A product leader texted me about this: "Our engineer just shipped an AI feature to production. Product found out this morning. It's actually good. But we have no idea what else is happening."
This isn't an anomaly. It's surprisingly common.
Engineers aren't waiting for product specs anymore. They're prototyping with Cursor, validating with real users, and shipping to production—all in the same day.
The question isn't whether this is good or bad. That ship has sailed. The question is: do you have governance models for this reality?
Most companies don't. They're running 2023 playbooks in a 2025 world.
The Shift Is Already Here
Two years ago, your team followed a predictable cadence. Product writes PRD. Design creates mockups. Engineering estimates. Product prioritizes. Engineering builds over 2-3 weeks. QA tests. Ship.
Clean. Linear. Dead.
Today, an engineer sees a problem at 9am, prototypes a solution with Cursor by noon, validates with users at 3pm, and ships to production before leaving. Product finds out on Slack the next morning.
I see this shift in every product organization I advise. PostHog calls them "product engineers." Gartner calls them "citizen developers." The label doesn't matter. What matters is that they're fundamentally changing how products get built.
These builders occupy new territory. Traditional software engineers live on one end—they own code quality, solve technical problems, specialize deeply.
Product managers live on the other—they own outcomes, talk to customers, prioritize roadmaps.
The new builders? They do both. They ship features end-to-end. They own outcomes, not outputs. They don't wait for specs because they don't need them.
AI tools have made this archetype inevitable. A single person with Cursor can now do what took a team six months ago. Here's the problem: your governance model was built for that old world. And it's going to break.
A Framework That Actually Works
You need clarity on four tiers of risk.
Tier 1: Personal Use
Individual productivity. An engineer using Claude to write unit tests. A designer generating variations with Midjourney.
Risk: Low. Impact: Individual.
No approval needed. Give people guidelines and get out of the way.
Tier 2: Team Use
Team workflows and shared tools. Automating code review with AI. Building internal dashboards with Retool.
Risk: Medium. Impact: Team outcomes.
Teams self-govern with standards and peer review. No executive theater required.
Tier 3: Department Use
Cross-team workflows affecting department strategy. Your product team builds an AI competitive intelligence system that sales starts using.
Risk: High. Impact: Department strategy.
Now you need real governance. Security review. Cost monitoring. Clear ownership. This is where "Sarah's cool AI tool" graduates to "company product."
Tier 4: Enterprise Use
Customer-facing. Revenue-impacting. AI chatbot in customer support. Automated content generation for marketing campaigns.
Risk: Critical. Impact: Business outcomes.
Full governance required. Hallucination testing. Rollback plans. Legal review. No shortcuts.
The Center of Excellence Alternative
Not every organization needs tiers. Some prefer a Center of Excellence model—a hub that enables rather than gatekeeps.
The CoE provides governance, training, monitoring, and enablement. Business units keep ownership. IT provides platforms. Business retains accountability.
This works when you have mature builders distributed across departments. The CoE becomes a resource, not a bottleneck.
Choose tiers for clear escalation. Choose CoE for distributed innovation. Both work. Pick one.
The 12 Questions That Matter
I ask every leadership team these questions before they ship AI to production. If you can't answer them, stop building.
- Strategy: What problems are you uniquely positioned to solve with AI? Which use cases align with your differentiation? What are you explicitly NOT building with AI?
- Governance: What's your tier model? What can engineers ship without approval? What triggers security review?
- Quality: What's your definition of "production-ready" for AI features? How do you handle non-deterministic outputs? What's your rollback plan when AI surprises you?
- Economics: What's your cost-per-request budget? How do you prevent $50K/month API bill surprises? What's your ROI threshold?
These questions matter most at the graduation moment—when "Sarah's AI tool" becomes "company product." That's the Tier 2 to Tier 3 transition. Get it wrong and you'll pay for it.
The Bottom Line
The new builder archetype is here. Engineers with AI tools can prototype production-quality features in hours. This isn't changing back.
Your choice is simple: create guardrails that enable speed with safety, or watch your best builders leave for companies that do.
The teams that figure this out will dominate. The ones that don't will either move too slowly or blow up spectacularly.
I've distilled everything into a governance checklist: the 12 questions, tier templates, CoE alternatives, graduation criteria, risk assessments, cost monitoring frameworks, example policies. Everything you need.