The system did not fit the work.
Investments are made. Rollouts are celebrated. Training is run. Within six months, the workarounds appear. A shared sheet. A WhatsApp group. An Access database that someone in logistics built over a weekend and that now, somehow, runs half the warehouse.
Nobody planned this. It happened because the software could not handle the way the work is actually done.
The people building those workarounds are not the problem. They are solving one. The sales rep tracking deals in a personal spreadsheet because the CRM falls short is not being difficult. The controller stitching together the close from three sources is not being careless. They are being resourceful inside a system that does not fit their reality.
The problem is what sits underneath. Critical knowledge locked in one person's head. Data flowing outside every security control the organisation has paid for. Strategic decisions built on numbers that were manually reconciled last Tuesday. None of that is visible on the architecture diagram.
AI changes the order of magnitude.
The barrier to building a sophisticated workaround used to be technical skill. It is not anymore.
Teams are already using ChatGPT, Copilot, and other tools to build their own automations, their own reports, their own miniature pipelines. Often without IT knowing. The workaround is no longer a spreadsheet, it is an agent. It runs on data the auditor cannot trace, makes decisions the CFO did not authorise, and produces output that looks polished enough to be trusted.
Shadow IT with spreadsheets was a governance challenge. Shadow IT with AI is a governance fault line. The workarounds will be more powerful, more complex, and harder to detect. If the gap between what the systems do and what the people need is not closed, it gets filled by uncontrolled AI operating on unvetted data.
Shadow IT is a signal, not a failure.
Shadow IT is not a technology failure. It is a signal. It tells the organisation exactly where its systems fail its reality. The map of unofficial spreadsheets is, in practice, the map of where the official platform stops being useful.
The companies getting ahead of this are not buying bigger ERPs or writing stricter policies. Bigger ERPs add rigidity. Stricter policies push the workaround further into the dark. Both fail for the same reason. They treat the symptom and ignore the structural cause.
The companies that get this right do three things instead. They map what people actually do, not what the process documentation says. They invest in connective layers that bridge the official systems with real-world complexity. And they govern rather than block, building guardrails that channel the resourcefulness instead of killing it.
Where the architecture has to do the work.
A guardrail written in policy is a guardrail an agent will not read. A guardrail written in the schema is one no agent can route around.
This is what Kwerio was built to remove. Twenty years of running operations that did not fit packaged software taught us where the friction sits, and where the workarounds quietly accumulate. The platform is designed to absorb that work before it leaks into spreadsheets, agents, and weekend projects, and to absorb it under the same governance that protects the rest of the operation.
Governance lives at the data layer, not the application layer. Access control, segregation of duties, approval gates, and audit trail are properties of the schema, compiled and enforced at the database, inherited by every module, every workflow, every agent that touches the operation. An agent calling the API hits the same gates as a human. By architecture, not by promise.
That is what makes the question tractable. The point is not to eliminate the resourcefulness that produced shadow IT. The point is to give it a place to go that is governed by default. A platform flexible enough to absorb the work that does not fit packaged software, and strict enough that absorbing it does not break the audit trail.
The question is not how to eliminate shadow IT. It is how to build systems that make it unnecessary, and that govern the AI agents that would otherwise build the next generation of it.
That is the operational question worth taking seriously in 2026.