Developers at a Fortune 100 company are already running autonomous AI coding agents—Devin, Claude Code, and others—entirely outside IT visibility, while leadership is still forming a committee to decide on AI adoption. The core argument is that delaying a decision doesn't prevent AI agent usage; it just means the usage happens without oversight, creating shadow AI infrastructure with access to production systems and proprietary code. The recommended approach is to move quickly with a controlled rollout: audit what developers are already using, define access scopes, establish a management control plane, and iterate with regular review cycles rather than waiting for a perfect governance framework.
Sort: