Architect of defensible AI.

What I'm hired for.

Most teams can ship a demo. Few can put AI in front of a regulator, a board, and a live trading desk and still answer for every decision it makes. I architect the full stack of production AI, from the routing gateway to the governed agent to the platform that ships it, so capability arrives with accountability already built in. Power without an architecture of accountability is a liability you have deployed, not a capability you own.

Twenty-five years, in production.

Enterprise AI and data architecture across government, healthcare, finance, and telecoms.

→ Full résumé & CV

Dispatches.

Essays, articles, and field notes on cognition, systems, and the parts of AI that don't fit on a slide.

1. May 2026The Cartography of Memory.On why retrieval-augmented generation is the first floor, not the building, of cognition at scale.6 min
2. Mar 2026Costing the Agent.A field framework for pricing autonomous workflows when latency, hallucination, and trust are the line-items on your invoice.18 min
3. Feb 2026What the Hippocampus Knows About Vectors.Six lessons from biological memory consolidation for the people building production embedding systems.26 min
4. Nov 2025After the Funnel.Neuro-marketing, attention residue, and why the journey metaphor outlived its usefulness around 2017.14 min
5. Sep 2025DMBOK Eats Your AI Roadmap.A defence of governance, in three acts, with notes on where TOGAF and ISO 27001 quietly do most of the work.21 min
6. Jun 2025Notes on TOGAF in the Era of Agents.If the architecture is autonomous, what is the architect for? An answer in fragments.16 min

→ Read the latest dispatch · Subscribe to Field Notes

"The hard problem of enterprise AI is not the model. It is the institution the model is asked to remember on behalf of." From The Cartography of Memory

Four books.

One published playbook on regional AI governance, plus a three-book series on building production AI you can defend. The methods I consult on, written down.

Other reading · also available on Amazon →

What I'm building.

Products and platforms putting the methodology to work in the open.

What I'm testing.

Early-stage experiments: ideas I'm prototyping in the open before they become products. Each has a working brief.

Questions I'm asked often.

Written to be quoted, by people and by answer engines.

What does Nabeel Khan do?

Dr. N. Khan is an enterprise AI architect and governance advisor who helps regulated organisations put AI into production without losing the ability to answer for it. Building on twenty-five years architecting enterprise data and systems (TOGAF, DMBOK, multi-cloud, ISO 27001, SOC 2), he now designs the full stack of governed production AI: LLM infrastructure and model routing, the orchestration of governed agents, the platform and LLMOps that ship them, and the governance that keeps all three defensible. He is the founder of Simplification and Director, Solutions Architect at iSystematic, and the author of the AI governance Enterprise Playbook and the forthcoming Full-Stack AI Engineering Series.

What is Nabeel Khan's background as an enterprise and data architect?

He has led the complete project lifecycle (initiation, planning, build, and operational handoff) on national and enterprise programs: a 10M-record register-based census platform, petabyte-scale cloud data-modernisation, zero-trust security across 200+ databases, and Oracle RAC/Data Guard estates at up to 99.999% availability. His toolkit spans TOGAF and Zachman, DMBOK data governance, AWS/GCP/Azure, ITIL service delivery, ISO 27001 and SOC 2, Agile/Scrum, and ERP & enterprise-systems implementation.

What kind of consulting does Nabeel Khan provide?

Independent advisory and hands-on architecture for organisations deploying AI in regulated, high-stakes settings. His practice covers five areas: AI strategy and governance roadmaps for boards and executives; LLM infrastructure and model routing; agentic systems and orchestration; AI platform engineering and LLMOps; and AI governance, compliance, and model risk. The through-line is governed production AI: systems that are powerful and defensible at the same time. He works through Simplification and iSystematic as advisory retainers, fixed-scope reviews, or delivery programs.

What is the AI-Native Enterprise Accelerator?

It is Dr. N. Khan's structured consulting engagement, delivered through iSystematic, for organisations that have decided to run AI in production and intend to govern it from the first day rather than retrofit governance after the first incident. It runs in three stages: Assess the AI estate against a production reference architecture, Template the controls to the organisation's data residency, regulators, and risk appetite, and Implement the governed control plane with audit evidence built in. It draws on the patterns in his Full-Stack AI Engineering Series and the MESA governance framework.

Who should engage Nabeel Khan?

Regulated and high-accountability organisations putting AI in front of customers, regulators, or a board: banks, insurers, healthcare systems, government bodies, and sovereign-backed initiatives, especially across the GCC and wider MENA. Typical sponsors are chief risk officers, chief data and AI officers, CTOs and VPs of engineering, heads of platform, and model-risk and compliance leaders who need AI that is both capable and defensible.

What frameworks has Nabeel Khan created?

His published and forthcoming work introduces several named frameworks. In AI governance: the MESA Framework (MENA Enterprise Strategic AI), the Five-Gate Deployment Model, a Sharia AI Compliance Framework, an AI Vendor Risk Framework, and a Governance Maturity Model. In production AI engineering: the PEVG agent pattern (planner, executor, verifier, generator), the PARA operations model (perception, action, reasoning, reflection), capability contracts, policy-as-code delivery guardrails, and trust-tier authority models. They are built to be used, contested, and adapted, not merely read.

