No. 13 · Policy & People

Establishing a Builder Culture

How agentic AI democratizes the building of government systems, while the fortress stays central.

Every few years, governments change their mind about how to deliver technology. They centralize until the bottlenecks become intolerable, then decentralize until the duplication and the risk become intolerable, and then they swing back. Alberta, the Government of Canada, and more recently British Columbia all sit at the centralized end of that swing today. Agentic AI offers a way to stop swinging: to hold the protective core in the center while handing the act of building back to the people closest to the work. We call the result a builder culture.


## §01 The pendulum governments keep swinging

Centralization and decentralization each solve the other's problem. A central IT function buys economy of scale and a consistent method, and it cleans up the accumulated sins of many teams each doing things their own way; its price is the bottleneck, the queue every ministry waits in. Decentralization buys autonomy and flexibility, and its price is duplication, uneven security, and the loss of every economy of scale. Neither stays right for long, which is why governments keep trading one set of problems for the other.

Alberta consolidated its IT function beginning in 2016, formalized it closer to 2019, and in 2022 created the Ministry of Technology and Innovation, joining the government's central IT mandate to economic development mandates, including Alberta Innovates. Today that ministry is the IT backbone for the whole of government, healthcare IT aside, and it carries both sides of the bargain. Hard negotiation with suppliers and the scale of a single estate have saved tens of millions of dollars in recent months. The same central model is also too slow to meet what most ministries need. That is the crux: how to let ministries explore and build, while keeping the castle-and-fortress protection that government requires, in its finances and against a rising cyber threat.

Saved by scale Tens of $M. Recent savings from a single estate and hard supplier negotiation, the benefit centralization is meant to deliver, and a reason the protective core stays central.


## §02 A third model

Artificial intelligence introduces a third option the old pendulum never offered. Delivery itself can be augmented by AI, which lets the work split cleanly in two. The functions that must stay uniform to keep government safe, cybersecurity, identity and access, networking, databases, licensing, operating systems, telephony, and end-user compute, remain central. The act of building, the agents and applications themselves, moves back out to the ministries. A ministry with no IT department of its own can use the platforms built for the AI factory, Pronghorn, Nexus, and Velocity, to design, run, and measure its own solutions safely.

What a ministry builds need not be an application in the old sense. It might be an agentic workflow, an autonomous agent with delegated access wired into the Microsoft 365 or Google environment, or a front-end that exists only as a temporary interface for one task and then is gone. The pattern is familiar from business intelligence, where giving non-technical staff direct access to their own data through Power BI or Tableau produced real operational insight. The agentic era reaches much further, because the tool on the other side of the interface can now do the building, where before it only drew the charts.


## §03 What makes it safe to build

Two capabilities make this safe to offer. The first is delegated access. Through an agent gateway governed by identity and access management, a public servant can lend their own permissions to an agent: their email, calendar, and Teams, the OneGX ERP, ServiceNow, SharePoint, the open web, and the bespoke systems of their ministry. An agent acting on that delegation can do anything an existing application could, without a line of new code, and only ever within the access the person already holds through Entra ID. Provide the gateway and the identity controls, and a ministry can build its own solutions on top of the government's API and data layers.

The second is vibe coding. A non-technical specialist can describe a system they imagine, its interface, its workflows, and its controls, and have it built. Rather than reaching for an outside tool like Lovable, a ministry can use the governed tools and the well-built harness, then pass the result back to Technology and Innovation through automated checks. The gates that traditionally keep an application out of production, the red and blue security agents, information management, and proper identity and access management, can be cleared by a non-technical builder when the controls of the AI factory are enforced. Quality control becomes something the system verifies, not something only a central team can perform.


## §04 From centralizing delivery to centralizing governance

This shifts the center's job. Technology and Innovation stops being the place where all software is delivered and becomes the place where all software is governed. An audit-based control plane watches the estate: an agent assigned to every application, reading every log, surfacing issues earlier and remediating or blocking them as they appear. The gap that once separated a centrally built application from a ministry-built one, in security and in privacy, closes, because the same controls are enforced on both. The risk of an agent running amok, or of a careless build reaching production, falls toward zero.

Nothing is free. When the cost of a new application falls far enough, the estate can swell from 1,400 systems to fourteen thousand or a hundred and forty thousand, and a new kind of technical debt sets in. Alberta already knows the shape of this. The government carries no fewer than 18,000 SharePoint sites, most of little value and none easy to retire; when the on-premises platform reached end of life, it cost millions to migrate their contents, because cleaning them up first was harder than carrying them forward. We are poor at going back to tidy data, and poorer still at tagging it well to begin with.

