Happy New Year! I hope you had a wonderful holiday season—I sure did. I also did a lot of reflection on how my work has changed in 2025, and all the small changes made a really big difference.

At the start of 2025, AI was useful but required a lot of validation. By the end of 2025, it became more reliable, more capable, and serves as my true assistant and partner. My win of 2025: creating a full working business model for a startup with Claude—assumptions, dashboards, all tabs connected, all formulas correct. I am no longer surprised that tasks that used to take days now take minutes or hours.

That personal shift mirrors what happened across finance in 2025. We stopped asking "can AI do this?" and started asking "how do I make sure AI does this correctly?" 

This is the first newsletter of 2026, and instead of just covering December's AI news, I'm looking back at the 25 developments from 2025 that actually matter and how they changed what's possible, what's affordable, what's required, and what's risky.

If 2024 was about AI experimentation, 2025 was about AI accountability. 2026 is about putting both into practice.

1 - Deep research goes mainstream

What happened: In early 2025, ChatGPT launched Deep Research mode for Pro users (later expanded to free tier with limits). Claude introduced similar capabilities, and Perplexity enhanced its research tools. These features conduct multi-step research across hundreds of sources, generating comprehensive reports with citations in 5-45 minutes.

Why it matters: Replaces junior analyst work for vendor research, market analysis, competitive intelligence, and policy review. But requires output validation—the tools can hallucinate sources even while citing them. Best used for initial research that's verified before decisions.

2 - Agent mode launches (but stays limited)

What happened: In January 2025, OpenAI launched "Operator," an AI agent that autonomously browses websites and executes actions. Anthropic followed with Claude Code in February. By year-end, multiple platforms offered agent capabilities that move from "advises" to "executes" tasks.

Why it matters: Fundamental shift from AI as advisor to AI as actor. When AI can click buttons, write code, and make purchases autonomously, you need new access controls, approval workflows, audit logging, and spending limits. Agents require employee-level governance.

3 - MCP (Model Context Protocol) enables financial software connections

What happened: Anthropic launched MCP in November 2024 as an open standard, and by 2025 it became the de-facto protocol for connecting AI to external systems. By year-end, thousands of MCP servers existed, with official connectors for Stripe, Asana, Linear, PayPal, and financial platforms. OpenAI officially adopted MCP in March 2025. 

Why it matters: AI can now read/write directly to your ERP, expense tools, banking platforms, and accounting software. This makes AI more powerful but also raises governance criticality. You must control what data AI can access and what actions it can take in financial systems.

4 - Real-time multi-modal analysis

What happened: Throughout 2025, models improved at handling images, PDFs, spreadsheets, and code simultaneously in a single conversation. Claude's context window expanded to 200K tokens (entire books), Gemini offered 1M token windows, and models could now analyze complex financial documents with embedded charts and tables.

Why it matters: Faster variance analysis, multi-document reconciliation, and cross-referencing financial statements. But accuracy still requires validation—models can misread numbers or charts, especially in complex formatted documents.

5 - Voice mode advances

What happened: ChatGPT Advanced Voice Mode and similar features from other platforms became more natural and responsive in 2025, moving beyond dictation to actual conversation. Models could interrupt, respond to tone, and handle complex verbal instructions.

Why it matters: Hands-free financial review during commutes, voice-based expense reporting, and verbal financial briefings. But creates new data security risks—what's being said in voice conversations, and where is it stored?

6 - Improved coding and spreadsheet automation

What happened: GPT-5.2-Codex (December 2025) and Claude 4's coding capabilities (May 2025) significantly improved code generation quality. Models could now write complex Excel formulas, automate spreadsheet tasks, and generate financial models with proper validation.

Why it matters: Accelerates financial modeling, automates repetitive spreadsheet tasks, and enables non-technical staff to build basic automation. But introduces risk of "black box" formulas that teams don't understand or can't audit.

So what: These capabilities are production-ready and will save your team time—but only with proper governance. The shift from "AI advises" to "AI acts" means you need new controls before deployment. Deep research needs output validation. Agents need access limits. MCP connections need whitelisted actions. The ROI is real, but so is the risk if you skip the governance step.

