How AI Can Cost-Effectively Replace Legacy Systems
AI can reverse-engineer legacy systems from observed user behaviour and rebuild them through nightly progressive-resolution builds.
The economics of legacy modernisation have flipped. Replacement is now cheaper than continued maintenance.
Scott Farrell — LeverageAI
February 2026
Why $2 million a year in maintenance is no longer the scariest number on the spreadsheet.
The "RPG guy" announces he's leaving.
He's the one person who truly understands how the AS400 application works—the arcane business rules buried in code written before most of the current staff were hired, the undocumented workarounds that keep month-end processing from collapsing, the mental model of a system that has no architecture diagram because he is the architecture diagram.
Maybe he's retiring. Maybe he's moving to a competitor who offered him a retention bonus your HR team didn't think to match. Maybe he's simply aging out—because the average RPG programmer is now approaching 70 years old.
Suddenly, the $2 million per year maintenance bill isn't the scary number. The scary number is the knowledge walking out the door.
This chapter maps the trap. Not to depress you—to make the economics of escape undeniable.
Source: V2Connect, "Cost of Delay in Legacy System Modernization"
The headline numbers are damning enough. Nearly two-thirds of companies spend over $2 million annually maintaining legacy systems1. Banks and insurance companies dedicate up to 75% of their IT budgets to preserving systems that were built in a different era2. Across the board, organisations pour 60–80% of their IT budgets into maintaining existing infrastructure rather than driving innovation3.
But the headline numbers hide the real danger: compounding.
The true cost of legacy maintenance compounds at roughly 20% annually. A mid-sized financial services firm spending $250,000 on maintenance and hardware in Year 1 accumulates over $1.5 million in five years through escalating costs, compliance upgrades, and hardware failures4. This isn't a budget line item. It's a compounding tax on your ability to compete.
| Year | Maintenance | Compliance | Failures | Cumulative |
|---|---|---|---|---|
| Year 1 | $250K | — | — | $250K |
| Year 2 | $300K | $100K | — | $650K |
| Year 3 | $360K | $120K | $400K | $1.53M |
Based on Profound Logic industry analysis of mid-sized financial services firms.
Legacy systems don't fail gracefully. They fail expensively and unpredictably. Unplanned downtime costs $9,000 per minute—$540,000 per hour—with legacy system failures accounting for 40% of major outages5.
A single significant outage can cost more than a year of maintenance fees. And unlike modern cloud infrastructure with automated failover and redundancy, legacy systems typically have limited or no disaster recovery—when they go down, they stay down until someone with tribal knowledge can diagnose the problem.
The maintenance death spiral doesn't just drain money. It drains possibility. Legacy-dependent organisations take 2–3x longer to implement changes6, and 90% of IT leaders report that legacy systems hinder innovation21. The U.S. Government Accountability Office reports that 80% of federal IT budgets go toward maintaining legacy systems, creating what they describe as "a vicious cycle that starves innovation while feeding outdated technology"7.
This is the vicious cycle at work: high maintenance costs starve the innovation budget, making transformation harder, making maintenance more critical, which drives costs higher, which leaves even less budget for innovation. Each year, the trap tightens.
"If hidden costs exceed $300,000 annually, modernisation typically pays for itself within 18–24 months."
If the maintenance economics don't force your hand, the demographics will.
Sources: Perimattic; SoftwareSeni
The average COBOL programmer is now 55 years old, with 10% of the workforce retiring annually. Fewer than 2,000 COBOL programmers graduated worldwide in 20248. Sixty percent of mainframe professionals are over 50. And some estimates put the typical RPG programmer at around 70 years old9.
The blunt version, from Planet Mainframe: "Mainframe developers are not just retiring, they are expiring—and young developers have little interest in mainframe careers."10
This isn't a problem you can solve with a recruiter. Gartner predicts that 60% of modernisation efforts will be delayed due to lack of legacy skills, and 70% will stall—not because of outdated technology, but because no one's left who understands it11.
