Sigao
A bench of tangled mismatched cables in daylight, one clean cyan cable running straight through.
All posts
Operating model·3 min read

The hidden cost of AI tool sprawl

Most engineering orgs have more AI tools than they think. Here's how to find them and what to do next.

By Luke Colburn

Inventory the AI tools running in your engineering org and you'll find more than you expected. Individual seats, free trials that never ended, vendor add-ons that got bundled into contracts you already signed. The dollars are the small part. The real cost is the cognitive overhead of tracking it all, the security surface nobody is watching, and the quiet damage of "we tried that, it didn't work."

And the inventory you can see is the smaller half. Microsoft and LinkedIn's 2024 Work Trend Index, surveying 31,000 knowledge workers across 31 countries, found that 78% of AI users were bringing their own AI tools to work. Engineers are no exception: an individual subscription here, a personal API key there, company code pasted into a tool procurement has never heard of. None of it is malicious. Nearly all of it is invisible to the people responsible for security, spend, and practice.

How to start

Spend a week doing nothing but listing. No purchasing decisions, no retiring anything. Just produce the list. Cross-reference billing, browser plugins, IDE extensions, and vendor SBOMs, because a tool rarely shows up in only one of those places.

One rule makes or breaks the census: it can't double as a purge. If people expect the list to be used against them, they'll hide exactly the tools that matter most, the shadow ones they actually rely on. Announce an amnesty, mean it, and the inventory gets dramatically more honest.

What you'll find

Three patterns dominate. Redundancy: three tools doing the same job across three teams, which fragments your practice into three sets of prompts, configurations, and habits. Orphans: tools nobody actively owns, which rot quietly until they break or leak. And shadow tools: the bring-your-own layer that never crossed procurement's desk, where company context meets software nobody has evaluated.

Redundant

Three teams, three tools, one job. Each seat looks cheap; the fragmented practice, three sets of prompts, configs, and habits, is the real bill.

Practice fragments

Orphaned

Nobody owns it, so nobody patches it, rotates its keys, or notices what it can reach. It rots quietly until it breaks or leaks.

Risk accrues

Shadow

Never procured, never reviewed: an individual seat on a personal card, pasting company code into a tool security has never heard of.

Surface unwatched

The three shapes an AI tool inventory turns up. None of them show up as a line item. That’s what makes them expensive.

When teams run this exercise, the dollars rarely shock anyone. What shocks is the surface area: how many places company code and customer data are flowing into, and how few of them anyone is accountable for.

What to do next

Group the tools into categories and give each category an owner. Let the owner pick which tool wins and retire the rest. The discipline of making the call matters more than which tool you land on.

Then make it a rhythm instead of a rescue. An annual rationalization pass keeps the stack honest. A lightweight default path for adopting new tools (ask, get an answer in days, land in the inventory on day one) keeps the next experiment from going underground. Sprawl isn't a purchasing failure; it's what happens when adoption outruns ownership. The fix is ownership, not a freeze.

Sources