The role of the enterprise developer is undergoing fundamental changes this year and in the coming ones. There is a shift from a paradigm where the developer primarily writes code to managing complex AI systems. This change requires new skills, tools, and approaches to security, especially in critical infrastructure such as banking and financial institutions.
AI in development: a new landscape for enterprise development
AI in development is not about integrating AI models into existing applications, but a fundamental change in the approach to software creation. In this architecture, AI is not an auxiliary tool but a central component involved in cognitive work that was previously the prerogative of humans: analysis, decision-making, and evaluation.
In practice, this year already shows AI tools supporting such tasks. According to the 2026 Work Trend Index Annual Report, 49% of conversations with Microsoft 365 Copilot supported cognitive work. This indicates that AI is becoming a partner in complex intellectual processes, not just automating routine tasks.
A key trend defining this landscape is the shift towards domain-specific models. According to Gartner’s forecast in Top Strategic Technology Trends for 2026, by 2028, over half of GenAI models used by enterprises will be domain-specific. This means that instead of universal models, companies will develop or adapt AI for specific business processes and industries, requiring a deep understanding of both AI and the subject area.
Transformation of the developer role: from code to AI risk management
In the era of AI in development, the enterprise developer is not solely focused on writing code. Their role is evolving towards that of an architect, integrator, and risk manager for AI systems. This requires understanding the AI model lifecycle, their integration with existing systems, and managing potential threats.
A business problem faced by many organizations, especially in the financial sector, is that ERP systems become a bottleneck. These systems, often built on legacy architectures, cannot effectively process the large volumes of data required for training and operating modern AI models. The developer must find solutions for integrating AI components without disrupting the stability of critical systems, and also ensure a seamless flow of data and its quality.
This requires the developer to possess not only technical knowledge but also strategic thinking, the ability to assess the impact of AI on business processes, and the risks associated with its implementation.
Key skills and tools for an AI у developer in 2026-2027
To succeed in an AI environment, enterprise developers need an expanded skill set:
- Understanding of AI system architecture: The ability to design and integrate AI models into complex enterprise architectures, using, for example, a microservices approach.
- Data Engineering and MLOps: Skills in working with data for model training, deployment, monitoring, and production support. This includes model version management, CI/CD for AI, and automation of the model lifecycle.
- Prompt Engineering and model fine-tuning: The ability to effectively interact with generative AI models and adapt them for specific business tasks.
- AI Governance and ethics: Understanding the legal and ethical aspects of AI use, including transparency, fairness, and accountability.
- AI Security: Deep understanding of AI system vulnerabilities and methods for their protection.
Among the tools that are becoming critically important are AI security platforms, which help monitor and protect AI components. The role of low-code platforms is also growing, enabling faster creation and integration of AI functionality. For example, UnityBase (an open-source low-code platform developed by InBase) allows developers to build complex enterprise applications with AI integration, accelerating development and reducing costs.
Security and risk management in an AI environment
AI system security is a distinct discipline with its own unique challenges, not merely an extension of traditional cybersecurity. With the advent of GenAI models, new types of attacks have emerged. OWASP LLM Top 10 2025 lists Prompt Injection (LLM01:2025) as the primary risk for LLM/GenAI applications. This means attackers can manipulate model behavior by inputting specially crafted prompts.
Structured approaches are necessary for managing these risks. MITRE ATLAS structures adversarial AI behavior into tactics and techniques, which is valuable for threat modeling, AI red teaming, and building detection controls. This allows developers and system security teams to systematically identify and eliminate vulnerabilities.
At the management level, NIST AI RMF 1.0 structures AI risk management around the functions of Govern, Map, Measure, and Manage. This ensures a comprehensive approach to identifying, assessing, and mitigating AI-related risks, from the strategic to the operational level.
Developers must understand not only the technical aspects of these frameworks but also their impact on architecture and development. This includes designing systems with security by design principles, integrating monitoring and auditing mechanisms for AI solutions.
A common mistake: migration without a complete dependency map
One of the most common and costly mistakes when modernizing enterprise systems with AI integration is attempting migration or integration without a full understanding of all dependencies. Companies often view ERP systems as monoliths but fail to account for thousands of hidden integrations, custom extensions, and business rules accumulated over decades. This leads to unforeseen failures, data loss, and significant budget and schedule overruns.
The solution to this problem lies in conducting a deep analysis of the architecture and business processes before initiating any changes. This requires using tools for automatic dependency discovery, documenting all integrations, and creating a detailed data flow map. Only then can a modernization strategy be developed that accounts for all nuances and minimizes risks.
Architectural example: modernizing a banking system with AI
Consider a scenario of modernizing a legacy credit management system in a bank using AI. The traditional system has a monolithic architecture that processes applications slowly and cannot effectively utilize large volumes of data for risk assessment.
By adopting an AI у approach, the bank can integrate a microservice for AI credit risk assessment. This microservice, developed based on a domain-specific GenAI model (in line with Gartner’s trend), receives data from various sources: historical customer data, external financial indicators, and CRM system data. The model is trained on this data to identify patterns indicating high or low risk. The assessment results are integrated back into the legacy system via an API gateway.
In this scenario, the developer is responsible not only for integration but also for monitoring the AI model’s performance, its security (e.g., protection against Prompt Injection, as noted by OWASP LLM Top 10 2025), and compliance with regulatory requirements (using NIST AI RMF 1.0 principles). They must also ensure human-in-the-loop mechanisms for critical decisions where AI provides recommendations, and a human makes the final decision. This allows for gradual system modernization, minimizing risks and maximizing AI benefits.
AI readiness checklist for developers
- AI Governance Policy: Is there a formalized policy and is someone assigned to ensure compliance?
- Specific Metrics: Have metrics for monitoring models been defined (e.g., drift, hallucination rate, prompt injection success rate)?
- Human-in-the-loop: Are human oversight mechanisms in place for critical decisions made by AI?
- Security Testing: Is regular AI red teaming and threat modeling conducted to identify vulnerabilities?
- Auditing and Logging: Is there a system for logging AI model decisions for audit and traceability?
- Protection Tools: Are AI security platforms integrated for monitoring and protecting AI components?
- Risk Management: Is there a risk management plan that considers AI specifics (e.g., according to NIST AI RMF)?