We were four — a product manager, a tech lead, a Data architect. And Claude. Not as support. As an active team member, at every step. In just a few days, we sketched the idea and laid the foundations of Remendo — a multi-tenant SaaS application for Data Quality Governance. Authentication, billing, remediation engine, API connectors, data encryption, built-in support.
Three weeks later, we had a testable product. Not a demo prototype — something structured, coherent, with real product logic.
But let’s be honest about what comes next. There are still steps to take, and they have a cost. A Test & Learn phase to launch, ideally with strategic partners who can validate hypotheses in the field. Investors to convince to fund R&D — because the time invested and resources committed already represent a real, significant investment. Industrialization is ready — but there is one final unavoidable step, and we’re actively preparing for it with a Security Advisor.
Security certification. We’re fully aware: it’s an important, costly, non-negotiable step. Until it’s obtained, Remendo is not yet bankable. This is not an admission of failure — it’s the reality of a serious product that takes compliance seriously.
What AI changed is not the length of the journey. It’s the starting point — and the amplitude of what a small team can now achieve.
What I’m actually seeing on the ground
Initiatives are flourishing — inside and outside of IT. Some produce testable interfaces in hours, a real prototype in days. Not slides — clickable screens, simulated workflows, realistic navigation logic. Concrete results, fast.
Others, on the IT side, take a more structured approach: learn, experiment, build real application components and AI agents capable of fitting into the existing IS. Less speed, more depth.
And tomorrow, when these agents collaborate with each other, it’s no longer just screens that business teams orchestrate — it’s entire processes.
Two parallel movements, two different paces, one shared direction. That’s exactly what makes coordination between IT and business both more urgent and more complex than before.
This phenomenon was first called “vibe coding” — coding by feel, by intent, without formal technical expertise. The term deserves to exist, but it understates what is really happening — and it hides a real risk: a growing share of employees improvising as developers without the technical, methodological, or governance fundamentals.
What I observe in the field is less inspired tinkering than Business-Led Development: business teams taking the lead on what they’ve always known best — their own needs — and finally having the tools to express them in a tangible, industrializable way. Provided they accept the responsibilities that come with it.
This is no longer an experiment — executive committees are demanding ROI, not POCs.
The uncomfortable question: should IT stop coding?
No. But it must stop coding everything itself.
This shift in posture rests on a simple idea: the business prototype is no longer a rough draft. It’s an executable specification. IT doesn’t redo the work — it industrializes it.
Business produces the intent and the logic. IT transforms this “generation debt” into a durable enterprise asset. It’s a division of labor that values both sides — provided it is clearly acknowledged.
But there is a point many dodge: entrusting a process to an AI agent is not the same as entrusting it to a coded workflow. A deterministic workflow always does the same thing. An agent, on the other hand, is non-deterministic — it reasons, interprets, and can produce varying results depending on context. This is not a flaw; it is its nature.
But it radically changes what you can delegate to it, at what level of supervision, and with what safeguards. Automating a step changes timelines, responsibilities, and control points. If the rest of the process doesn’t follow, you make the whole thing dysfunctional.
The new value chain
The risk nobody wants to see: shadow AI
The real value of IT has never been in the screens. It lies in what business cannot do alone. And in 2026, that role becomes more critical than ever.
The first risk is well known: 45% of AI-generated code contains security vulnerabilities (Veracode, 2025). But there is a second one, less visible and far more dangerous: shadow AI — or what practitioners are starting to call AI Sprawl: the uncontrolled proliferation of agents, with a dilution of roles, responsibilities, and data flowing without a safety net.
This is no longer just an employee installing unauthorized software. It’s an AI agent — configured in a few prompts by a well-meaning user — that accesses internal databases, generates files, sends requests to external APIs, and potentially exfiltrates sensitive data without anyone noticing.
Customer data, HR data, intellectual property, financial data — everything that flows through an agent’s context can, without safeguards, leave the organization.
The attack vectors are numerous: prompt injection via a malicious document, uncontrolled connection to an external LLM, logs sent to third-party servers, or simply an employee pasting confidential data into a consumer AI interface without understanding the consequences.
You can’t protect what you can’t see.
IT doesn’t fight this risk by banning — it contains it by structuring: isolated execution environments, Data Products with granular access levels, agent flow monitoring, clear policies on which LLMs are authorized in which context. The AI Act also requires organizations to document and trace the use of high-risk AI systems — IT is the only function capable of maintaining this registry. And from August 2026, fines can reach 7% of global revenue.
What this demands from IT: a platform, not a process
This is not a capitulation. It is a strategic evolution — and the smartest move IT can make right now.
Rather than reviewing every screen produced by business, IT provides the assembly line in which business places its building blocks: reliable Data Products, sovereign environments to prototype without risk, reusable technical templates, clear guidelines. And “override” mechanisms — the ability to hand back control to a human when non-determinism or uncertainty becomes unacceptable.
The new contract
Business commits to
- Use official data sources
- Document functional logic
- Not promise a “turnkey” product
- Never feed an external LLM with unapproved data
IT commits to
- Industrialize validated prototypes within one month
- Guarantee security and compliance
- Provide sovereign and traceable AI environments
- Maintain the AI Act registry
- Manage the AI bill — agentic inference costs are elastic and hard to predict at scale
A framework. Not a cage.
What this changes for developers and architects
I want to be direct, because this point is often sidestepped in this kind of article.
The developer doesn’t disappear — they become more valuable, but differently. Solution architect, guardian of generated code quality, expert in securing agent flows, translator between business ambitions and real technical constraints. It is precisely because business will generate code and orchestrate agents that the critical eye of the developer and the architect becomes indispensable. AI amplifies every dimension of risk — someone must audit what it produces and monitor what it handles. That someone is them.
80% of engineers will need to upskill in AI by 2027 (Gartner) — not to be replaced, but to remain decisive where AI alone is not enough.
Why talk about this now?
This is not inevitable — it is the price of poor coordination between business teams building in their own corner and IT departments still trying to control everything, while AI agents wait for no one.
And the gap between rapid adoption and security maturity could lead, as early as 2026, to lawsuits targeting executives directly, held liable for decisions made by faulty autonomous systems.
Two dangerous reflexes persist: IT that resists out of fear of losing control, and business that works around IT, silently creating technical debt — and real data breach risks. Both lead to the same place: failed projects, wasted budgets, loss of competitiveness, and growing legal exposure.
The organizations that establish this new contract within the next 18 months will gain an advantage that will be hard to close.
This is not theory. With a product manager, a tech lead, myself (Data architect) and Claude as the fourth team member, we built Remendo — a SaaS Data Quality Governance platform. Multi-tenant, 15+ modules, INSEE and RNE connectors, automatic remediation engine, billing, support, 2FA, full documentation.
A product manager who knows his market, a tech lead who knows his constraints, an architect who knows his data, an AI that accelerates every step — and soon, a Security Advisor to clear the final hurdle. The result: a testable product in three weeks, where it would have taken nearly a year without AI. There’s still road ahead — security certification, partners, funding — but the starting point has radically changed.
That is exactly what Business-Led Development looks like.
Kasparov understood this after his defeat against Deep Blue: value comes neither from the best humans alone, nor from the most powerful machines. It comes from those who best know how to organize the collaboration between the two. With Remendo, we formed a centaur team — and we just experienced it firsthand.
Read the previous article: The centaur enterprise — Kasparov, Deep Blue and the centaur model