Presented by Retool
The logic used to be: buying software is cheaper, faster, and safer for most use cases. The building was reserved for companies with large engineering teams, deep pockets, and problems so specialized that no vendor could address them. But now, the cost of coding a piece of software has dropped to zero.
Now anyone can create their own software, but the enterprise and governance model has yet to catch up. Retool’s 2026 Build vs. Buy Shift report, based on a survey of 817 builders, explores how this shift is playing out.
The cost curve shifted; SaaS pricing not determined
Two years ago, a custom internal tool could take an engineering team several weeks or months and cost six figures. Today, with the right platform an operations lead can have a working prototype in a day or two. This structural shift is driven by the growth of AI-assisted development and the maturity of enterprise app-building platforms.
Meanwhile, SaaS pricing has not adjusted, still being charged per seat for generic software that requires customization and integration costs on top. When building costs drop by orders of magnitude but procurement costs remain constant, the math changes for every company, not just large engineering teams.
The data shows this. Retool’s report found that 35% of teams have already replaced at least one SaaS tool with a custom build, and 78% plan to create more custom tooling in 2026.
Workflow automation and admin tools are among the SaaS tools at risk
Change is not happening evenly. The top SaaS tools respondents have replaced or are considering replacing include workflow automation (35%) and internal admin tools (33%), followed by BI tools (29%) and CRM (25%).
A purchased workflow automation tool has to serve thousands of customers, so it optimizes for the average case – and the average case is nobody’s. Real Case. Every company’s internal workflow is different. They reflect the organization structure, compliance requirements, data systems, and business logic unique to that organization.
Internal admin tools have the same problem: They’re inherently company-specific. These categories were always the oddest for off-the-shelf software, and now there is an affordable, accessible option (MIT’s The State of AI in Business reported savings of $2-10 million annually for customer service and document processing tasks).
The replacement pattern is additive rather than wholesale (no one is eliminating Salesforce). They’re replacing specific pieces that never fit: an approval flow that requires three workarounds, dashboards that can’t connect to their real data… but those narrow replacements add up. Once a team creates a device that works better than the one they bought, the default question is “What should we buy?” Changes from. “Can we make it?”
Builders go around IT, indicating broader procurement challenges
The clearest evidence that procurement processes have not kept pace with manufacturing capacity is the scale of shadow IT now occurring inside enterprises. Retool’s report found that 60% of builders have created tools, workflows or automation outside of IT oversight in the past year – and 25% report doing so frequently.
Even experienced, high-judgement people choose speed over process. Two-thirds (64%) of the total survey respondents are senior managers and above. Existing procurement cycles were not designed for a world where software takes days instead of months to build. When people like to quote the 95% generative AI pilot failure rate they are not taking into account the strong grassroots implementation happening right under the noses of officials.
Shadow IT is a demand signal on this scale. The people closest to the problems are telling organizations that existing processes cannot continue – 31% of people who move around IT do so only because they can build things faster than the tools IT can provide. Therefore, repression is not a productive response. The challenge is that tools being built in the shadows are more likely to stop working before they become useful.
The Vibe-coded prototype running on sample data is impressive. Have a production appliance connected to your actual Salesforce instance, with role-based access and security review useful. The report found that 51% of builders have shipped production software currently in use by their teams, and nearly half of them reported saving six or more hours per week.
When construction takes place in an uncontrolled environment, organizations do not get reliable results. One connects AI-powered tools to production data with no audit trail, no access controls, and no owner. Multiply this by the dozens of builders in an organization, and you have an extended security surface that IT may not even know exists.[1]
Teams whose homebuilt solutions reach production have three things that others don’t: connectivity to real data sources, a security and permissions model they trust, and a review process for what is deployed. Channeling builder energy into a controlled environment, where there are no conflicts between speed and security, is the way organizations keep shadow IT from becoming a liability.
Governance will define the next era of SaaS
The build versus buy shift is already underway. Now the more important question is who controls the environment where that building is built.
Unregulated building invites safety risks And It becomes difficult to close the ROI case. You can’t measure time saved by tools that IT isn’t aware of, or that are only run in one person’s workflow. You can’t enforce access controls on a prototype that someone added to production data last Tuesday. And those aren’t hypothetical risks: In Deloitte’s 2026 State of AI survey of 3,200+ enterprise leaders, data privacy and security ranked as the top AI concern at 73%, while governance capabilities were close at 46%. The 35% of organizations with no AI productivity metrics lack more than just a dashboard. They are missing the infrastructure of accountability that justifies building on procurement in the first place.
Only those organizations that treat a governed environment as a prerequisite for building at scale can actually prove that it is working. Those who don’t know will know when something is broken.
For a closer look at the data, including how enterprises are moving toward AI-assisted building, read in full 2026 Build vs Buy Shift Report.
[1] Which can cost a lot: IBM’s cost of 2025 data breach report found that AI-related cases cost organizations more than $650,000 per breach.
David Hsu is the CEO at Retool.
Sponsored articles are content produced by a company that is either paying for the post or that has a business relationship with VentureBeat, and they are always clearly marked. Contact for more information sales@venturebeat.com.
<a href