Designing and directing the enterprise-wide rollout of Anthropic's Claude platform across a 3,600-person family-owned Australian retailer — from early adopter program through to production agents driving margin improvement.
Harris Farm Markets is a family-owned fresh food retailer with a passionate workforce, a strong culture, and ambitions to become an industry leader in AI adoption. When the opportunity arose to deploy Anthropic's Claude — via both Cowork (for business users) and Claude Code (for developers) — HFM needed more than a technology implementation. They needed a structured, governed program that would build lasting organisational capability.
Attain AI Advisory was engaged as AI Hub Program Director to design the rollout architecture, establish governance, and direct ten integrated workstreams spanning change management, security, data architecture, use-case pipeline, and a fundamentally new IT operating model.
The engagement was distinctive for its ambition: HFM became an early adopter of Claude Cowork during Anthropic's Research Preview and Frontier Program, positioning themselves ahead of the market while building the guardrails needed for responsible enterprise AI at scale. A critical early deliverable was a comprehensive AI security baseline — assessing the current-state architecture against OWASP LLM Top 10 risks, mapping the threat profile proportionate to a fresh food retailer (not a bank), and designing a phased security maturity path from interim MCP controls through to a fully governed Azure AI Foundry ecosystem.
HFM had no existing enterprise AI platform, no AI governance model, and no standardised approach to AI-led development. Shadow AI was emerging unchecked.
Data and infrastructure security were the greatest concerns. The Board needed confidence in security, privacy, and contractual protections.
A family business with strong culture. AI adoption had to feel empowering — augmentation not automation — with job security addressed early and directly with messages of scale and better ways of working.
Previous technology implementations had generated 12 post-implementation Kaizen recommendations. Every one needed to be structurally embedded.
IT needed to shift from sole code builder to coach and quality gatekeeper — while maintaining BAU operations and the D365 platform.
The business case demanded measurable ROI: capacity uplift, SaaS rationalisation, cost avoidance, and margin improvement — not just innovation theatre.
Phased to build confidence progressively. Gates are readiness-based — not calendar-based — embedding the Kaizen principle that you don't advance until you're genuinely ready.
A governed, safe, and measurable rollout structured across ten interdependent workstreams — each with an assigned owner, defined activities, and clear phase-gate criteria.
Prosci ADKAR-aligned change management. Prompt Academy with four progression levels. Future Fridays creative collision spaces. AI Workforce Mindset Personas with tailored interventions.
Claude Cowork deployed via Microsoft Copilot on existing Windows devices. M365 permissions govern data access. Private plugin marketplace curated by admins.
M365 tenancy architecture with Semantic Kernel orchestration, MCP plugin architecture, Foundry model deployment, and a 6-stage production promotion pathway.
AI Citizens ring-fenced at 20% of their time. Hands-on prototyping. Rubric-based quality framework (8+/10 minimum bar). Claude Buddies peer learning program.
Project charter, SteerCo, Board reporting, phase-gate criteria, AI risk register, independent specialist advisor, Kaizen recommendations embedded, NIST/ISO alignment.
Spec Driven Framework with 6-layer AI + human delivery system. Agent & Swarm architecture. AI-led SDLC stage gates. ~75% delivery compression target. Code quality gates via Snyk, CodeRabbit, and GitHub Advanced Security.
Data classification framework (Public → Restricted). Role-based access controls. PII/PHI masking. Vector DB governance. Trusted data pipelines from D365/Fabric. Model independence principles.
11 security domains (D01–D11) from AI workload runtime through to model security. Agent Control framework with tool whitelisting. AI Seatbelt runtime enforcement. Shadow AI detection via Netskope.
Structured discovery workshops (3 use cases per function). Effort-impact-risk scoring. SaaS rationalisation tracker. Capacity uplift measurement. Quarterly benefit realisation reports for Board.
AI-First SDLC (BRD → FDD → DEV → QA → DEPLOY). Two-Speed model: AI-led development plus IT-governed production builds. IT shifts to coach, mentor, and quality gatekeeper.
We designed a dual-path model that maximises M365 governance for business users while preserving developer flexibility through Claude's native tooling.
