architecture that won't survive its first thousand users.

Now what?

This is the moment most investors find themselves in with no playbook. The due diligence firm delivered a report full of technical findings, but the investment decision (walk away, renegotiate, or invest in fixing it) requires a framework that bridges technical assessment and commercial judgment.

The first step after receiving concerning due diligence findings is categorisation. Not all AI capability gaps carry the same implications, and the appropriate response depends entirely on where on the spectrum your target company sits.

After conducting technical assessments across multiple AI companies, I've found that findings cluster into four distinct categories. Understanding which you're dealing with is the single most important input to your investment decision.

The company labels rules engines, basic automation, or straightforward statistical methods as "AI" or "machine learning." The system works and customers use it, but it isn't what most technical practitioners would recognise as AI. This is the most common finding. A significant proportion of companies classified as "AI startups" show no evidence that AI is material to their core value proposition. Often the business is perfectly sound; it's the valuation multiple that's wrong.

Commercially, the product works, customers get value, revenue is real. But the company has been valued at AI multiples (10–30x revenue) when it should be valued at standard SaaS or automation multiples (3–8x). The gap between these two sets of multiples is where the renegotiation lives.

Remediation is low difficulty if the company has relevant data assets. Building ML capability on top of a working product typically costs £150,000–£750,000 over 6–18 months, assuming the team has competence in adjacent technical areas and the data exists to train meaningful models. The question worth asking: would adding real AI materially improve the product? Sometimes a well-built rules engine is the right technical choice, and the only thing that needs fixing is the marketing.

The company has actual machine learning, but it's significantly less sophisticated than represented. They pitched deep learning but deployed logistic regression. The model works in carefully controlled demos but degrades at production scale. The data science team exists but lacks the depth to execute the technical roadmap.

This category is often the most productive zone for investment. The basics are in place. The team understands ML concepts, has built data pipelines, and has some model development experience. The gap is maturity, not capability.

Commercially, the investment thesis may still hold, but timelines and milestones need recalibrating. The product roadmap probably has 12–24 months more technical risk than the pitch deck suggested. Customer promises may need tempering.

Remediation is moderate difficulty, typically £400,000–£1.5 million over 12–24 months, driven primarily by hiring senior ML talent and investing in MLOps infrastructure. The question that decides it: does the existing team have the intellectual honesty and technical foundation to close the gap with the right investment, or will they resist acknowledging it?

The company claims proprietary AI but is actually wrapping third-party APIs (typically large language model providers) with minimal customisation. There are no proprietary models, no training infrastructure, and likely no relevant training data. The entire technical "moat" is a prompt template and an integration layer.

This is not inherently a bad business. Plenty of valuable companies are built as integration layers. But it's a completely different type of business from what was represented, with different economics and a different defensibility profile. The company is subject to API pricing changes, terms of service modifications, and model deprecation, none of which affect companies with proprietary technology.

The valuation should reflect a services or integration business, not a technology company. Margins are structurally vulnerable. Competitive moats are thin. Any competitor can build the same wrapper in weeks.

Remediation is high difficulty. Building ML capability from scratch while simultaneously running a business on rented infrastructure costs £750,000–£4 million over 18–36 months. This means hiring an entirely new technical team, developing data collection and training pipelines from nothing, and managing the transition without disrupting existing customers. Many companies in this category never complete the transition.

The product is sold as AI automation but actually runs on human labour behind the scenes. Customer-facing outputs that appear automated are manually produced by teams of workers. The company operates at services margins while charging SaaS prices. The technology described in investor materials simply does not exist.

Several high-profile enforcement actions in 2024 and 2025 have established that this category now carries criminal liability risk. Regulators, particularly the SEC and DOJ, have escalated from civil penalties to criminal indictments for AI misrepresentation in investment contexts. One company raised $42 million while claiming "proprietary deep learning" with 93–97% automation. The actual automation rate was effectively zero, with hundreds of offshore workers completing tasks manually. The founder now faces charges carrying decades of prison time.

In most cases, this is a walk-away finding. The economics don't work: remove the humans and there's no product; keep the humans and the margins collapse. Beyond the financial calculation, proceeding with investment in a company that has made materially false representations about its technology creates regulatory, legal, and reputational exposure for the investor.

