Do not automate the workflow until you know how the workflow actually runs.
That sounds obvious. It is also the step teams skip when they get access to better AI tools.
The common move is to ask: "Which parts of this process can an agent do?"
The better first question is: "What is the process doing today?"
Not the diagram. Not the policy. Not the version a manager describes in a workshop. The actual path work takes through systems, handoffs, rework loops, exceptions, approvals, and waiting time.
That is where process mining becomes useful.
The process you think you have is usually not the process you run
Process mining uses event logs to discover, monitor, and improve real processes. The IEEE Task Force on Process Mining describes the field as extracting knowledge from event data, not from assumed process diagrams. Wil van der Aalst's work frames the core activities as discovery, conformance, and enhancement.
That distinction matters for AI workflow design.
If you only automate the process people think they run, you will miss the process they actually run. The actual process often includes skipped steps, late approvals, repeated handoffs, reopens, data cleanup, and exceptions that never made it into the official diagram.
Those details decide where AI belongs.
Frequency is not the same as automation fit
A task showing up often does not automatically make it a good AI candidate.
High volume can mean productive demand. It can also mean preventable rework.
A repeated handoff can mean healthy review. It can also mean unclear ownership.
A long cycle time can mean a bottleneck. It can also mean necessary human judgment.
Process-mining research separates discovery, conformance checking, variant analysis, and performance analysis. That gives teams a better starting point than "this task is repetitive." It helps them ask what the repetition means before they automate it.
Gross, Yeshchenko, Djurica, and Mendling make the important distinction: process mining identifies the as-is problem space, but it does not prescribe the to-be redesign. The redesign still requires judgment.
That is the right posture for AI.
Baseline first, agent second
Keep reading with free field-guide resources.
VibeSec Advisory publishes practical research, Skills, workflow examples, MCP notes, prompt injection tests, and AI red-team lessons for builders working with agentic AI.
The cleanest practical frame comes from the process-mining-for-Six-Sigma literature.
Define. Measure. Analyze. Improve. Control.
For AI workflow redesign, that means:
- Define the process boundary.
- Measure the current state.
- Analyze variants, waits, loops, exceptions, and handoffs.
- Improve the process design.
- Control the new workflow with review gates, metrics, and monitoring.
Do not skip from define to automate.
A useful baseline should include volume, throughput time, wait time, rework loops, compliance deviations, exception rate, reopen rate, handoff count, and outcome quality where available.
If the process touches customer communication, regulated data, credentials, payments, or irreversible actions, add approval points and escalation paths before giving AI more authority.
The model should not invent your metrics
There is a second lesson here.
Do not ask a model to infer exact workflow metrics from a narrative prompt.
A 2026 paper on agentic process mining, PMAx, points out the risk directly. LLMs can make process mining easier to access, but using them as direct analytical engines over raw event logs creates problems: deterministic reasoning, hallucinated metrics, and sensitive log exposure.
The safer pattern is separation.
Use deterministic scripts, BI tools, or process-mining tools to calculate the numbers. Let the AI interpret computed artifacts, summarize variants, draft hypotheses, and help write the Skill or review checklist.
That keeps the metric grounded.
It also keeps sensitive process logs out of places they do not belong.
Task mining fills the local gaps
Event logs do not show everything.
A workflow can look simple in a CRM or ticketing system while the real work happens in browser tabs, spreadsheets, email, chat, and copy/paste rituals.
That is where task mining, interviews, and screen-level observation matter.
Process mining gives the end-to-end flow. Task mining and human review explain the local work inside the boxes.
For knowledge work, you usually need both.
The field-guide version
Before writing a Skill or assigning an agent, build a small process evidence packet.
Include:
- The process trigger and done state.
- The systems that create event logs.
- The top variants.
- The known exceptions.
- The handoffs.
- The rework loops.
- The current baseline metric.
- The 90-day target.
- The approval points.
- The data boundary.
- The failure mode that would make this unsafe.
Then decide what belongs where.
Some steps become Skills. Some become agent tasks. Some stay human. Some get removed because they were never real value. Some become review gates because the cost of being wrong is too high.
That is governed AI workflow design.
Not "what can the model do?"
"What does the process need, and what evidence proves it?"
Sources
- IEEE Task Force on Process Mining, Process Mining Manifesto: https://www.tf-pm.org/upload/1580737614108.pdf
- Wil van der Aalst, Process Mining: Data Science in Action: https://link.springer.com/book/10.1007/978-3-662-49851-4
- vom Brocke et al., A Five-Level Framework for Research on Process Mining: https://link.springer.com/article/10.1007/s12599-021-00718-8
- Gross et al., Process Mining Supported Process Redesign: Matching Problems with Solutions: https://ceur-ws.org/Vol-2793/paper3.pdf
- Turetken et al., Process Mining for Six Sigma: https://link.springer.com/article/10.1007/s12599-020-00649-w
- El-Gharib and Amyot, Robotic Process Automation Using Process Mining, A Systematic Literature Review: https://arxiv.org/abs/2204.00751
- Augusto et al., Automated Discovery of Process Models from Event Logs, Review and Benchmark: https://arxiv.org/abs/1705.02288
- Antonov et al., PMAx, An Agentic Framework for AI-Driven Process Mining: https://arxiv.org/abs/2603.15351
- Trottier et al., Using Process Mining to Improve Digital Service Delivery: https://arxiv.org/abs/2409.05869
- NIST AI Risk Management Framework 1.0: https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf
- NIST AI RMF Appendix C, Human-AI Interaction: https://airc.nist.gov/airmf-resources/airmf/appendices/app-c-ai-risk-management-and-human-ai-interaction/
- Microsoft HAX Guidelines for Human-AI Interaction: https://www.microsoft.com/en-us/research/publication/guidelines-for-human-ai-interaction/
- Google PAIR People + AI Guidebook, User Needs + Defining Success: https://pair.withgoogle.com/chapter/People%20+%20AI%20Guidebook%20-%20User%20Needs%20+%20Defining%20Success.pdf