The secret to scaling AI is overcoming Conway’s Law

Lori Mac VittieDistinguished Engineer and Chief Evangelist | F5

Insights from the 2026 State of Application Strategy Report

For decades, Conway’s Law was treated as a clever observation about software design. Systems, it said, mirror the communication structures of the organizations that build them. Useful. Occasionally inconvenient. Largely ignorable.

That era is over.

Recent operational data turns Conway’s Law from theory into measurement. When we look at how many tools are required to make a change to an application and how many teams are required to execute that change, the distributions are nearly identical. As workflows rely on one or two tools, they tend to involve one or two teams. As tooling expands into the five-to-ten range, team involvement expands in lockstep. The curves track each other so closely that coincidence is no longer a plausible explanation.

This is Conway’s Law expressed quantitatively: organizational structure does not merely influence architecture, it determines it. Enterprises encode their org charts directly into their delivery and security stacks. Tool sprawl and coordination sprawl are the same phenomenon viewed from different angles.

AI inference enters this environment not as a disruption, but as an accelerant.

Inference introduces itself as a new application tier, and enterprises are already treating it as such. Data from our latest State of Application Strategy Report makes that unmistakable:

• 55% of respondents report the need to manage authentication and API access for AI services.
• 54% emphasize the need for visibility into AI traffic flow and demand.
• 51% are focused on preventing outbound data leakage from AI systems.
• 43% highlight the need to protect models from inbound abuse.
• 40% want a centralized point of control for AI traffic across models and backends.
• Nearly all respondents report self-hosting inference infrastructure rather than fully outsourcing it.

None of these concerns are exotic. They map cleanly to long-standing application delivery and security responsibilities. Traffic control, identity, visibility, protection, and governance are familiar territory. What is different is the nature of what is being controlled.

Inference replaces deterministic services with probabilistic systems. Requests become prompts. Sessions become tokens. Outputs are no longer predictable strings but statistically plausible responses. Cost becomes a reliability constraint. Drift becomes an operational risk. Abuse shifts from syntactic exploitation to semantic manipulation.

Each of these shifts expands responsibility without cleanly fitting into existing tooling boundaries.

And this is where Conway’s Law reasserts itself with force.

The implications of Conway’s Law

Enterprises do not respond to expanded responsibility by quietly extending existing tools and asking existing teams to absorb the work. They respond by differentiating. When authentication must become model-aware, specialized access layers emerge. When observability must track token usage and semantic drift, new telemetry platforms appear. When data protection must reason about generated output instead of inspected input, existing controls are declared insufficient. Each perceived gap justifies a new tool. Each new tool demands ownership. Ownership hardens into teams.

The inference data already shows consolidation lagging behind expansion. Only 28% of respondents report streamlining AI developer workflows through a single management point. The rest are already operating across multiple tools and control surfaces. When viewed alongside the earlier Conway’s Law data, the trajectory is clear: as AI responsibilities proliferate, tools proliferate, and teams proliferate in parallel.

This is not an accidental outcome. It is the natural result of introducing a semantic layer that cuts across every existing delivery and security domain. Inference does not sit neatly inside platform teams, security teams, or application teams. It intersects all of them. Without a unified control plane, organizations default to fragmentation.

The result is organizational explosion.

AI will add complexity if organizations do not actively work to avoid it

AI does not flatten enterprises. It makes their structure visible, measurable, and unavoidable. Complexity becomes fractal, repeating at every layer of delivery, security, reliability, and governance. The same pattern that governed application stacks now governs inference pipelines, only faster and with higher stakes.

The combined data leaves little room for optimism about spontaneous simplification. Conway’s Law is not broken by AI. It is enforced by it. And unless enterprises deliberately collapse tooling and ownership boundaries, inference will become the most coordination-heavy, brittle, and expensive tier they operate.

AI will not outpace organizational design. Organizational design will determine whether AI ever scales at all.

To learn more, read the full 2026 State of Application Strategy Report.

About the Author

Lori Mac VittieDistinguished Engineer and Chief Evangelist | F5

Lori MacVittie is a Distinguished Engineer and Chief Evangelist in F5’s Office of the CTO with deep expertise in application delivery, automation strategy, and infrastructure. She is known for turning complexity into clarity whether she’s defining guardrails for AI agents, dissecting brittle multicloud architectures, or probing the limits of scalable systems. She brings more than thirty years of industry experience across application development, IT architecture, and network and systems operations. Before joining F5, she served as an award-winning technology editor. MacVittie holds an M.S. in Computer Science and is a prolific author whose publications span security, cloud, and enterprise architecture. She is also an avid tabletop and video gamer with unapologetically strong opinions about cheese.

More blogs by Lori Mac Vittie