What is the difference between RAG and memory consolidation in AI systems?

Retrieval-augmented generation (RAG) fetches relevant documents at query time and conditions a model's answer on them: recall on demand. Memory consolidation is the slower process of deciding what an agent should retain, abstract, or discard over time, modelled on how the hippocampus replays and stabilises experience. RAG answers "what is relevant now?"; consolidation answers "what is worth remembering at all?" Production systems need both.

How do you deploy agentic AI inside a regulated enterprise?

Treat autonomy as a governed capability, not a feature. In practice that means first-class cost, trust, and observability primitives at the runtime layer; policy-as-code for every tool an agent may call; auditable memory; and a clear blast-radius boundary per agent. Under SOC 2 and ISO 27001, "spin up an agent" is a controls conversation; the architecture has to make those controls cheap to satisfy.

What books has Nabeel Khan written?

One published, three forthcoming. AI Governance & Compliance Frameworks for the Middle East (subtitled The Enterprise Playbook, 2026) is available on Amazon; it maps ISO 42001, ISO 27001, SOC 2, NIST AI RMF, and the EU AI Act onto UAE, KSA, and Qatar regulation. The forthcoming Full-Stack AI Engineering Series runs in three books, set inside one fictional regulated fintech: LLM Systems in Production (the infrastructure layer), Prompt Systems & Agent Orchestration (the application layer), and DevOps for AI-Native Platforms (the operations layer). All four are in the Books section above.

How can I book time with Nabeel Khan?

Use the booking calendar on the contact page to hold a 30-minute video slot for advisory work, an architecture review, or a press request, or send a note through the contact form. Replies arrive within two working days. For anything immediate, the contact page lists a direct line for calls, SMS, and WhatsApp.

Where can I read Nabeel Khan's writing?

Dispatches (essays, articles, and field notes) are published here under Dispatches. The fortnightly Field Notes letter is in development; an early-bird list is open now. Topics range from cognitive architectures and enterprise data governance to neuro-marketing and the economics of autonomous workflows.

What is ARIA by Simplification?

ARIA is the flagship platform of Simplification, Dr. N. Khan's venture. It is an agentic-RAG customer-experience engine that automatically reads, understands, and acts on every customer message across WhatsApp, email, web chat, Telegram, Instagram, and contact forms, unifying them into one thread per customer, with a Model Context Protocol (MCP) endpoint so teams can run it from inside Claude, ChatGPT, or OpenAI Agents.

What is Maxim?

Maxim is a behavioral-intelligence layer for Claude, built by iSystematic. It adds 91 specialist agents, 74 peer-reviewed behavioral frameworks, and 14 compliance frameworks (GDPR, HIPAA, PCI-DSS, SOC 2, and more) so every AI output cites the mechanism it applied by author and year, clears an audit gate, and carries a confidence rubric. It installs on Claude Code, Desktop, and Web.

Is Nabeel Khan's Full-Stack AI Engineering work actually built, or conceptual?

Both, and he is clear about which is which. ARIA, his venture Simplification's agentic-RAG platform, and Maxim, iSystematic's behavioral-intelligence layer for Claude, are live products in production. The AI Governance Enterprise Playbook is published. The forthcoming Full-Stack AI Engineering Series presents its NexusCore, AgentMesh, and ThinkFlow reference architectures through a deliberately fictional bank, Nebula Financial, so the end-to-end method can be shown without exposing a real client; the patterns in it are what he implements in ARIA, Maxim, and client engagements.

Does Nabeel Khan build systems hands-on, or only design architecture?

Scoped per engagement, and he does both. He has personally built and runs production AI (ARIA and Maxim), so a delivery program includes hands-on build and integration into your existing cloud (AWS, Azure, or GCP). An advisory engagement instead designs, reviews, and independently validates while your team implements. Scope, ownership, and accountability are agreed up front.

What do Nabeel Khan's consulting engagements deliver, and how do they run?

Engagements run as an advisory retainer, a fixed-scope architecture or model-risk review, a hands-on milestone delivery program, or fractional technology and AI leadership, often through the AI-Native Enterprise Accelerator (Assess, Template, Implement). Deliverables are scoped to the engagement and range from reference architectures, a governed control plane, a governance office, and automated audit-evidence design, through to working reference implementations and production code.

Are Nabeel Khan's frameworks (MESA, Five-Gate, PEVG, PARA) original and proven?

They are his original, published intellectual property, built on and extending recognised standards such as NIST AI RMF, ISO 42001, TOGAF, and DMBOK for regulated and MENA contexts. The governance frameworks appear in his published Enterprise Playbook, which carries a foreword by the Executive Director for Science and Technology at the Kuwait Institute for Scientific Research; the engineering patterns are implemented in his live products ARIA and Maxim. Client engagements that apply them are confidential, and the book uses composite, anonymized case studies drawn from real institutions.