Cloud-based within the M365 tenant, inheriting M365 security and identity. Full M365 Graph access to email, Teams, SharePoint, Calendar, OneDrive, and D365.
Claude Code CLI for agent builds, code quality gates, SaaS replacement, and AI-led development. Deployed via Claude directly with Git for Windows.
Governance was designed to give the Board confidence from day one. The structure is ADKAR-aligned (Awareness, Desire, Knowledge, Ability, Reinforcement) with clear escalation paths, decision rights documented in the Project Charter, and readiness-based phase gates — not calendar-based.
The Co-CEO serves as Executive Sponsor with Board comms accountability. A Business Sponsor drives LT collaboration and the business-view of the AI Hub. The Program Director holds strategic intent and workstream interdependencies. Every workstream owner is accountable for activities, timeframes, risk identification, and escalation.
Cadenced forums run from weekly stand-ups through to monthly Board updates, with phase-gate reviews requiring full ADKAR readiness assessment before progression.
Board Update (monthly), SteerCo (weekly, 45 min), Phase Gate Reviews (per gate). Chaired by Co-CEO. Escalation SLA: 24 hours to Board.
Program Stand-up (weekly, 45 min), Business Alignment (fortnightly), Workstream Working Groups (weekly, 1 hour). ADKAR Health Check monthly.
Before designing the future state, we conducted a comprehensive security baseline assessment. The question wasn't "what does a bank need?" — it was "what does a ~$1B fresh food retailer with 3,600 staff actually need?" The architecture had to be proportionate to the threat profile, not platinum-plated.
Measured against peers in the Infotrust Cyber Threat Intelligence assessment (Feb 2026). Seven MCP servers connected with no runtime security controls.
Direct attack vector on AI agents accessing live financial and operational data via MCP
MCP agents with broad database permissions manipulated into data extraction as agentic use expands
PII, pricing, margins, and HR data requires DLP inspection on AI traffic
Cross-server privilege escalation across 7 active MCP servers — one compromised server could invoke all others
External skills and unvetted plugins could embed malicious instructions — bypassing guardrails
Employees using AI without IT knowledge — browser extensions and unsanctioned tools creating uncontrolled data leakage
Control what tools agents can call. Rate limiting. Human-in-the-loop for sensitive actions. Read-only data governance as baseline with selected overrides.
DLP inspection on prompts before they leave the organisation. Block PII, BSB, ABN, TFN patterns. Shadow AI detection and blocking.
SSO + MFA for all AI access. Role-based access control — buyers see pricing, support doesn't. Conditional access policies enforced.
Runtime prompt injection detection. Content safety filtering on inputs and outputs. Covers OWASP LLM01 — the highest priority AI attack vector.
Full audit trail — who prompted what, when, with what data. Tied to identity. Essential for Privacy Act compliance and cyber insurance.
Zero Data Retention agreements. Data processed in-region where available. No model training on organisational data. DPA with residency clauses.
Structured use-case discovery workshops per function with effort-impact-risk scoring. Every use case tied to capacity uplift, cost avoidance, or revenue growth — tracked quarterly for Board reporting.
Systematic identification of niche SaaS subscriptions that Claude-built agents can replace. SaaS rationalisation tracker embedded in WS9 with cost-savings register and Board visibility.
The operating principle: grow capability through AI-augmented workflows rather than headcount growth. Capacity uplift measured in hours saved per function per month.
11 security domains (D01–D11) designed from scratch covering AI runtime, SaaS posture, shadow AI detection, prompt injection defence, code security, and model integrity.
Claude Code's Spec Driven Framework with 6-layer AI + human delivery system targeting approximately 75% delivery compression on agent and application builds compared to traditional development.
Prompt Academy with four maturity levels. AI Citizens across every function. A structured progression from Seedling to Mastering — building lasting capability, not tool dependency.
"Claude is not just a tool — it is a capability shift. Business users build solutions; IT is no longer the bottleneck."
— Harris Farm Markets CEO
Whether you're an early adopter or scaling enterprise-wide, we can help you design the governance, architecture, and change program to make it stick.
Start a Conversation → ← All Case Studies