Morey Haber, Chief Security Advisor at BeyondTrust, discusses the implications of two phenomenon that have risen to prominence in the AI era – “Zombie AI” and “AI obsolescence before AI maturity”.
Having spent decades as a backroom topic for tech experts and sci-fi fans, artificial intelligence is now a pocket-and-purse companion for the everyday consumer and seen as both opportunity and challenge at every corporate board meeting. Nowhere has this rapid transition been more evident than in the United Arab Emirates (UAE) where, in May this year, Abu Dhabi’s AI group G42 announced it was partnering with OpenAI, Nvidia, Cisco, SoftBank, and Oracle on Stargate UAE, a 5GW AI data center campus. The announcement was made in a year when the UAE AI market is expected to be worth US$1.17 billion and grow at a CAGR of more than 26% to reach US$4.74 billion by 2031.
The AI oil boom occurred because the way AI is perceived has fundamentally shifted. AI has the power to improve efficiency, to reduce costs, to help enterprises gain a competitive edge. But a strange phenomenon referred to as “AI obsolescence before AI maturity” is now rearing its head along with another concept, “Zombie AI”, in which out-of-date AI systems still lurk within the IT stack as Shadow AI or aging production. In falling for large-language models, agentic AI, domain-specific AI tools, and cloud-native machine learning, organizations have tried to wring value out of emerging technologies before their competitors do. But if a more advanced, cheaper version of the technology is released, all the enterprise’s research and implementation efforts will have been for naught and organizations may have failed to decommission existing AI deployments even before they have matured within the environment.
“If organizations can create the right governance, they will overcome their tendency to implement AI as a matter of urgency and replace it with a focus on the service life, relevance, and accountability of AI. Some models will age more quickly than others but with the right governance, the prompt retirement of an inapt model will be seen as an advantage rather than a chore.”
– Morey Haber, Chief Security Advisor at BeyondTrust
With the arrival of agentic AI, organizations must now look to stagnant systems lingering as zombie AI — models and services that are no longer relevant or accurate. Arising from abandoned pilot projects that were integrated into production systems, or from legacy dependencies on AI tools, or even from a lack of governance, zombie AI poses a real risk to businesses. If not addressed, it will consume resources and budget that could be put to better use, and because it is not current, it could potentially lead to flawed decisions or worse, a cybersecurity breach into the environment.
Zombies on the loose
The longer it goes unaddressed the greater the risk zombie AI poses. It can disrupt the very heart of the business, undermining operations, compromising compliance, and even weakening security. It is therefore much more than just end-of-life technology, which means its impacts go beyond wasted investment. If training data is out of date, every recommendation presented to decision makers will be potentially invalid. The UAE government is constantly working on updating regulatory frameworks to reflect dynamic markets. Accountability in AI is likely to be a key area of focus for authorities, which means zombie AI may be a risk to compliance and security. And because they are older, zombie systems may not implement cybersecurity best practices such as the principle of least privilege.
In the longer term, zombie AI can cause end users and customers to stop trusting even current AI tools because they have long endured inaccurate, biased, or outdated results. As zombie AI continues to consume compute cycles and cloud resources, often without human oversight, the overall efficiency of the business will be under threat. Only strong, proactive governance can address both obsolescence before maturity and zombie AI. AI must be treated like any other physical or digital asset. Its lifecycle should be expressly defined, including details of the onboarding, monitoring, and retirement processes. Every AI system should be subject to ongoing monitoring, and the monitoring process should be guided by a decommission plan that is invoked when appropriate, to prevent zombie AI from arising.
In addition, benchmarks and KPIs will help organizations to assess AI models’ performance against established business goals and target costs. If outputs are found to be below thresholds, project leaders can decide to retrain the model, upgrade the tool, or take the system out of service. For these decisions, a cross-functional team must oversee AI usage using a Human in the Loop (HitL) model. These governance committees are vital in ensuring that AI systems are compliant, ethical, and efficient. To support these efforts, AI tools can be used to monitor other AI systems, alerting governance committees to model drift, bias, identity security issues, and resource inefficiencies.
No dead weight
If organizations can create the right governance, they will overcome their tendency to implement AI as a matter of urgency and replace it with a focus on the service life, relevance, and accountability of AI. Some models will age more quickly than others but with the right governance, the prompt retirement of an inapt model will be seen as an advantage rather than a chore.
Following hype is not necessarily always the wisest business decision. Operational maturity and business impact should be the main influences when it comes to the implementation of AI. AI should provide rich insights that enhance decision-making. Very little business value is derived from simply being the first to deploy the latest AI tool and neglecting its existence.
AI obsolescence before AI maturity and zombie AI are the hidden costs of the AI arms race. As the UAE continues to lead on the development of AI, businesses here must ensure they are part of the success story by avoiding adoption without governance. The risk of inefficiency and wasted investments is too great to leave the AI journey to chance. AI is not the finish line; nor is it the race. It is a new way of approaching the contest — through a disciplined lifecycle of monitoring, assessing, changing, and growing. Do not let AI haunt the enterprise. Do not let it be a rent-free tenant. Define its responsibilities and govern it to ensure it pulls its weight, and do not be afraid to depreciate it when its useful life has been exceeded.