Remediation is very high difficulty, estimated at £1.5–£8 million+ over 24–48 months, with a significant probability of failure. There is no AI capability to build on, no data infrastructure, and often no technical team capable of building what was described. The only viable path is effectively building a new technology company inside the existing commercial wrapper, and even then, the unit economics during transition are typically unworkable.

Across all four categories, one question separates fixable situations from fatal ones: could this company build the claimed capability, even though it doesn't exist yet?

Answering that means looking at three things.

Start with data assets. Does the company possess relevant, proprietary data that could support ML training? A company with rich proprietary data and a functioning data flywheel (where product usage generates more training data) has a completely different remediation profile from one relying entirely on third-party APIs or public datasets. The data doesn't need to be perfect, but it needs to exist and be relevant to the problem domain.

Then look at team capability. Does the existing team have ML expertise, or only software engineering skills? Could they attract and retain ML talent? A minimum viable ML team (data engineer, ML engineer, data scientist, MLOps specialist, and product manager) runs approximately £450,000–£700,000 per year in loaded UK costs. The demand for AI/ML talent currently outstrips supply by roughly three to one, with mid-level salaries growing at nine percent year-over-year. If the company is in an unattractive location, sector, or stage for ML talent, remediation timelines extend considerably.

Finally, infrastructure readiness. Does the company have the data pipelines, compute infrastructure, and development tooling to support ML development? Or would remediation require building from the ground up? Most AI systems that undergo rigorous assessment fail basic build quality benchmarks: poorly documented, built on legacy infrastructure, difficult to scale or transfer. The gap between "we have a Python notebook that runs locally" and "we have production ML infrastructure" is typically 6–12 months and several hundred thousand pounds.

When the due diligence findings are in and you've categorised the gap, the next question is what the findings mean for deal terms.

Adjust the valuation from AI multiples to appropriate software or automation multiples. This can represent a 40–70% reduction in enterprise value, which is significant, but the business itself may remain highly investable. The negotiation framing is: "The technology works and the business is strong, but the valuation was predicated on AI differentiation that doesn't exist."

The standard approach is shifting a meaningful portion of consideration from upfront payment to earnout, typically 30–50% of total deal value, contingent on achieving defined technical milestones. Useful earnout metrics include model performance KPIs (accuracy, latency, throughput at scale) and automation rates versus human intervention rates. Industry data shows earnouts typically pay out about 21% of their maximum value; when any earnout is achieved, approximately half the maximum is paid. Structure accordingly.

This often warrants restructuring the deal entirely. Consider an acquihire format (valuing the team and customer base rather than the technology), or a heavily milestone-gated investment where capital releases only as proprietary capability is demonstrated. Pricing should reflect integration-layer economics, not technology company economics. The negotiation centres on whether the team and customer base have enough value to justify the investment required to build real capability.

Walk away. If investment documents contained material misrepresentations about technology capability, consult legal counsel about potential recovery actions. The SEC created a dedicated 30-person enforcement unit for AI-related fraud in February 2025, and enforcement actions are a bipartisan priority regardless of administration.

When you've decided to proceed despite capability gaps, the deal structure itself becomes the primary risk management tool. Several mechanisms have matured rapidly over the past two years.

Standard technology reps are insufficient for AI investments. Best practice now includes AI-specific representations covering: rights to training data, absence of data protection violations in data collection, accuracy of model architecture and performance disclosures, absence of undisclosed third-party dependencies (particularly API reliance), and compliance with emerging AI regulation including the EU AI Act. Leading firms recommend classifying these as fundamental representations with longer survival periods and higher or uncapped indemnity caps.

Milestone-based funding has become increasingly common. Rather than deploying capital in a single tranche, investment releases in stages as the company achieves predetermined technical milestones. This is standard practice in life sciences and increasingly applied to AI investments. The hard part is defining precise, measurable milestones with contractual clarity on what constitutes achievement, and building in renegotiation protocols for when technology pivots make original milestones irrelevant.

Standard holdbacks of 10–20% of purchase price, held for 12–24 months, can be supplemented with special-purpose escrows addressing specific AI risks: pending IP litigation, data provenance concerns, or regulatory compliance uncertainties. For Category 2 findings specifically, escrow release can be tied to remediation milestones, creating alignment between the seller's post-close incentives and the buyer's technical risk.

