Generative AI vs. Predictive AI

When your buyer says "we're evaluating AI," they mean one of two things and probably haven't distinguished between them yet. Predictive AI classifies and scores: fraud detection, anomaly flagging, risk-based access decisions. Generative AI produces new content: text, code, images, structured API calls. You are already selling predictive AI if you sell Adaptive MFA. You are already encountering generative AI if anyone in the account has mentioned agents, copilots, or ChatGPT. The sentence that earns you the next ten minutes of conversation: "Are you looking at predictive AI, generative AI, or both? Because the governance requirements are different."

Predictive AI

What it is: A system that takes input data and outputs a classification, a score, or a forecast.

What it does: It evaluates something that already exists — a login attempt, a transaction, a user behavior pattern — and tells you what bucket it belongs in or how likely a particular outcome is. Fraud scores. Anomaly detection. Churn prediction. Risk-based authentication. The output is always a label or a number. Never a paragraph.

Who's behind it / where it comes from: This is the older branch, in production at scale for over a decade. Every major cloud provider ships predictive ML services: AWS SageMaker, Azure ML, Google Vertex AI. The underlying architectures are gradient-boosted trees, random forests, logistic regression, and specialized neural networks. In identity, Okta's risk engine and ThreatInsight are predictive AI products. Your buyer's bank has been running predictive fraud models since before anyone said "generative."

What makes it distinct: The output is bounded. A model that scores login risk produces low, medium, or high. It cannot write you a paragraph explaining why. It cannot draft a new authentication policy. It cannot produce anything outside the output vocabulary it was trained on. That constraint is also its selling point: bounded outputs are auditable, explainable, and fast. A fraud scoring model evaluates a transaction in under 100 milliseconds. When you're processing millions of transactions per day, that ceiling matters.

Generative AI

What it is: A system that produces new content by predicting what comes next in a sequence, based on patterns learned from training data.

What it does: It generates text, code, images, audio, or structured data that didn't previously exist. NIST AI 600-1 defines it as "the class of AI models that emulate the structure and characteristics of input data in order to generate derived synthetic content." When an LLM writes a policy document, summarizes a threat report, or translates a natural language instruction into an API call, that's generative AI at work.

Who's behind it / where it comes from: The frontier is dominated by a handful of foundation model providers: OpenAI (GPT-4o), Anthropic (Claude), Google (Gemini), Meta (Llama). Enterprise adoption runs through API integrations, cloud-hosted endpoints, and increasingly, agent frameworks that let these models take actions rather than just produce text. In identity, the Okta MCP Server is a generative AI integration point, translating natural language instructions into structured Okta API calls.

What makes it distinct: The output is unbounded. A generative model can produce a novel access policy, a summary of last week's anomalies, or a synthetic dataset for training a fraud classifier. It can also do what predictive models do. Ask an LLM "is this transaction fraudulent? Answer yes or no" and you've turned a generative model into a classifier. The reverse doesn't work. A fraud scoring model cannot draft a policy document, summarize an incident, or respond to a question it wasn't specifically trained for. This asymmetry is the single most important thing to understand about the relationship between these two types: generative can increasingly do predictive work, but predictive cannot do generative work. That one-way street is why "just use an LLM for everything" keeps gaining converts.

Where These Two Meet in a Buyer Conversation

I'm organizing this by the three scenarios where these terms actually surface in enterprise deals. Scenario mapping is the right structure here because "which is better" has no answer outside a specific use case, and your buyer is always sitting inside a specific use case when they bring it up. Find your scenario. Read that block.

Fraud and Risk

The two types converge most visibly here, and buyers are most likely to conflate them.

Traditional fraud detection is pure predictive AI: a model scores each transaction against historical patterns, flags anomalies, and returns a risk score. Generative AI is entering this space in specific, bounded ways.

As a feature generator: the REXAI-FD framework uses LLM embeddings to convert transaction narratives into high-dimensional vectors, capturing semantic relationships that frequency-based methods miss. The final scoring decision still runs through a traditional classifier. The LLM enriches the input. It doesn't make the call.

As a sequence reader: traditional predictive models compress an identity's history into summary statistics. An LLM can read the raw event sequence and spot patterns that survive the compression. Okta's engineering team published an experiment in April 2026 exploring LLM-based risk scoring that "learns the sequential patterns and emits anomaly scores using a probabilistic objective." Research, not a shipped product. But it shows the direction.

As an investigator's assistant: RAG-augmented LLMs let fraud analysts query policy documents in natural language during manual review, cutting investigation time without replacing the automated scoring layer. In at least one study, a RAG-augmented LLM outperformed a specialized BERT model on fraud call detection, while an ungrounded LLM underperformed both. The lesson: domain grounding is what makes generative AI competitive in predictive tasks. Raw LLM capability alone fell short of both alternatives.

