Consulting has always sold structured thinking. LLMs are extraordinarily good at structured thinking. This is not a coincidence worth ignoring.
Dan Shapiro recently mapped five levels of AI automation for software engineers, from "spicy autocomplete" to the dark factory. I've been thinking about the same framework applied to a profession that is, if anything, more structurally exposed: consulting.
Consulting is a $300 billion global industry built on a simple transaction: a client has a problem they cannot solve with internal resources, and they pay an external team for structured thinking, external credibility, and occasionally, specialized knowledge they genuinely don't have. That's the product. The question is: how much of that product can an LLM deliver, given enough context?
More than the industry wants to admit.
But consulting is not one thing. Before mapping the levels, it's worth being precise about the two archetypes we're dealing with — because they automate differently.
Both archetypes share one structural vulnerability: their core activity is taking context in, reasoning over it, and producing structured output. That is exactly what LLMs do. The difference is in which parts resist automation — and they fail differently.
The context thesis. Most consulting work fails to automate not because it is cognitively hard, but because the required context never reaches the model. An LLM given the client's real P&L, internal interviews, competitive data, regulatory environment, and organizational politics can produce a first draft that would pass as a junior consultant's work. The bottleneck is context transfer, not reasoning capacity. This becomes important at every level below.
The consultant does everything manually. Junior analysts spend 60-hour weeks in Excel and PowerPoint. Data is pulled, cleaned, reformatted, charted, and narrated by hand. Industry benchmarks are assembled from PDF reports downloaded one by one. The engagement produces a 90-slide deck that took four people six weeks to build.
For strategy firms, this is the baseline — still the dominant mode at most mid-tier firms in 2026. For technical consultants, this looks like manual penetration testing writeups, hand-authored compliance matrices, actuarial models built cell by cell in Excel, and architecture diagrams drawn in Visio.
The output is not bad. The process is just brutally inefficient, and the cost it imposes on the client — in fees — is increasingly hard to justify.
This is where most consulting firms officially claim to be in 2026, and where many of them actually are. The analyst uses AI to draft sections of the report. The model summarizes interview transcripts. It reformats benchmarks from uploaded PDFs. It generates slide narratives from bullet points. The partner still reviews everything. The client never knows.
For technical consultants, level one looks like: using AI to draft the executive summary of a pentest report from a structured findings list, or having the model generate boilerplate policy documents from a compliance checklist template. The real technical work — running the tools, interpreting the outputs — is still done by humans.
The efficiency gain is real: 20-30% faster delivery on documentation-heavy work. But the engagement structure, the pricing, the team size, the number of weeks — none of it has changed. The partner is still billing the same rate. The firm is capturing the efficiency as margin, not passing it to the client as value.
That window is closing.
At level two, the consultant stops using AI as a writing tool and starts using it as a thinking tool.
For strategy consulting, this means: uploading the client's 10-K, recent earnings calls, competitor filings, and industry reports, then running a structured problem-decomposition session with the model before any human analysis begins. The model builds the issue tree. It identifies the three most data-sensitive hypotheses. It drafts the interview guide. The consultant's job is to stress-test the structure and supply the judgment the model can't reach — client politics, the CFO's real concern, the unspoken constraint.
"I used to spend two days just getting oriented on a new client. Now I spend two hours with the model running through the materials, and I walk into the first working session already knowing what the interesting questions are. The client thinks I'm smarter than I am." — strategy consultant, mid-size firm (paraphrased from a private conversation)
For technical consultants, level two is where the gap between archetype and automation starts to show. A cybersecurity consultant can feed a full network architecture diagram, firewall rules export, and recent vulnerability scan output to a model and get a surprisingly competent threat model in return. An actuarial consultant can describe a client's book of business, upload historical loss data, and have the model draft the assumptions section of a reserve analysis. The model won't sign off on it. But it generates something a senior person can edit in an hour rather than build in a week.
Level two feels done. Everyone who reaches it feels like they've figured out AI. They have not.
This is where the role fundamentally changes — and where most consultants will not go, because it requires admitting something uncomfortable about what they actually sell.
At level three, the consultant's primary skill is no longer analysis. It's context engineering. Their job is to identify what the model needs to know, extract it from the client, structure it correctly, and then get out of the way. The model reasons. The consultant curates and validates.
For a strategy engagement, a level-three consultant doesn't build a slide deck. They build a context package: the client's strategy documents, financial performance, internal survey data, competitor moves, and regulatory trends — all structured, tagged, and fed into an agentic workflow that drafts the full analysis and recommendation. The consultant reviews the output for logic failures, political blindspots, and things that are technically true but will land badly in the boardroom. That review takes a day, not a week.