Pre-closing covenants matter too. Require the target to retain AI engineers, maintain model architecture and datasets without material changes, ensure lawful use of training data, and maintain sufficient compute capacity. These covenants prevent the common scenario where technical talent departs or core technology is modified between signing and closing.

One thing to watch: representations and warranties insurance (RWI) providers are increasingly scrutinising AI-specific risks and may exclude data provenance, model performance, and regulatory compliance claims. Don't assume standard RWI will cover AI misrepresentation.

If you've decided to invest in fixing the gap, here's what the costs actually look like.

A basic AI proof of concept runs £15,000–£50,000 over one to three months. Move to a custom ML solution at production quality and you're looking at £150,000–£400,000 over 6–12 months. Enterprise AI systems requiring integration, monitoring, and governance push past £400,000–£750,000+ and take 12–24 months. All of these assume relevant data exists and capable talent can be hired.

The single longest timeline is institutional capability building. You can hire ML engineers, but integrating them into an organisation that has never operated with ML workflows, doesn't have MLOps infrastructure, and whose product managers don't understand model limitations takes 18–36 months to reach maturity. Google's widely cited 2015 research on hidden technical debt in ML systems remains authoritative: only a small fraction of real-world ML systems consists of actual ML code. The surrounding infrastructure (data pipelines, monitoring, serving, configuration) is vastly larger and accumulates debt faster than traditional software.

The implication for investors: remediation budgets that account only for "building the model" routinely underestimate the true cost by 3–5x. The model is the easy part. Everything around it is where the time and money go.

Enforcement has changed sharply. Between March 2024 and mid-2025, regulators escalated from modest civil penalties (two investment advisers settling for a combined $400,000 for unsubstantiated AI claims) to criminal fraud charges carrying decades of imprisonment. The trajectory is unmistakable, and it's bipartisan: the current US administration frames enforcement as protecting legitimate AI innovation by deterring fraudulent claims that divert capital from real companies.

For investors, this creates a new dimension of risk. Investing in a company whose AI claims you know to be false, or should reasonably have known were false after conducting due diligence, creates potential exposure. The regulatory expectation is increasingly that sophisticated investors should verify AI claims before committing capital, and that failure to do so doesn't insulate them from downstream consequences if those claims prove fraudulent.

In the UK, the FCA has not yet brought AI-specific enforcement actions, but applies existing Consumer Duty and Senior Managers & Certification Regime obligations to AI claims. The EU AI Act, with penalties of up to €35 million or 7% of global turnover, is still in staged implementation through 2027 but is already driving 20–30% valuation discounts for AI companies with potential regulatory non-compliance issues.

AI technical due diligence is no longer optional for sophisticated investors. It's rapidly becoming a baseline expectation, both as investment discipline and as a regulatory compliance consideration.

Most AI due diligence processes are built to answer one question: "Is the AI real?" That's necessary but insufficient. The framework above requires your diligence process to answer four more:

Where on the spectrum does this sit? Marketing exaggeration, capability gap, API dependency, or fundamental deception? The category determines everything that follows.

Is the gap fixable? Assess data assets, team capability, and infrastructure readiness. A company with strong proprietary data and a capable but overstretched team is a completely different proposition from one with no data moat and a sales-oriented leadership team.

What does remediation actually cost? Not the optimistic estimate, the realistic one, including infrastructure, process change, talent acquisition, and the 18–36 months required to reach ML maturity.

What deal structure protects the downside? Match protection mechanisms to severity: adjusted multiples for marketing exaggeration, milestone-gated earnouts for capability gaps, restructured deal formats for API dependency, and walk-away with legal review for fundamental deception.

AI due diligence conducted by someone who has built production AI systems, rather than only reviewing them from the outside, is the foundation. But the real value is in what happens after the findings are in: the commercial experience to price the gap and the technical depth to design remediation plans that actually work.

If you've already completed due diligence and need help interpreting findings, or if you're planning an assessment and want it structured to support post-discovery decision-making from the outset, get in touch. For engagements where the findings reveal fixable gaps, our AI leadership advisory service provides ongoing technical guidance through remediation, making sure the capability actually gets built.