7 - DeepSeek shock: cheaper models perform competitively

What happened: In January 2025, Chinese lab DeepSeek released models showing high performance at a fraction of typical training/inference costs. 

Why it matters: Proved that "expensive = better" isn't always true. The cost-per-query economics shifted overnight. 

8 - API pricing drops 60-80% year-over-year

What happened: Throughout 2025, AI API pricing fell dramatically. Claude Opus 4.5 launched at $5/$25 per million tokens (67% cheaper than Opus 4.1's $15/$75). GPT-4o pricing dropped to $3/$10. Competitors launched at even lower price points.

Why it matters: 2024 AI budgets are likely overstated for 2026 planning. Recalculate costs based on current pricing. The "AI premium" has collapsed; negotiate better rates with all AI vendors.

9 - Open-weight models go mainstream

What happened: Meta released Llama 4 (April 2025), OpenAI released GPT-oss models (August 2025), and other open-weight models became commercially viable alternatives to closed APIs.

Why it matters: Option to run AI in-house for sensitive financial data, reducing vendor lock-in and potentially lowering costs. Tradeoff: infrastructure costs and technical complexity. Evaluate for high-volume, routine tasks.

10- McKinsey: 88% use AI, but most don't scale

What happened: A McKinsey study published November 5, 2025, found that 88% of companies use AI in at least one function, but the majority haven't scaled beyond pilot programs. Most remain stuck between experimentation and production deployment.

Why it matters: Pilots don't generate ROI. The gap between "using AI" and "getting value from AI" is process redesign, not just tool deployment. Budget for change management, training, and workflow re-engineering—not just licenses.

So what: Two things happened in 2025: AI got 60-80% cheaper, and most companies still can't make it work. Recalculate your 2026 AI budget based on current pricing—you'll likely find room to expand use cases or cut costs. If you're running pilots without ROI metrics, you're wasting money. Cut them. The gap between "we use AI" and "we get value from AI" isn't about better models—it's about better process design and ruthless prioritization. Stop testing. Start scaling what works.

11 - Microsoft Copilot embeds across Office/Dynamics

What happened: Throughout 2025, Microsoft deepened Copilot integration across Excel, Word, PowerPoint, Dynamics 365, and Power BI. Features included formula generation, data analysis, automated reconciliation, and natural language queries to financial data.

Why it matters: Easiest entry point for AI in finance—leverages existing licenses and training. But limited to Microsoft's feature roadmap and implementation quality varies. Not customizable beyond what Microsoft provides. Good for testing "AI in production" with lower risk.

12 - Oracle Fusion and NetSuite AI features

What happened: Oracle added AI-powered close automation, anomaly detection, cash flow forecasting, and intelligent reconciliation to Fusion Cloud and NetSuite throughout 2025.

Why it matters: Embedded in platforms you already use, reducing implementation risk. Oracle controls customization limits. Effectiveness depends on how clean your data is and how well your system is configured. Request roadmap transparency and training commitments before relying on features.

13 - SAP Joule across financial modules

What happened: SAP rolled out Joule, its AI assistant, across S/4HANA financial modules in 2024/2025. Features included natural language interface, automated journal entries, variance analysis, and intelligent forecasting.

Why it matters: Reduces technical barriers for finance users. Quality depends on SAP configuration and data foundations. Implementation support from SAP partners has been inconsistent—demand clear escalation paths and training before committing.

14 - Reality check: AI features require vendor support you may not get

What happened: Throughout 2025, traditional software vendors shipped AI features but implementation support and documentation lagged significantly. Many finance teams found features unusable without extensive vendor assistance that wasn't included in standard support contracts.

Why it matters: "Included" doesn't mean "works." Before budgeting for AI features from existing vendors, demand: roadmap transparency, implementation timelines, training commitments, escalation paths, and success metrics. Test features in sandbox environments before production deployment.

So what: Traditional software AI is the safest on-ramp for finance teams—it's embedded in tools you already know, reducing training and integration costs. But "included" doesn't mean "works." Before you budget for these features in 2026, demand proof: sandbox access for testing with your data, written training commitments, defined support SLAs for AI features, and roadmap transparency. The gap between vendor demos and actual implementation was the story of 2025. Don't assume AI features will just work.

