Your AI readiness blindspot

Last week we talked about why users resist AI. An underwriter who has spent 20 years eyeballing equipment across categories, spotting label problems, cross-referencing auction data against economic signals, all while copying data into a spreadsheet, will push back when you tell them a model can do it better. You will hear that pushback. It shows up in meetings. It slows rollouts. You can plan around it.

There is another kind of resistance that never shows up in a meeting. A product manager builds a forecasting app on a free-tier platform over a weekend. A finance analyst pipes quarterly data into a chatbot to generate board summaries. An ops lead connects an API to a scheduling tool nobody in IT has heard of. Everyone is using AI. The rollout metrics look great. But none of this is running on anything you sanctioned, secured, or can see.

The industry has started calling this "shadow AI."

Why this is not shadow IT

Companies have dealt with unsanctioned tools for decades. Someone installs Dropbox. Someone signs up for Slack before IT approves it. The blast radius of any one rogue tool was small and usually knowable.

AI changed a specific thing: the range of what one person can build unsupervised got dramatically wider. A vibe-coded attendance tracker is harmless. A vibe-coded tool that pulls inventory data through an unvetted API and feeds reorder recommendations to a regional manager is not. Both were built on a Saturday afternoon. Both look the same from the outside. You cannot tell which is which, because none of them are visible.

What we walked into

We are working with one of our partners right now on exactly this problem. When we came in, the org had not been reckless. They had a roadmap. They had prioritized use cases. The things on the roadmap were being done properly.

But the roadmap had five items on it. The org had forty problems. The people with the other thirty-five did not wait. They built solutions themselves. Dashboards, automations, small tools, each one solving something real. No shared data catalog underneath. No way to trace what data flows where. No deployment standards. No one person who could see the whole picture.

These were not rogue employees ignoring policy. These were capable people doing reasonable things in the absence of a better option. And this is the thing worth pausing on: AI is the first enterprise technology where the gap between a sanctioned deployment and someone with a browser tab is essentially zero. ERP did not do this. SaaS did not really do this. The barrier to building something that touches live business data and produces outputs people act on has collapsed. The roadmap was built for a world where that barrier still existed.

The gap the roadmap left open

The typical AI rollout scopes for the approved use cases and builds the infrastructure to support them. That is the right first step. The part that gets missed is what happens at the edges.

What we are building with this partner is the layer underneath: shared data foundations, lineage, visibility into what has been deployed and where. The hardest part, we found, was not the tooling. It was sequencing. You are trying to put a foundation under things people have already built and are actively using. You cannot take them offline. You cannot start clean. You are paving the road while the cars are driving on it.

If your AI rollout only serves the roadmap, the rest of the org will serve itself. That has always been true of technology. What is new is how much they can build, how fast, and how far from your line of sight.

Last week the underwriter pushed back because the AI had not earned his trust. This week the product manager did not push back at all. She went and built something on her own. The underwriter is telling you the tool is not ready. The product manager is telling you the process is not ready. Both are telling you something about the same rollout. One is loud about it. The other, you find out later.

Enjoy your Sunday!