The same automation that creates the sprawl can clear it. Picture agents that index every file as it is written and dispose of it by rule, so a document left in a folder, and in time the folder and the site around it, simply ages out under an automated policy. A forest works this way. A fallen tree would pile up forever if nothing consumed it, until the ground was nothing but trunks; instead bacteria break the fibers down over years and return them to the soil, and growth and decay hold a rough balance. An estate of systems can be built to the same balance, with disposition rules tightened by weeks or months whenever growth runs ahead of cost. The deeper fix, moving how data is classified away from rigid folders and toward metadata, belongs to a separate discussion of intelligent digital systems; here it is enough that creation and removal can be brought back into step.

The sprawl to design against 18,000. SharePoint sites the government already carries, most of little value and none easy to retire. When a new application costs almost nothing to make, unmanaged growth is the failure mode to plan for.

"Our mode shifts from centralizing IT delivery to centralizing IT governance." · Janak Alford, Deputy Minister, Ministry of Technology and Innovation


## §05 The builder

A builder culture is the deliberate enablement of non-technical people to create solutions and keep them in the hands of the people who use them. It extends the third level of the Alberta AI Academy, where staff learn to drive Pronghorn, Nexus, and Velocity to build to an enterprise standard. Give those graduates a governed way to deploy and monitor what they build, with security and privacy woven into the tools and audited through production, and there is little reason left to forbid a non-technical specialist from building their own application. The technical bottleneck that defined the old model begins to disappear.

For decades, software was a kind of mystical art, too complex to approach without a degree and years of practice, and so the right to build was held by a few. It is worth asking who that served. No one benefits from a world in which only the treasury branch is allowed a spreadsheet. A current frontier model is already a stronger full-stack developer, database administrator, and security specialist in one than any single person. People in aggregate are more creative, and a named specialist still outperforms the model within their own craft, yet no individual holds all of those skills at once the way the model does. The task now is to put the tool within reach of every team.

The builder is a person with deep knowledge of a domain, finance, public safety, wildfire, or agriculture, who sees a problem that technology could solve and is given a safe place to try. They need no project funding and carry no measurable cost beyond the tokens they spend, and the early evidence is that good ideas pay for themselves. Trained and equipped, such people give government many delivery teams in place of one queue. This is the social contract set out in the Academy paper in another form: a stronger security posture, faster delivery, and real cost containment, in exchange for handing the creative work back to the specialists who understand the problem best.


## §06 The inevitable model, or shadow IT

Some version of this is coming whether or not it is sanctioned. If central IT cannot deliver at the speed ministries need, AI becomes the fastest available way to build, and it will be used, with none of the controls described here. Vibe-coded applications will appear outside the fence, exposing government, and they will be blamed on the technology. The danger is a misattribution: the models are highly capable, and most of the risk lies in how people use them, without the security, privacy, and data discipline that safe use requires. A backlash against AI built on that confusion would be aimed at the wrong target.

The cyber dimension makes the timing urgent. We have not yet seen how dangerous AI in the hands of criminals will become, and within the next year we expect serious, perhaps damaging, attacks on government systems built or guided by AI. The Cyber Imperative makes the broader case. Extending the academy into a builder culture is how Alberta means to keep velocity high and cost contained while keeping the building inside the fence, where the controls hold.


## §07 A consultancy model, and an invitation

The likely shape of this is a consultancy model in place of a delivery one. AI does the implementing. Technology and Innovation provides the fortress, the governance of technology, the management of vendors, and the controls, and it works alongside ministries as a consultancy: helping design solutions and architectures, finding novel uses for the models, and overseeing how the newest models enter the environment safely. The creativity comes from the ministry partners who know the work; the center keeps it sound.

This fits the decentralized hybrid model Alberta is already adopting elsewhere, governance held at the center with delivery on the spokes, in how the province handles data and procurement, and it is reasonable to expect AI to let us run solutioning the same way. We anticipate piloting a builder culture during 2026, and we will publish what we learn. Ministry partners who want to explore it with us, and other governments weighing the same shift, are warmly invited to take part.

Tags: builder-culture, democratization, governance, agents, shadow-it, operating-model, change-management

Open the interactive version