Some stories are small, but they explain a whole era better than any report. One of the most talked-about examples in tech lately came from Tobi Lütke, CEO of Shopify, who described turning an everyday annoyance into a working tool in minutes: his annual MRI scan came on a USB stick, but the recommended viewer required commercial Windows software. Rather than installing Windows or hunting down alternatives, he used an AI model to build an HTML-based viewer for the data—on his Mac—and said it looked “way better.” Then he added a detail that really matters: “one more prompt” and the viewer could annotate everything with the findings.
The screenshot is impressive, but the bigger signal is cultural: the instinct to “just build it” with AI is starting to compete with traditional SaaS in places where people used to accept friction, licenses, and vendor constraints.
A habit shift: AI becomes the first move, not the last resort
What Lütke described isn’t just “AI wrote some code.” It’s a new default behavior. When a problem appears, instead of searching for a product, opening a ticket, or waiting for an engineering sprint, people reach for a prompt. Repeat that across thousands of teams and you get something profound: the distance between the pain and the solution collapses.
AI becomes a translation layer between intent and execution. The result can be a useful, working artifact—often a “micro-tool”—that’s good enough to remove the bottleneck immediately: a viewer, a dashboard, a converter, a quick internal admin panel, a one-off integration.
From SaaS “for everyone” to micro-software “for me”
SaaS won by packaging common needs at scale: standardize a workflow and sell it widely. But a surprising amount of enterprise software spend is driven by smaller, messier realities—awkward viewers, rigid reporting, missing integrations, legacy processes, and tools that only exist because they’re the default.
That’s exactly where “software by prompt” thrives. It doesn’t have to be perfect. It has to be fast, tailored, and sufficient.
In the MRI viewer example, the win wasn’t just aesthetics. It was control and accessibility: “open this in Windows” becomes “open this in a browser.” In a company setting, the same pattern shows up everywhere:
- “We need a dashboard for X.”
- “Export Y in this exact format.”
- “Build an internal viewer for Z.”
- “This workflow should be automated.”
Historically, those requests went into a backlog—or turned into a purchase. Now they can become a working prototype in hours.
The uncomfortable part: the next wave of shadow IT is “shadow software”
For IT leaders and sysadmins, this trend has a sharp edge. If building tools becomes easy, so does creating risk. The next version of shadow IT won’t just be unsanctioned SaaS subscriptions—it’ll be unsanctioned software generated from prompts, shared informally, and quietly becoming operationally important.
And even when the intent is good, the risks are familiar:
- dependencies pulled without pinning or review
- secrets embedded in code or poorly handled environment variables
- no version control, no ownership, no maintenance plan
- logging that accidentally captures sensitive data
- overly broad filesystem/network permissions
- a “personal tool” that turns into a team dependency
A viewer built for one person can quickly become “send me that tool,” then “can we put it on the shared drive,” then “everyone uses it,” and suddenly it’s production—without ever being treated like production.
What this means for SaaS: features aren’t enough anymore
This doesn’t mean SaaS disappears. It means the value people pay for shifts. If prompts can replicate a chunk of niche functionality quickly, SaaS has to win where prompts struggle:
- compliance, auditability, and governance
- contractual responsibility, SLAs, and support
- deep integrations and ongoing maintenance
- security posture and end-to-end controls
- reliability at scale, 24/7 operations
In other words, the “feature checklist” stops being the center. Trust, operations, and guarantees become the moat.
How organizations should respond: build guardrails, not walls
The best response usually isn’t prohibition. It’s channeling. If the company wants speed, IT has to provide safe lanes so speed doesn’t break security or continuity.
Practically, that means:
- internal templates and starter repos with clear licensing
- minimal pipelines: tests, dependency scanning, light review
- centralized secrets management
- sandboxing/containers for execution
- outbound network/egress controls
- a registry of micro-tools with an owner and purpose
The goal is to turn prompt-built software from a jungle into a garden: creative, but governable.
A preview of the next five years
The Shopify CEO’s post isn’t important because of an MRI viewer. It’s important because it normalizes a new reflex: solve friction with AI before you buy or wait. If that reflex becomes widespread, the next few years will bring an explosion of internal micro-services, one-off tools, and hyper-specific workflows that never existed before—because they weren’t worth building.
Now they are. And that changes how software gets built, bought, and governed—starting from the inside.
FAQ
What does “software by prompt” mean in an enterprise context?
Tools and automations created by describing goals in natural language to an AI model, then iterating until the result works for a specific internal use case.
Why could this disrupt traditional SaaS?
Because a lot of niche SaaS exists to solve small, recurring frictions. If teams can generate “good enough” internal tools quickly, SaaS must compete on operational value—security, support, compliance, and reliability.
What’s the biggest risk for IT and sysadmins?
The rise of “shadow software”: prompt-generated tools deployed without version control, audits, secrets management, or maintenance ownership—then quietly becoming critical.
How can companies enable this without compromising security?
By providing guardrails: templates, internal repos, minimal CI checks, sandboxed execution, secrets management, dependency scanning, and clear ownership for every micro-tool.