The knowledge gap isn't like learning a new JavaScript framework. As one analysis put it: "Teaching someone to keep a complicated mainframe application running is not the same as teaching them JavaScript—it requires 30 to 40 years of experience with business logic."12
The cumulative impact is staggering. By 2026, more than 90% of organisations will be adversely affected by IT skills shortages, resulting in approximately $5.5 trillion in cumulative losses due to delayed products, diminished competitiveness, and lost business13.
"The average COBOL programmer is about the same age as the language itself."
So the maintenance is killing you, the workforce is vanishing, and you know you need to move. You call in the consultants. They commission a 6-month discovery phase. They produce a 200-page requirements document. They get vendor quotes. The number comes back: $5–10 million, 12–18 months, and a history of failure rates that would ground any airline.
And the project gets shelved. Again.
of modernisation projects exceed budget and timeline
Hexacorp
average cost overrun on modernisation projects
Hexacorp
cost overrun in catastrophic failure cases
Hexacorp
Source: Hexacorp, "Legacy System Modernization Risk Guide"
Sixty-five percent of modernisation projects exceed budget and timeline, with average cost overruns reaching 62%14. In catastrophic failures—which are not as rare as you'd hope—overruns reach 447%15. The Cutter Consortium's assessment is characteristically blunt: "Conventional redesign and rewrite approaches for legacy modernisation will have failure and overrun rates no better than for other conventional projects, and may well be worse."16
The root cause is buried in the discovery process itself. Traditional legacy modernisation begins with meetings. Lots of meetings. Stakeholders describe what the system does, business analysts document it, and architects sketch a replacement.
The problem? Meeting-based discovery captures what people say the system does, not what it actually does. Requirements documents are stale the day they're finished. The 12–18 month delivery timeline means the business has moved on by the time the replacement arrives. And the finale—a big-bang cutover—is the highest-risk deployment pattern in software engineering.
Even government auditors see the trap. The U.S. GAO warns: "Until agencies fully document modernisation plans for critical legacy IT systems, their modernisation initiatives will have an increased likelihood of cost overruns, schedule delays, and overall project failure."17 But the documentation itself becomes a bureaucratic industry—consuming months of effort to produce artefacts that describe yesterday's reality.
The Traditional Path
Result: 65% over-budget, 447% catastrophic overrun risk
What If the Economics Changed?
That's what the rest of this book is about.
Most organisations end up in the same place: maintain by default.
This isn't a decision. It's avoidance. And the economics of avoidance get worse every year as maintenance compounds, the workforce shrinks, and competitors who escaped the trap pull further ahead.
"Nobody got fired for commissioning a requirements phase."
But perhaps they should have been.
The paradox is stark: 95% of ATM swipes run on legacy systems, 70% of Fortune 500 transaction processing depends on COBOL, but the workforce to maintain these systems is vanishing18.
Every year you wait:
The direction of travel is clear. The U.S. Social Security Administration has committed to a $1 billion AI-assisted upgrade of its legacy COBOL codebase19. Amazon used AI agents to modernise thousands of legacy Java applications "in a fraction of the expected time"20. Even government—historically the slowest-moving sector—is committing to AI-driven legacy replacement.
If maintenance is $2M/year and rising, the workforce is retiring at 10% annually, and traditional replacement has a 65% failure rate with potential 447% overruns…
What if the economics of replacement have fundamentally changed?
That's Chapter 2.
McKinsey says a $100M modernisation now costs less than half with AI. But the real story is that maintenance became the risky bet.
McKinsey reports that a transaction processing system that would have cost $100 million to modernise now costs less than half when using generative AI33. That's the headline. But the headline buries the real story.
The real story isn't that replacement got cheaper. It's that maintenance is now the risky bet. Replacement has flipped from "expensive gamble" to "measurable convergence." This chapter makes the economic case that the flip has already happened—and waiting costs more than acting.
Source: Vertu, "Claude Opus 4.5 vs GPT-5.2 Codex"
The single best thing AI is good at right now is coding. It's astronomically capable. It keeps up with the best elite programmers on the planet—and then you can parallelise it and meta-manage it. It's off the charts.