15 - EU AI Act enforcement begins (then moderates)

What happened: The EU AI Act entered force August 1, 2024. Prohibited AI practices became enforceable February 2, 2025. General-purpose AI (GPAI) model obligations took effect August 2, 2025. However, implementation guidance softened mid-year, with the "Digital Omnibus on AI" proposal (November 2025) aimed at simplifying compliance and extending some deadlines.

Why it matters: First comprehensive AI regulation globally. Fines up to €35M or 7% of global revenue for violations. Even with simplification efforts, compliance requirements exist and are evolving. Companies using AI in EU must document everything, implement governance frameworks, and monitor regulatory updates.

16 - US state-level regulation attempts largely fail

What happened: Throughout 2025, the Trump administration attempted to prevent state-level AI regulation, but was largely unsuccessful. States pursued their own AI legislation, creating a patchwork of compliance requirements rather than federal clarity.

Why it matters: Expect state-by-state compliance complexity in the US. Companies operating across multiple states will face inconsistent requirements. Budget for legal review of each state's rules.

17 - AI Accountability Standards/Frameworks Launch

What happened: In 2025, organizations like NIST, ISO, and industry bodies released practical AI governance frameworks specifically for enterprises. These moved from theoretical principles to actionable checklists for risk assessment, documentation, and oversight.

Why it matters: Provides off-the-shelf governance frameworks rather than starting from scratch. Boards are asking "what standards are we following?"—these give you an answer. Also sets benchmarks for vendor evaluation.

18 - AI Insurance Market Emerges

What happened: In 2025, major insurers launched dedicated AI liability policies covering errors, hallucinations, data breaches from AI tools, and copyright violations. Pricing varied dramatically based on governance controls in place.

Why it matters: Risk transfer option now exists for AI deployments. Premium costs correlate directly to governance maturity—companies with documented controls pay 40-60% less.

19 - AI Audit Rights in Vendor Contracts Become Standard

What happened: Throughout 2025, large enterprises began demanding audit rights in AI vendor contracts—the ability to review training data sources, test model outputs, and inspect security practices. Major vendors started offering tiered transparency based on customer size.

Why it matters: Procurement teams should add AI audit clauses to all software contracts. Without audit rights, you can't verify vendor claims about data governance, accuracy, or security. Leverage in negotiations.

20 - SEC clarifies AI doesn't reduce management responsibility

What happened: In 2025, the SEC issued guidance clarifying that AI-assisted financial analysis doesn't change management's responsibility for accurate financial reporting. Using AI tools doesn't shift liability away from executives.

Why it matters: You can't blame the AI if the numbers are wrong. Management certification requirements under SOX still apply. AI is a tool, not an excuse.

21 - Cross-Border Data Flow Restrictions Tighten for AI

What happened: In 2025, several jurisdictions (EU, UK, some US states) clarified that AI processing of personal data crosses borders even if the data "stays local"—because models are often trained or run in other countries. This triggered compliance complexity for multi-national AI deployments.

Why it matters: Affects vendor selection and deployment architecture. Using a US-based AI vendor for EU employee data may violate GDPR transfer rules. Legal review required for any AI processing personal/financial data across borders.

So what: Governance isn't optional anymore—it's a legal requirement with real penalties. But you don't need to build from scratch. Adopt NIST or ISO frameworks as your baseline, add AI audit rights to procurement templates, and evaluate AI insurance to transfer risk. The EU's "simplification" proposal proves even regulators underestimated implementation complexity, so document your governance efforts now while enforcement is still maturing. For US companies, prepare for state-by-state compliance similar to privacy laws.

22 - Deloitte Australia financial report disaster

What happened: In July 2025, Deloitte Australia delivered a AU$440,000 ($290,000 USD) report to the Australian government containing multiple AI-generated errors, including fabricated academic references, non-existent court cases, and incorrect quotes from federal judges. The firm used Azure OpenAI GPT-4o without initially disclosing it, and was forced to issue a refund and rewrite the report.

