Can AI-generated code replace ERP? Lessons for businesses kooking to rebuild their core systems
- Evelyn Carter

- 4 hours ago
- 4 min read
Many organizations are leveraging AI to generate code and accelerate application development. However, according to Chris Lloyd's analysis published on Supply Chain Brain, using AI to build or replace an entire ERP system introduces significant risks related to security, software validation, operational governance, and compliance.
Notably, one cited study found that 45% of AI-generated code contains security vulnerabilities, making direct deployment into production environments a high-risk decision.
Why are businesses trying to rebuild ERP with AI?
Artificial intelligence is changing how enterprise software is developed. With simple prompts, AI tools can generate applications, APIs, and new features in a fraction of the time required by traditional development methods. As a result, many organizations are beginning to ask whether they can build an entirely new ERP system instead of investing in established ERP platforms.

For lightweight applications such as internal reporting tools, integrations, or workflow automation, AI can significantly reduce development time. However, ERP is much more than a business application, it is the operational backbone of an organization.
That is why many experts argue that businesses should change their perspective. AI should be viewed as an accelerator for software development rather than a replacement for an ERP platform that has been refined through years of real-world operations.
How is ERP different from a typical AI-generated application?
Unlike standalone applications, ERP systems store and process mission-critical operational data accumulated over many years.
In manufacturing and other highly regulated industries, ERP platforms manage essential business processes such as:
Inventory management
Production planning
Cost calculation
Product traceability
Financial management
Audit support and regulatory compliance
These business processes are not simply written in code. They have evolved through thousands of operational scenarios, regulatory requirements, and years of business experience.
While AI can generate code quickly, it does not inherently understand the complex business logic that has been built into ERP systems over decades. This highlights the significant difference between building software and running a business.
What are the risks of using AI-generated code in ERP systems?
This is one of the primary concerns highlighted in the article.
1. Security Risks
Researchers from Georgia Tech SSLab have also identified a growing number of security issues directly associated with AI-generated code.
When that code handles financial records, inventory transactions, or production workflows, the consequences extend far beyond software defects—they can directly impact business continuity.
2. Growing Verification Debt
Generating code rapidly without detailed specifications, structured testing, or architectural discipline creates what is often referred to as "verification debt."
Over time, organizations face systems that become:
More difficult to maintain
Harder to scale
Increasingly challenging to troubleshoot
More expensive to operate
3. Lack of Clear Ownership
If an AI-generated ERP system fails during critical business activities such as financial closing, regulatory audits, or production expansion, the organization assumes full responsibility.
There is:
No software vendor accountable for support
No product roadmap
No established ecosystem
This represents a major difference between enterprise-grade ERP platforms and systems rapidly generated using AI.
Should AI be used in ERP?
According to the article, AI delivers the greatest value when applied to tasks such as:
Automated document processing
ERP user assistance
Operational data aggregation
Report analysis
Improving shop-floor visibility
Supporting workflow automation
These use cases allow organizations to benefit from AI without compromising the integrity of the underlying ERP platform.
Replacing an entire ERP system with AI-generated code, however, should be approached with great caution.
What should businesses prepare before applying AI to ERP?
The key question is not how many lines of code AI can generate.
The real question is whether the organization has the governance processes necessary to ensure that code is secure, reliable, and maintainable.
Businesses should establish standards for:
Clear functional specifications
Secure SDLC processes
Security testing
Functional testing
Version control
Deployment approval procedures
Post-deployment monitoring
AI delivers sustainable value only when it operates within a well-defined governance framework rather than relying solely on prompts.
What Businesses Can Do Immediately
Organizations can significantly reduce risks associated with AI-assisted software development by:
Implementing Secure SDLC from the design stage
Establishing mandatory code review before deployment
Integrating SAST and DAST into CI/CD pipelines
Performing regular security assessments on AI-generated components
Applying structured Change Management and regression testing before production releases.
AI is creating tremendous opportunities for enterprise software development, but generating code faster does not automatically result in an ERP system that is secure, stable, and capable of supporting long-term business operations.
Professional support from IPSIP Vietnam
IPSIP Vietnam's management and monitoring platform has successfully passed rigorous independent assessments to achieve internationally recognized ISO/IEC 27001:2022 and SOC 2 Type II certifications. Through its 24/7 Security Operations Center (SOC), 24/7 Network Operations Center (NOC), and dedicated IT Support/Helpdesk teams, IPSIP delivers continuous monitoring, rapid threat detection, and around-the-clock incident response to help organizations defend against cyber threats at any time.

Internal controls can reduce risk, but they often cannot identify every vulnerability introduced by AI-generated code, especially within large ERP systems, enterprise web portals, or business-critical applications.
For comprehensive protection, organizations should consider IPSIP Vietnam's Web & Mobile Application Security service. This service evaluates source code, APIs, authentication mechanisms, session management, and OWASP-related vulnerabilities before applications are deployed into production. It enables businesses to leverage AI-driven development while maintaining system security, stability, and operational reliability.
References










Comments