Where predictive AI still wins cleanly: latency and explainability. Specialized models score millions of transactions per day at sub-100ms per decision. Frontier LLMs can't match that throughput today (though inference optimization is narrowing the gap; treat specific latency numbers as subject to change). Regulated environments require feature-level attribution, the ability to say "this transaction was flagged because of these three specific signals." Classical ML with SHAP values provides that. LLMs currently do not.

So for your buyer: the two types are being combined, not swapped. LLMs handle upstream enrichment. Specialized predictive models handle the high-volume, low-latency, auditable scoring decision.

Automation and Workflows

Generative AI's home territory. When a buyer says "we want AI to automate workflow actions" or "we need AI-assisted policy creation," they mean generative AI. No predictive model can draft an access policy, write an automation script, or translate a natural language request into an API call.

Predictive AI's role here is narrower but real: it evaluates whether the automated action should proceed. An LLM-powered agent proposes a change; a risk scoring model evaluates whether that change is consistent with historical patterns before executing it. A May 2026 paper proposes exactly this architecture: a low-latency fraud detection layer sitting on top of LLM-powered agents, catching adversarial patterns that "emerge gradually across interaction sequences."

In practice: generative AI drives the workflow, predictive AI guards it.

Analytics and Forecasting

When a buyer says "we need AI to predict churn" or "forecast capacity," they mean predictive AI. These are regression and classification tasks on structured data. A predictive model forecasting license utilization across 50,000 seats runs in seconds on structured tabular data, with outputs you can trace back to specific input features. Running the same task through an LLM API would cost more, take longer, and produce results that are harder to audit, with no demonstrated accuracy gain on structured numerical forecasting.

You can ask an LLM to predict next quarter's revenue. It will give you an answer. That answer will be a confident-sounding extrapolation from whatever context you fed it, built on pattern-matching rather than a statistical model trained on your historical data. It will sound authoritative. That's what LLMs do.

Where generative AI adds value: summarizing the output. A predictive model produces a forecast; a generative model writes the executive summary explaining it. The combination is more useful than either alone.

For the buyer conversation: predictive AI makes the forecast. Generative AI makes it legible.

How to Say This in the Field

Don't say	Do say	Why it matters
"AI can handle that."	"Are you looking at predictive AI for scoring, generative AI for content creation, or both? The architecture is different."	Names the distinction before the buyer has to.
"Generative AI is basically a chatbot."	"Generative AI produces new content — text, code, API calls, policies. The chatbot is one interface for a much broader capability."	Dismissing gen AI as a chatbot loses credibility with any buyer who's seen agent frameworks.
"All our AI is generative now."	"Our risk engine uses predictive AI — ML-based classification that's been in production for years. We're also integrating generative AI for natural language interfaces."	Buyers who've read NIST guidance know these are different governance categories.
"GPT can replace your fraud detection."	"LLMs are being used to enrich fraud detection — better feature engineering, sequence analysis — but the scoring layer is still specialized ML for latency and auditability."	Overpromising on LLM capabilities in regulated contexts destroys trust.
"Predictive AI is the old way."	"Predictive AI handles the high-volume, low-latency decisions. Generative AI handles the parts that need language understanding. Most production systems use both."	Framing predictive as legacy alienates buyers who just invested in it.
"We use AI for everything."	"We use predictive AI for risk scoring and anomaly detection, and generative AI for natural language administration. Different models, different purposes."	Specificity signals competence.
"NIST has guidelines for this."	"NIST has a dedicated generative AI profile — AI 600-1. Predictive AI falls under the base AI Risk Management Framework. Your governance approach should reflect which type you're deploying."	Public sector buyers use NIST vocabulary. Matching it earns you the next meeting.
"The AI will explain its decisions."	"Predictive models give you feature-level attribution — you can see which signals drove the score. LLMs don't currently offer that same auditability for individual decisions."	Regulators treat explainability as mandatory.
"You don't need a specialized model anymore."	"For real-time scoring at transaction volume, specialized models still win on latency and cost. LLMs add value upstream — enriching the data those models score against."	Honest about tradeoffs. The buyer's ML team will confirm this.
"Our AI is NIST-compliant."	"Our predictive AI products align with the base AI RMF. For generative AI capabilities, we follow the AI 600-1 profile. Happy to walk through the mapping."	OMB M-25-21 requires agencies to establish separate generative AI policies.
"Why not just use an LLM for all of it?" (from buyer)	"For some tasks, that's the direction things are heading — LLMs are taking over work that used to require specialized models. For high-volume scoring, the constraints are latency, cost, and auditability. The useful conversation is: which layer of your pipeline benefits from an LLM, and which needs a purpose-built model."	Acknowledges the trend without overpromising. Moves from either/or to architecture.

Generative models can increasingly do predictive work. Predictive models cannot do generative work. That asymmetry is the structural fact underneath every "should we just use an LLM for this?" conversation your buyer is having. Your job is to name it accurately. That's enough to earn the next conversation.