Why it matters: Remember the "you deliver it, you own it" principle. AI assistance doesn't reduce professional liability. Even Big Four firms got caught relying on AI outputs without proper validation. This set a precedent: if Deloitte couldn't catch these errors, your team won't either without proper controls.

23 - SEC launches "AI washing" enforcement campaign

What happened: In March 2024 (carrying into 2025), the SEC charged two investment advisers with making false and misleading claims about their use of AI, fining them $400,000 combined. This launched a formal enforcement priority around "AI washing"—when companies exaggerate AI capabilities to attract investors. In January 2025, the SEC charged public company Presto Automation with similar violations. In April 2025, the SEC and DOJ jointly charged a startup founder who raised $42 million by falsely claiming his app used AI. The SEC created a dedicated Cybersecurity and Emerging Technologies Unit (CETU) in February 2025 to focus on AI-related misconduct.

Why it matters: Public companies and advisers can no longer use vague AI claims in investor materials, earnings calls, or marketing without substantiation. "We use AI" requires proof: what AI actually does, where it's deployed, and what results it produces. Empty AI claims in financial reporting or fundraising are now securities fraud.

24 - AI-generated fake invoices surge

What happened: In 2025, AI-generated fraudulent receipts and invoices exploded. AppZen reported fake AI receipts accounted for 14% of fraudulent documents by September 2025 (vs. 0% in 2024). Ramp's software flagged over $1M in fraudulent invoices within 90 days. The spike correlated with OpenAI's GPT-4o image generation release in March 2025.

Why it matters: Traditional visual inspection of receipts is now obsolete. Fraudsters use the same AI tools to create convincing fakes that fool both humans and basic AI detection. AP departments must upgrade to anomaly detection systems that analyze patterns, not just images.

25 - KPMG study: 59% of workers made AI-fueled errors

What happened: A KPMG study released in April 2025 found that nearly 6 out of 10 employees admitted to making mistakes in their work due to AI errors. Additionally, about half use AI at work without knowing whether it's allowed, and more than 40% are "knowingly using it improperly."

Why it matters: Shadow AI is a governance breakdown. Employees are using personal AI accounts to process company financial data, creating data privacy exposure and audit risk. You need to know what AI tools are being used and enforce policies before mistakes compound.

So what: If Big Four firms with quality controls can't consistently catch AI errors, your team won't either without validation protocols. The lesson from 2025 is clear: AI validation can't be "set and forget." Every AI-generated financial output needs human verification before it's used in decisions. For fraud detection, visual inspection is obsolete—upgrade to systems that analyze patterns, not images. And shadow AI is your biggest governance blind spot. Survey your team to find out what tools they're actually using, then make the rules clear. The KPMG finding means this problem is industry-wide.

We've covered what happened in 2025—the 25 developments that changed what's possible, what's affordable, what's required, and what's risky.

In the paid section, I'm sharing two things:

First, a deep dive into what I think was the most important development of 2025 for finance: MCP (Model Context Protocol). It's the technical infrastructure that will determine who actually gets value from AI in 2026 and who stays stuck in pilot mode. I'm explaining how it actually works, why it matters, and what you need to know before your ERP vendor tries to sell you on it.

Second, a 12-month AI calendar with specific action items for each month in 2026—from auditing shadow AI in January to building your 2027 budget in December. No theory, just what to do and when.

Happy New Year! I hope 2026 brings you clarity, momentum, and fewer pointless pilots.

I'll be back next week with frameworks, templates, and practical guidance on how to actually implement what we covered here. If you have a specific question or want a topic covered in an upcoming edition, just hit reply to this email. I read everything.

Here's to a year of scaling what works.

– Anna

This newsletter is for you, and we want to make it as valuable as possible. Please reply to this email with your questions, comments, or topics you'd like to see covered in future issues. Your input shapes our content!

Want to dive deeper into balanced AI adoption for your finance team? Or do you want to hire an AI-powered CFO? Book a consultation!

Did you find this newsletter helpful? Forward it to a colleague who might benefit!

Until next Tuesday, keep balancing!

Anna Tiomina
AI-Powered CFO