AI Sprawl Pushes Leadership To Rethink Governance As Risk Moves Beyond IT

As AI tools and technology stacks are introduced under tight timelines, risk increases and resilience depends less on software and more on alignment, clear decision-making, and leadership. In fast-moving, growth-oriented environments, AI is entering the organization from every direction, straining traditional governance models and pushing technology decisions well beyond IT. The organizations that hold up are the ones that slow the sprawl, force cross-functional alignment, and make a small number of deliberate bets that the business can actually absorb.

Scott Hicar is Principal Consultant at SOH Consulting, advising organizations on technology strategy in fast-moving, high-growth environments. A seasoned technology executive and multi-time CIO, he has led engineering-driven and technology-led companies including Benchmark Electronics and DigitalGlobe, now Maxar Technologies, and today brings that operator experience to private equity from an investor’s perspective. For Hicar, resilience in volatile environments begins with internal alignment. When functions don't move together, organizations experience friction, stalled decisions, and repeated escalation.

"It’s a three-legged stool. Operations has to keep the engine running, security has to protect the base, and innovation has to push new value. Resilience comes from finding the center of that triangle and agreeing to move together," says Hicar. Success, he explains, comes down to operational absorption: the ability of an organization to absorb change without disrupting the core business. The goal is not to avoid risk or innovation, but to introduce both at a pace the business can sustain.

• An everywhere storm: Having navigated multiple technology cycles, from large-scale ERP implementations to the dot-com boom, Hicar sees the current wave of AI as a distinct challenge. Unlike prior shifts, AI is inherently decentralized, creating new organizational barriers to adoption and placing strain on traditional governance models. "AI is different because it's coming into the organization from everywhere, including cloud providers, fast-moving venture-backed startups, and established software vendors," he explains.

This decentralized influx of AI solutions means employees across the organization are increasingly pitched tools positioned as "perfect solutions," accelerating the rise of Shadow AI. As a result, Hicar’s three-part operating model, which balances innovation, security, and operations, is no longer confined to IT. Functions once considered low risk are now making technology decisions that carry enterprise-level operational and governance consequences.

• AI everywhere: "Marketing has bots interacting directly with customers, which raises fundamental questions about messaging, brand identity, and control," Hicar says. "At the same time, AI has turned legal into a powerful operational function. In M&A, an AI can review an entire contract data room and surface risks that once took law firms hundreds of hours to find, which makes the legal roadmap just as critical as the operational roadmaps organizations used to prioritize."

• A boardroom reality check: Hicar recalls a board discussion triggered by a data exposure incident involving a large language model, which quickly shifted leadership attention toward AI-related risk and the protection of intellectual property. "That moment became a real risk red flag. Even though the technology corrected itself quickly, it changed how leadership perceived the risks associated with AI."

• Today's tech, tomorrow's write-off: AI is clearly improving day-to-day productivity, but turning those gains into hard, defensible ROI remains a leadership challenge. "That’s a difficult human conversation," Hicar says. "Managers don’t walk into a meeting and suggest cutting headcount from ten to nine because of an AI dividend. They use the extra capacity to do work they’ve always wanted to do, while executives are left asking why a $5 million AI investment isn’t showing up on the balance sheet." At the same time, the pace of change compounds the problem. "The technology is moving so fast that a million-dollar solution built today can be replaced by something that costs half as much next year. Making AI bets means accepting that some investments may be perishable before they ever deliver a meaningful return."

Navigating today’s AI volatility is ultimately a leadership challenge. The task is no longer to generate ideas, but to govern them. That means consolidating competing proposals, encouraging cross-functional dialogue, and making a small number of intentional bets. Just as critical is clearly communicating why certain initiatives move forward and others do not, so teams stay aligned rather than acting independently.

"You have to communicate so everybody doesn’t just go on their own. Otherwise, you create inertia. Now you have 35 AI solutions, six of them doing the same thing," Hicar concludes. "That’s why governance becomes so important, especially during times of high volatility."