Users and rightsholders cannot govern what they cannot see. When AI systems retrieve scholarly content through open-access discovery, summarize PDFs, or cache web fetches, compliance depends on disclosure: what was retrieved, from where, under which license, retained for how long, and whether it could enter training pipelines.

AI governance is not a bureaucracy exercise. It is how you prevent “quiet” AI failures from becoming public incidents, regulatory findings, or strategic own-goals. Boards don’t need to design prompts—but they do need to ensure accountability, oversight, and escalation exist in the operating model.

AI is a strategy lever—but it’s also a risk multiplier when deployed without guardrails. Boards don’t need to pick between “AI optimism” and “AI fear.” They need a portfolio view: where AI creates value, where it creates new exposures, and what proof of control looks like.

“Exploitation” in AI-mediated scholarly access is often not piracy. Many open-access licenses—especially CC BY—permit commercial reuse with attribution. The gray zone is lawful-but-harmful value capture: aggregation, RAG products, and synthesis services that comply with licenses while undermining creator economics, publisher sustainability, or public trust.

Publishers and rights holders have real tools—copyright, license design, technical controls, and enforcement policies—but legal open access combined with AI-scale retrieval exposes gaps where content is free to read yet reuse, aggregation, and model ingestion are difficult to monitor or monetize.

If you remember one thing about modern AI, make it this: it is a statistical prediction engine, not a thinking person. That single shift changes how boards should interpret outputs, demand controls, and assign accountability.

“AI” is now used as a label for everything from simple automation to systems that generate text, code, images, and decisions. For boards, the first job is not to become technical—it is to build a shared vocabulary so strategy, risk, and accountability can be discussed without hand‑waving.

Frictionless AI retrieval creates a dangerous illusion: if Unpaywall found a legal open-access copy and Claude summarized it, the workflow must be compliant. It may not be. Organizations using Claude or similar tools for scholarly workflows remain responsible for lawful access, license compliance, data protection, and platform terms—even when OA discovery tools and AI vendors make retrieval feel automatic.

Open access solved a reader-access problem: paywalls no longer block qualified researchers from reading scholarship. It did not automatically solve a creator-payment problem—and AI retrieval at scale may shift economic value toward intermediaries unless licensing and funding models explicitly account for new uses. When AI systems ingest OA literature, do creators and publishers actually get paid?

The compliance line in AI-assisted scholarly retrieval is not drawn at “open versus closed.” It runs between locating publisher-authorized open-access copies and any practice that bypasses technical or contractual access controls, exceeds license scope, or violates site or API terms—even when an AI system could technically retrieve the bytes. Here we map where lawful OA ends and circumvention, scraping, and policy violations begin.

When teams wire Claude or another AI assistant into scholarly research workflows, the first technical question is usually practical: can we use Unpaywall to find full-text papers? The first compliance question is harder: does discovery through an open-access index grant permission to copy, store, summarize, or commercialize what we retrieve? Unpaywall can lawfully help locate publisher-authorized or repository-hosted open-access copies of scholarly articles, but using that discovery in an AI retrieval workflow still leaves separate, and often stricter, questions about copying, terms of service, licensing, and downstream reuse.

Over the past eight posts, this series has examined the 2026 AI token economy from six distinct angles: the Uber budget collapse, the physics of context scaling, recursive agent loops, per-minute pricing disruption, KV cache optimisation, infrastructure power constraints, and the local inference break-even. Each post was a close-up on a specific failure mode or opportunity. This final post is the wide-angle view — a synthesis of the full series into a governance framework that translates individual insights into organisational practice. The thesis is simple: the era of “tokenmaxxing” — deploying AI at maximum capability without cost discipline — is over. The organisations that will thrive in 2027 are those that implement economic governance over their AI stacks before their next budget cycle, not after.