How Enterprise Systems Become Haunted

Why untouched legacy systems are not stable — they are just waiting for reality to arrive

Enterprise Architecture · Technical Debt · AI Risk
2025
blog

How Enterprise Systems Become Haunted

Every enterprise has that system.

The one nobody wants to touch.

The integration that “just works” provided nobody looks directly at it, restarts it or asks difficult questions about why it still depends on a Windows server somebody installed during the Howard government.

Everybody knows the rules.

Don’t patch it.

Don’t reboot it.

Don’t upgrade the library.

Don’t touch the firewall rule.

Don’t change the timeout.

And whatever you do, don’t let the new guy near it because the last bloke who tried to modernise it triggered a three-day production incident and quietly updated his LinkedIn profile afterwards.

Enterprise technology is full of these environments.

And somehow we keep calling them “stable”.

They are not stable.

They are untouched.

There is a massive difference.

Most organisations are operating systems held together with Blu Tack, undocumented assumptions, operational superstition and one exhausted senior engineer who has become less of an employee and more of a hostage situation.

The scary part is that everybody knows it.

The deployment only works if Karen runs the script manually.

The overnight batch process only succeeds if the jobs start in the “correct order”, which nobody fully understands anymore.

The architecture diagram has not matched reality since 2017.

Half the operational knowledge lives in Teams chat history like some kind of digital archaeological site.

And yet organisations keep pretending this is engineering maturity.

It isn’t.

It is survival behaviour masquerading as architecture.

We hear a lot about Shadow IT, but almost nobody talks about Shadow Engineering, which is far worse because it hides inside systems the organisation already thinks it controls.

Shadow Engineering is what happens when operational knowledge exists inside people instead of systems. It is the undocumented logic, hidden dependencies, inherited deployment quirks and “temporary fixes” that quietly become permanent architecture because nobody has the time, budget or emotional energy to deal with them properly.

Eventually the environment becomes so fragile that touching one component causes the entire platform to react like a shopping trolley with a wonky wheel at motorway speeds.

At that point the organisation develops the most dangerous engineering strategy in enterprise technology:

“If it ain’t broke, don’t fix it.”

Which sounds reasonable until you realise the thing absolutely is broken, everybody knows it is broken and the only reason it still appears functional is because the business has built operational rituals around avoiding the dangerous parts.

That is not stability.

That is fear with uptime metrics attached to it.

Then eventually the original CTO moves on and reappears six months later as a “digital transformation advisor” at one of the Big 4 with a LinkedIn premium thought leadership post called “Reimagining Delivery in the Age of AI” on how the problem was organisational challenges exacerbated by insufficient change management, incomplete business requirements, poorly refined user stories or inadequate test coverage.

Apparently the environment did not collapse because the architecture was held together with cable ties and unresolved trauma. No, the real issue was that somebody forgot to update the sprint board correctly, and let our premier digital delivery team show you how to perform SuckEggs TM.

That is the bit that drives engineers insane.

Because real engineering is not theory.

Real engineering is proving the thing survives failure before failure happens.

Years ago I delivered a high-availability RAID 5 database environment running Sybase. Great product. Terrible marketing. After the deployment somebody asked me:

“So how do we know it works?”

I walked over to the rack and hard-pulled a drive out of the live array.

That is engineering.

You do not prove resilience with PowerPoint.

You prove it by creating controlled failure and watching the system survive it.

That is why aircraft systems are repeatedly tested under fault conditions.

It is why martial arts drill defensive movements until reaction becomes instinct.

It is why serious operational environments rehearse disaster recovery before they need it.

And it is exactly why modern certificate lifecycles are moving toward ninety-day rotation models instead of eighteen-month complacency.

Because mature engineering assumes failure is inevitable.

Immature engineering assumes failure is somebody else’s future problem.

Most enterprise environments today are not engineered for survivability.

They are engineered for successful demos and temporary political comfort.

That works right up until somebody touches the wrong thing.

Then suddenly the organisation discovers the difference between systems built on engineering and systems built on hope.

And this is exactly where AI is about to hit enterprise technology like a freight train.

Because while everybody is busy arguing about ChatGPT prompts, the real shift is happening underneath the conversation. Open-weight models from organisations like Mistral are already pushing AI closer to local inference, autonomous decisioning and operational deployment at machine speed.

That changes the risk profile completely.

Now imagine your untouched Windows 8 integration from 2013 sitting inside an environment where AI-assisted systems are making deployment decisions, routing workflows and driving operational behaviour faster than human teams can realistically reason about them.

How long do you think your “if it ain’t broke” strategy survives then?

Because AI does not remove operational fragility.

It accelerates it.

And when fragile systems start interacting with LLM-driven tooling operating at machine speed, hidden engineering debt stops being an inconvenience and starts becoming an existential problem.

The scary part is that most organisations are nowhere near prepared for that reality.

They still think the problem is AI.

It isn’t.

The problem is the pile of haunted infrastructure AI is about to connect to — don’t believe me?