The conversations I’m having with manufacturers right now have a new urgency to them. Everyone is moving fast on AI. Budgets are open, pilots are running and the pressure to show results is real. The opportunity is enormous, and standing still is not an option.

However, there is a question that I am not hearing nearly enough: Which AI? Whose AI? Where does it live inside my operations?

The hard truth is this: the rush to bolt third-party AI onto ERP systems is quietly creating some of the most dangerous vulnerabilities manufacturers have ever introduced into their own operations, and it’s happening right now in plants around the world.

A recent independent analysis dove deep into exactly this risk. If you oversee operations, compliance or technology at a manufacturing organization, you need to read it. What follows is what I think every plant leader needs to take away from it.

Shadow AI Is Shadow Analytics 2.0… Moving 10X Faster

Remember the days of the Shadow IT crisis? When employees began to extract sensitive corporate data into uncontrolled spreadsheets and personal cloud applications because official systems were too slow and cumbersome? For years, we worked to clean up that situation, and now we face the same risk with AI. This time, the potential for harm is dramatically greater.

The unsanctioned use of AI applications throughout manufacturing operations is spectacular. Employees are transmitting confidential information about processes, suppliers and financial operations to unapproved AI applications at an average rate of approximately 223 events per month for each enterprise. 

This represents an effort to achieve rapid results, and is identical to the mechanism by which Shadow IT developed. Consequently, we will achieve the same ultimately disastrous results if we fail to take action to control this situation.

There is one important difference. AI applications will use the information that they receive in ways that are substantially more complex than the capabilities of a spreadsheet on a desktop computer. In effect, our proprietary information will be extracted by, and become the property of, a third-party AI application. The application will learn from and ultimately disclose the information in results provided to other individuals.

There will be no opportunity to recover or control access to the information; there is no “undo” button.

Your Competitive Advantage May Have a Leak

As someone who has spent their career in plant manufacturing and operations, I know how much institutional knowledge lives inside a manufacturing operation. It is not just in the machines, but also the logic of how those machines run. That knowledge is one of your greatest differentiators.

When an engineer pastes a proprietary database schema or a backend module into a free external AI tool for debugging, that model may retain the content for future training. When it does, your unique operational logic can become part of a public model and surface later in responses to your competitors.

This isn’t a theoretical risk, either. It is happening today in plants that have no idea it is happening, and once that competitive edge is gone, it is gone permanently.

The Compliance Time Bomb Is Ticking

The regulatory environment right now is not forgiving, and I want to be specific about why it matters so much for manufacturers racing to add AI.

If you are in food and beverage, FSMA 204 enforcement is coming up fast. The FDA will be knocking on your door during a contamination event and require complete lot traceability records (every Key Data Element, every Critical Tracking Event, every transformation in the chain) within 24 hours. That is not a window for scrambling across fragmented systems.

If you are in life sciences, 21 CFR Part 11 requires electronic records and audit trails that are immutable and deterministic.

If you operate in Europe, GDPR Article 30 is watching how your AI agents handle personal data, where it goes and whether it crosses borders without compliant records.

Third-party AI tools were built for speed, not compliance. They frequently sit alongside the ERP rather than within it, which means the digital chain of accountability that regulators will demand is broken before you even knew it existed. The analysis calls this a compliance time bomb, and that framing is exactly right.

Probabilistic AI Has No Business Making Deterministic Decisions

My background in the business of manufacturing makes me especially skeptical of unvetted AI integrations and I think you should be, too.

ERP systems are built on one foundational principle: you put A in, you get B out, every single time. That determinism is what makes your financials auditable, your compliance defensible, and your production planning repeatable. 

Third-party AI, on the other hand, is probabilistic. It gives you the most likely answer, which is a very different thing from the right answer.

Imagine an AI tool used for demand forecasting that hallucinates a massive spike in orders. Without a deterministic guardrail, that false signal triggers the automatic purchase of excess raw materials. Millions of dollars tied up in inventory you do not need. Reverse the scenario: a hallucinated demand drop cancels critical supplier orders and your customer commitments evaporate. If that error lives inside your cost rollups, you are looking at distorted financial statements that can take months to reconcile.

My rule of thumb: if you would not trust an unsupervised intern to execute your financial controls, you should not trust a third-party AI to do it either.

Native AI Is Not a Nice-to-Have. It Is the Only Architecture That Works.

Manufacturers do not have to choose between AI and safety. They have to choose which AI.

Native AI, built into the architecture of the ERP rather than bolted on top of it, is a fundamentally different proposition. Intelligence woven into the workflow maintains deterministic guardrails, keeps data inside the governed environment, and creates auditable, attributable records of every decision an AI agent makes. It also gives employees a sanctioned, secure alternative to the Shadow AI tools they are currently reaching for.

This is precisely the difference between a system of record and a system of action. 

QAD | Redzone’s ChampionAI is built to do exactly this. Embedded within QAD Adaptive ERP rather than layered on top of it, ChampionAI agents are designed to act, not just analyze. They are purpose-built for manufacturing, which means they carry the vertical depth and institutional knowledge that a generalist AI vendor cannot replicate. 

ChampionAI also tackles the shadow AI problem head-on. Rather than leaving employees to reach for unvetted external tools, QAD | Redzone provides an Authorized AI Agent Library: pre-vetted, task-specific agents designed for the real roles inside a manufacturing operation, including scheduling, procurement and quality. 

Employees get the speed and utility they are looking for, and the enterprise keeps its data, its IP and its audit trail.

Our AI Action Auditing framework (SEC-58) takes this further. Every action taken by any AI within the ERP is logged, attributed to a human chain of responsibility, and structured for regulatory forensics. That is what the regulatory environment is going to require, and manufacturers who build for it now will not be scrambling when the mandate arrives.

The Winning Formula for Smart AI Use in Manufacturing

Winning this decade is not about adopting the most AI tools. It is about building intelligence into the right places, with the right governance and accountability behind it. Start here:

• Map your AI footprint before you scale it. You cannot govern what you cannot see. Identify every AI tool being used across your organization, approved or not.
• Demand native, not bolt-on. Before any AI tool touches ERP data, ask whether it lives inside your governed environment or alongside it. That answer tells you everything about your compliance and IP risk.
• Build for the audit you will eventually face. Whether it is the FDA, a GDPR inquiry or a security forensics team, every AI-driven decision in your ERP needs to be traceable, explainable, and defensible. Design for that now, not later.

The analysis I referenced goes deep on the data, the regulatory specifics and the architectural risks manufacturers are navigating right now. Read it and share it with the people in your organization who need to hear it.

The manufacturers who move with purpose, not just speed, are the ones who will come out ahead.

Want to dig into what’s possible with ChampionAI? Join us for one of our Champions of Manufacturing 2026 fall events!