That's not aspiration. It's measurement. Claude Opus 4.5 achieves 80.9% on SWE-bench Verified—the first AI model to exceed 80% on this real-world coding benchmark34. GPT-5.2 Codex sits at 80.0%35. These aren't toy benchmarks. SWE-bench Verified tests issue-resolution on real open-source repositories—the kind of practical engineering work that matters for system replacement.
But raw model capability isn't even the most important number. Architecture is.
Andrew Ng's research demonstrates that GPT-3.5, used in single-shot mode, achieves just 48.1% on HumanEval coding tasks. Wrap that same model in an agentic workflow—a loop that generates, evaluates, critiques, and refines—and it jumps to 95.1%36.
Read that again: a weaker model in an iterative agent loop outperforms a stronger model used in single-shot mode. The orchestration IS the capability.
This validates the entire nightly build approach to legacy replacement. The question isn't "can one AI write perfect code?" It's "can a loop of AI agents converge on correct code through iteration?" The answer is demonstrably yes.
Anthropic's own custom harness improves Opus 4.5 performance by 10 percentage points compared to standard frameworks37—further evidence that orchestration architecture is as important as the underlying model.
Elite developers are already working at this level. One documented case: 11,900 lines of production code generated without opening an IDE38. OpenAI's internal Agent Builder was developed in under six weeks, with Codex writing 80% of the pull requests39. GitHub Copilot users complete tasks 56% faster40.
The question has shifted from "can AI write code?" to "how do we orchestrate AI coding at scale?"
AI capability alone doesn't flip the economics. The cost collapse does.
Source: Swfte AI, "AI API Pricing Trends 2026"
LLM inference prices have fallen between 9x and 900x per year depending on the benchmark, with a median decline of 50x per year across all benchmarks. After January 2024, this accelerated—the median decline increased to 200x per year41.
What this means for legacy replacement: the compute cost of running parallel coding agents overnight is falling faster than anyone predicted. The same nightly build workflow that might cost $500 today in API calls could cost $2.50 next year at the same scale.
Individual AI coding is impressive. Parallelised AI coding is transformational.
Multi-agent coding systems now handle 50,000+ line codebases that choke single agents42. Tens of instances of AI running in parallel—being orchestrated to work on specifications, documentation, the full CI/CD lifecycle—condensing a month of teamwork into a single hour43.
One case study accelerated development by 48x, reducing time from months to days and producing over 100 AI models per year compared to a previous capacity of 2–5 models annually with traditional methods44.
And this isn't niche. Gartner reports a 1,445% surge in multi-agent system inquiries from Q1 2024 to Q2 2025. By the end of 2026, 40% of enterprise applications will include task-specific AI agents, up from less than 5% in 202545.
| Annual maintenance | $2M+ (rising 20%/yr) |
| Traditional replacement | $5–10M |
| Timeline | 12–18 months |
| Failure rate | 65% over-budget |
| Workforce | Aging, irreplaceable |
| Decision | Maintain (cheaper short-term) |
| Annual maintenance | Still $2M+ (still rising) |
| AI-driven replacement | < half traditional cost |
| Timeline | Months, not years |
| Risk profile | Measurable convergence |
| Model improvement | Same spec → better code |
| Decision | Replace (cheaper AND lower risk) |
Senior-engineer-level performance on real-world benchmarks (80.9% SWE-bench Verified). Not "good enough for demos"—good enough for production systems.
One night of parallel AI coding agents equals weeks of human effort. 48x acceleration documented in case studies. "Month to hour" compression at scale.
Specifications are durable while code regenerates with each model improvement. Today's specs produce better code tomorrow—automatically and for free.
200x annual price decline means overnight batch runs are cheap and getting cheaper. The economics improve continuously without any additional investment.
You don't trust the AI. You trust the tests. Same governance model as human developers—code goes through PR review, CI/CD, and testing. Existing SDLC applies.
