Is AI the new Lotus Notes?
History is poised to repeat itself. The combination of low-code/no-code (LCNC) platforms, which enable non-technical employees to build applications, and powerful generative AI tools that can create code and workflows on demand, is democratizing software development at an unprecedented pace. This new Citizen Developer movement promises speed and agility, allowing business units to bypass a backlogged IT department and address their needs directly.
The Parallel with the Lotus Notes Era
To truly understand the risks posed by the combination of AI and the Citizen Developer, one needs only to look back at the rise and fall of Lotus Notes. In the 1990s, Notes was a revolutionary collaboration platform that included a powerful development environment. It allowed any employee with a little training to create an "applet"—a simple application to manage a team’s expenses, track sales leads, or organize a project schedule.
This new power was immensely appealing. Departments could bypass a slow, bureaucratic IT approval process and create solutions tailored to their immediate needs. The result was a proliferation of Notes applications across organizations. These apps were often undocumented, created by a single employee, and were tightly woven into the daily operations of a business unit. The problem began when that employee left the company or when the business processes changed.
AI Expands Technical Debt
Technical debt, a concept first articulated by Ward Cunningham, is the metaphorical "cost" of taking shortcuts in software development. In traditional development, this debt manifests as poorly written code, a lack of documentation, and fragile system architectures. In the age of the Citizen Developer and AI, this debt has evolved into a multi-faceted systemic risk.
The "Black Box" Problem
LCNC platforms and AI-powered coding assistants excel at generating functional applications and code snippets quickly. However, the code they produce is often opaque and difficult to audit. A citizen developer, focused on a quick solution to a business problem, may not have the expertise and experience to understand the underlying code's structure, dependencies, or potential vulnerabilities.
This creates a "black box" problem where an application works, but no one knows how it works (sort of like your mainframe code). When the business requirements change or an issue arises, the original developer may have moved on, leaving the application as an unmaintainable artifact. Unlike professionally developed software, which adheres to coding standards and is often version-controlled, these applications can be brittle, unscalable, and prone to breaking unexpectedly. The initial speed of development is paid for later with a heavy interest rate of debugging and refactoring.
The Proliferation of Data Silos
One of the most significant liabilities created by citizen development is the creation of data silos. A departmental application, built to solve a specific problem, often pulls data from its own sources or creates a new, isolated data set. This fragments the organization’s data, making it impossible to get a single, reliable source of truth.
The problem is compounded when these applications need to interact with core enterprise systems. Without a standardized approach, a Citizen Developer may create fragile point-to-point integrations or rely on manual data transfers. This creates a brittle patchwork of connections that are difficult to manage and prone to failure. These unmanaged integrations are a form of integration debt, which, when it fails, can bring critical business processes to a halt, necessitating costly manual intervention to restore them.
The Unmonitored Threat
The security and compliance risks associated with unsupported Citizen Development are arguably the most dangerous form of technical debt. A non-professional developer may not be trained in security best practices, leading to applications with a host of vulnerabilities. These can include insecure, non-compliant data handling and weak or non-existent security access controls.
These applications, operating outside of central IT’s oversight, create a massive attack surface for an organization. Auditing and securing this landscape of unknown applications is a logistical and financial nightmare. This security debt can be the cause of a major data breach or a regulatory compliance violation, carrying fines that far exceed the initial cost of developing the application.
The Compounding "Interest" of the Debt
The combination of AI and the Citizen Developer is a direct modern parallel to what happened with Lotus Notes. Just as Notes empowered departments to build local solutions to their problems, LCNC platforms now give a new generation of business users the power to create complex, data-driven workflows and applications. And just as Lotus Notes created a fragmented ecosystem of applets, today’s LCNC applications are creating a new form of application sprawl, operating without central protection, documentation, or proper security. The short-term gain in departmental productivity is creating a long-term strategic liability.
Proactive Strategies for Protected Management
The solution is not to halt Citizen Development or the use of AI. The potential for innovation and productivity is too great. The solution is to learn from the mistakes of the Lotus Notes era by leveraging the tools and techniques used in cloud computing to enable innovation while ensuring accountability and control.
The Citizen Developer Platform
Platform
The foundation that makes everything else possible. Without a proper Developer Platform, Citizen Developers become authors of expensive chaos. With it, you get guarded innovation at enterprise scale.
Developer Platforms have been all the rage in many IT shops. A single place where developers can go to get access to all of the tools that they need in one integrated environment. Repositories, build scripts, testing software, environments, infrastructure, … Now expand that concept to support the Citizen Developer Community out there generating solutions faster that you can keep track of.
Think of it as the difference between everyone building their own house from scratch versus a well-planned development with shared infrastructure, building codes, and municipal services. Individual creativity within collective capability.
Guardrails
This is where organizations fail. They either restrict everything (and kill innovation) or fail to protect themselves at all - creating ungovernable chaos. Effective guardrails enable innovation in a manner that protects the organization from unintentional risk.
We have been implementing guardrails in cloud Landing Zones for years now. They are vital to ensure that a variety of Security and Operational policies are enforced. Good guardrails work like highway barriers – they keep you safe while letting you drive fast. They catch problems before they become disasters. They ensure compliance without requiring compliance training, review boards, and architecture committees for every Citizen Developer.
Self-Service
The reality is your business users already know what they need. They've been waiting months for IT to build it. Now, they've found workarounds that are probably violating at least half your security policies.
Take a true product mindset and create self-service mechanisms that allow people to do the “right” things with very little friction. Gated and cryptic processes (especially ones with intake forms that require budget codes to even ask a question) create friction and are often ignored. Instead, let people pick from a curated menu of options and “magically” allow them to be productive with minimal effort.
The breakthrough comes when your marketing team can build their own campaign automation, your finance team can create custom reporting dashboards, and your operations team can deploy workflow solutions – all without waiting for IT to free up capacity next quarter.
Communities of Enablement
Innovation spreads through people, not policies. Create, enable, support, and celebrate communities where knowledge flows and problems get solved collaboratively.
These aren't formal training programs or governance committees. They're your own internal stack overflow where your marketing team shares automation patterns with finance, where someone in operations has solved the exact data integration challenge you're facing, where best practices emerge from actual use rather than theoretical frameworks.
Communities of Enablement bridge the gap between IT's technical expertise and business users' domain knowledge. They turn isolated solutions into shared capabilities.
Conclusion
The lessons from the Lotus Notes era are clear: speed without control leads to chaos. The convergence of AI and Citizen Development holds enormous promise for accelerating digital transformation. By empowering non-technical employees, organizations can unlock a new wave of innovation and operational efficiency. However, without a proactive and strategic approach to supporting this new community, this power will inevitably lead to a systemic debt load that is more complex and dangerous than anything seen in the past.