For technical consulting, level three is where the real disruption lives. A security consultant who knows how to structure a full client environment — network topology, existing controls, asset inventory, threat model, compliance obligations — as a machine-readable context can have an AI agent produce an 80% complete security assessment in hours. The remaining 20% is the stuff that requires hands on keyboards: exploitation attempts, edge-case behaviors that only appear in production, the undocumented legacy system that doesn't appear in the architecture diagram because nobody remembers building it.
The billing model at level three doesn't work anymore. You can't charge a client $400,000 for six weeks of work when the six weeks collapsed into two. Either you reprice the engagement around outcomes rather than time, or you take on three clients simultaneously. Most firms choose the latter and don't tell anyone.
At level four, the human consultant is no longer the primary producer of the work. They are the signature on it.
This sounds alarming. It is also, quietly, already happening — particularly in technical consulting. Consider: a compliance consultant at a firm I know of has built a system where a client submits a structured intake form covering their data flows, vendor relationships, and existing controls. An agentic workflow cross-references this against the relevant regulatory framework — GDPR, SOC 2, ISO 27001, whatever applies — and produces a gap analysis with prioritized remediation steps. The consultant reviews it for obvious errors, adds three paragraphs of context that the model couldn't have known, and signs the report. The engagement that used to take four weeks takes four days.
For strategy consulting, level four is harder to reach — but not for the reasons partners think. The obstacle isn't analytical complexity. It's that strategy consulting sells credibility as much as analysis. The McKinsey logo on the slide is doing work that no model output can replicate, because the logo is a liability-transfer mechanism. When the board asks who recommended the acquisition, "we ran it through an AI system" is not yet an acceptable answer. "McKinsey recommended it" still is.
That credibility premium will erode. It always does when the underlying work becomes commoditized. It just takes longer when the product is advice rather than code.
At level five, the consulting firm is a brand, a context library, and a validation function. The analysts are gone. The associates are gone. The engagement managers are gone. What remains is a small team of domain experts who maintain the firm's knowledge base, vet client context intake, and review outputs for the categories of failure that AI systems reliably produce: overconfidence on sparse data, missed regulatory changes from the last six months, organizational dynamics that never appear in any document.
This is not as far off as it sounds. In technical consulting, the trajectory is already there. Automated penetration testing tools have been replacing junior pentesters for years. Compliance automation platforms are replacing junior GRC analysts. The question is not whether the shadowless firm happens — it's whether it happens to existing firms, or whether new entrants build it from scratch and price the incumbents out of the commodity work, leaving them stranded in a shrinking market for genuine senior expertise.
For strategy consulting, the shadowless firm looks different: a two-partner boutique that runs twenty simultaneous engagements, each largely AI-generated, each reviewed and validated by a senior expert who has thirty years of pattern-matching that no model has yet replicated. The firm has no junior staff. It has context pipelines and review protocols instead.
I know of two firms operating close to this model today. Both are under ten people. Both are doing work that would have required fifty.
Here is the honest audit of what survives at any level of automation: the things that require being trusted, not just being right. The senior partner who can walk into a boardroom and, through thirty years of credibility, make a recommendation land. The security consultant who knows — from feel, from experience, from having seen the same failure mode in four different industries — that the finding in section three is the one that will actually get exploited. The actuary who knows the model's assumptions are mathematically sound but will be politically rejected, and can navigate that conversation.
None of that is nothing. But it is also not a full consulting engagement. It is the final 15% of a consulting engagement. The other 85% — the data gathering, the synthesis, the benchmarking, the deck-building, the scenario modeling, the compliance cross-referencing — is increasingly model work, given enough context.
Shapiro ends his piece noting that most engineers top out at level three when the gains are at four and five. In consulting, most firms are at level one telling clients they're at three. The context is available. The models are capable. The business model is the obstacle — and business models always change slower than technology, until they change all at once.
1 The $300 billion consulting market figure is from Statista's global management consulting market size estimates, widely cited in industry reporting through 2025–2026.
2 The strategy consultant quote is a composite paraphrase from multiple conversations. Sentiment and specifics are representative, not verbatim.
3 The compliance automation anecdote describes a real pattern observed across multiple small technical consulting firms. Details are obscured to protect confidentiality.
4 The "two-partner boutique" running twenty engagements is a composite of three firms operating in this mode, none of which use that description publicly.
5 The claim that McKinsey-style credibility is a "liability transfer mechanism" is a simplification. The full argument is developed in Porter & Nohria's HBR work and in writing by management theorists on the role of reputation in professional services markets.