For decades, CIOs have battled the persistent challenge of Shadow IT, the unofficial tools and systems created by end users to solve immediate problems.
These include Access databases, macro-heavy spreadsheets, and ad hoc web apps, often built outside the purview of IT departments.
While these tools reflect ingenuity, they also introduce
risks like cyber vulnerabilities, licensing issues, and barriers to future
platform upgrades. In Kenya, where digital transformation is accelerating
across sectors like healthcare, finance, and government, this issue is becoming
increasingly relevant.
Now, with the rise of AI-powered tools like Microsoft Copilot, the game is changing. Employees are no longer just building spreadsheets; they’re crafting basic AI agents using prompt libraries and no-code platforms. These agents can automate tasks, interpret data, and even interact with enterprise systems.
According to Gartner, by 2026, over 80% of enterprises will have used generative AI APIs or models, and many of these will be embedded in end-user workflows, often without formal IT oversight.
We’re entering an era where end users can build LLM-powered agents that don’t just respond, they act. These agents can pull data from internal systems, generate reports, automate workflows, and share solutions across teams and departments.
This “personal tooling” layer is emerging organically, driven by users who understand their problems better than anyone else. In today’s dynamic and resource-constrained environments, this kind of grassroots innovation is both powerful and necessary.
As CIOs, we must embrace this wave of innovation, but we must also guide it responsibly. The challenge is not to suppress Shadow IT, but to channel it into safe, scalable, and secure practices. Organisations need to update their information governance, cybersecurity, and IT policies to reflect the realities of AI agents and personal tooling.
These policies should define what’s acceptable, what’s risky, and what requires oversight. At the same time, we must build communities of practice that encourage collaboration among no-code creators, offering forums, mentorship, and recognition to support their growth.
Every organisation should also establish a clear set of AI principles, including ethical use, data governance, and transparency. Investing in digital literacy is equally critical. Staff must be equipped with the skills to build responsibly, and Kenya’s growing base of tech-savvy professionals is eager to learn. Let’s support them.
In two years, organisations without an AI plan may find themselves overwhelmed by unmanaged Shadow IT debt. The CIO’s role is evolving from gatekeeper to enabler and guide. In Kenya, where innovation often outpaces regulation, this shift is both urgent and exciting.
Let’s empower our intelligent end users to innovate safely, ethically, and collaboratively.
Shaukat Ali Kha
