The PromAIse

From an experience automation perspective, discover how AI governance, shadow AI and secure integrations prepare organisations for employee-built AI apps.

I am deeply conflicted about the current introduction of AI in the workplace. On the one hand I am a nerd and technology enthusiast deep down to my core and I feel that we are not moving fast enough. I love seeing and using the capabilities brought by AI. At the same time I work as an software and systems architect and see what kind of risks these pose.

Not only that most of the tools are installed by piping a shell script right into bash, but also that AI tools that are not bound to enterprise agreements tend to leak sensitive data, customer or internal financial, to companies that can do with that data what they want. I love the productivity and efficiency gains of these tools, and at the same time I am scared for ending up on the internet’s front pages for data leaks. 

The Doom ScenAIrio

But the thing I am most enthusiastic about, while it’s scaring me witless, is the rise of single employee apps. Vibe coded apps, built with good intentions but without any of the enterprise oversights that you see in current software implementations. Apps that are created by and for a single employee using AI coding agents or even the free version of ChatGPT. Or perhaps these apps will have the form of capabilities added to local AI agents such as Hermes or OpenClaw. 

These apps will have the capabilities to connect to enterprise applications, databases, file stores, emails and calendars. They will download, analyze and write back information to and  from these applications. They are created and used because they remove friction that exists in the work processes of the employees. Each employee may have their own apps or capabilities installed and ready to use, each one custom made from a prompt inserted by the user. I will call them Sevcas (Single Employee’s Vibe Coded App) from now on.

I love the fact that a swarm of agents can be set off and work tirelessly to create things with the complexity of software compilers or browsers. I love that employees soon will already have access to these tools to start automating away the mundane parts of their jobs. What frightens me, is that these Sevcas will require integrations to other systems, new and old (I often say that each application is only worth as much as its integrations). And each Sevca will be slightly different from the other. And will perform the downloads, uploads and write backs in a slightly different way. 

As a long time IT consultant, I know that legacy applications have trouble processing large API volumes and have seen them buckle under load. I have seen SaaS applications block API access for the entire company as soon as limits were reached due to a single misconfigured dashboard tool. I have experienced the frustration of trying to explain that migration scripts or integrations should not be run from local machines (laptops!) and from trying to explain that 70 percent of the work in software development is making sure that when stuff breaks, it breaks gracefully and doesn’t pull everything down with it. 

So I fear the day that the first customer calls, explaining that a swarm of AI generated Sevcas, each created by a helpful AI for its grateful user, is flooding the network and is wreaking havoc on the CRM. Or the ticketing system. Or even on the log analyzing system. As rubbish floats downstream, these minor differences in write backs will accumulate and spread to other systems. The fact that the cost of automation will significantly decrease, will mean that the load on the applications will increase and this scenario is coming sooner than later.

The SolutAIon

The solution here lies in the work that is done before this dooming scenario plays out. The first step is investigating the prevalence of Shadow IT. This identifies the existing friction in processes and missing capabilities that can be identified. By asking employees why theythe are using a free version and not the licensed version of a chatbot will tell you whether you have a communication problem or a software selection problem. Both can be fairly easily fixed after you block their access on the firewall level. 

Second, these needs and gaps that employees have need to be filled by company endorsed solutions. Solutions that provide scalable, flexible and secure building blocks that can be implemented by the future employee apps. These can be for instance APIs, MCP servers and Agent Skills that are curated by subject experts.

Lastly, companies should start thinking about and documenting how these applications will be allowed to connect, how these building blocks can be consumed, monitored and managed. An example policy would be that any agent or Sevca shall be forced to provide a log of its actions to a monitoring app. By providing authentication dedicated to agents and providing agent or app based access, a rogue process or hallucinated download loop can be cancelled while allowing its owner, the employee, to remain connected. It will be a hard lesson for Frank from accounting to update his calendar manually again. This also allows for agent specific rate limiting, further protecting Frank and the company applications. 

To go a step further, implement a Semantic Protection Layer on top of your APIs and MCP servers. By interpreting the intent of a request, you can block malicious or erroneous actions (like "Delete all records where ID > 0") before they hit your legacy systems. This protects the data while "kindly" rejecting the agent's hallucination, while possibly reducing costs incurred by unnecessary cloud consumption.

The TakeawAIy

All in all, the main thing here is that work must start now. Defining these policies will take time and very likely multiple iteration cycles to get them right for your companies’ specifics. Starting with inventory of the Shadow AI currently in place will give you a good view of the gaps. Filling the gaps will identify the policies that will be needed. Rinse and repeat.

By investing the time now, you aren't just stopping data leaks, you are preventing the massive productivity loss that occurs when legacy systems buckle and the entire workforce goes offline. By starting now, the efficiency gains will start compounding now. And the cost of governance is a fraction of the cost of a 'Front Page' event. It’s about turning a chaotic, expensive swarm into a streamlined, high-ROI workforce.

Too many TODOs? We understand this can feel daunting. If your list is getting too long, come drink some coffee with us and find out how we can help you turn the "Swarm" into a competitive advantage.

Related articles

No items found.
Want to know more? Let us know!
Contact us