The fifth factor deserves emphasis. The governance problem that kills chatbot projects—"how do you trust real-time AI with customers?"—doesn't exist here. Code goes through the same review, testing, and deployment pipeline you already use. We don't really trust developers either. We test their code and review their PRs. We check in PRs. We don't just let them do whatever they want. A good AI is quite analogous to a developer that you don't trust.
Here's the counter-intuitive truth that most executives get backwards: the legacy replacement—the project that looks enormous and scary—is actually safer than the "simple" chatbot that looks like a quick win.
The chatbot looks simple because the interface is simple. One text box. But underneath, it's a public-facing stochastic actor with infinite input space, real-time expectations, compliance exposure, and adversarial users. That's the boss fight.
Legacy replacement, by contrast, sits squarely in AI's lane:
This maps directly onto what we call the Cognition Ladder46. Rung 1—competing with humans in real-time—has a 70–85% failure rate. That's the chatbot. Rung 2 and 3—augmenting in batch and transcending what was previously impossible—are where AI wins. Legacy takeover is squarely Rung 2–3: batch observation, overnight code generation, human review in the morning. Every characteristic that makes AI strong is present.
Integrity demands a caveat before moving on.
Experienced open-source developers using AI tools actually took 19% longer to complete tasks on their own repositories—while believing they were 20% faster. A perception gap of nearly 40 percentage points47.
Industry analysis confirms the pattern: "The 'average' speedup reported in broad market surveys is likely driven by the massive volume of low-complexity, boilerplate tasks where AI is a force multiplier. The slowdowns are concentrated in the 'critical path' engineering—the deep logic that defines the system's reliability."48
What this means for legacy replacement: AI excels at new code generation and boilerplate—exactly what nightly builds produce. It's less effective at surgical edits to complex existing systems—exactly what you're not doing. The approach described in this book sidesteps the productivity paradox entirely: you're not asking AI to understand and modify legacy code. You're asking it to generate fresh code from clean specifications.
The deepest advantage of AI-driven replacement isn't speed or cost. It's that specifications appreciate while code depreciates.
When a nightly build reveals a gap—a missing business rule, an edge case the test suite didn't cover—you don't patch the code. You fix the specification, add a characterisation test, and let the next nightly build regenerate everything. Each improvement to the spec produces better output. Each model improvement produces better output from the same spec. The specification is an appreciating asset49.
Contrast this with traditional development. A $5M codebase written by humans in 2024 doesn't get better in 2025. It gets more expensive to maintain. A specification that generates code through AI agents gets better every time the models improve—automatically, at no additional cost.
"Specifications remain durable while code regenerates with model improvements. Today's specs get better code tomorrow—for free."
Maintain
$2M/year rising, workforce-dependent, no compounding, increasing risk
Replace with AI
Fraction of cost, measurable convergence, improving economics, existing governance
The question is no longer "can we afford to replace?"—it's "can we afford NOT to?"
Next: How the five-phase pipeline actually works.
In regulated industries, legacy governance risk isn't secondary. It's the risk that can shut you down.
Your auditor asks three questions about your legacy system:
If your answers are "it's complicated," "we haven't tested it," and "probably the same person"—you don't have a legacy system. You have a compliance breach waiting to be discovered.
Chapter 1 made the economic case. Chapter 2 made the capability case. This chapter makes the governance case—because in regulated industries like insurance, finance, and healthcare, governance risk is the one that can shut you down entirely.
Most legacy systems were built in an era when "observability" wasn't a concept. They were built to work, not to be visible.
"The original architects focused on making things work, not on making them visible. They built functional systems that operate like black boxes."
This creates three distinct blind spots that compound into a governance nightmare:
You can't see what's happening inside the system when things go wrong. Is it processing? Stuck? Corrupted? The system is either "running" or "down"—with no gradient in between.
You can't measure the user experience impact of technical problems. Performance degradation is invisible until someone complains—or worse, until a customer notices.
You can't predict what will break before it breaks. No anomaly detection, no trend analysis, no early warnings. Failures are always surprises.
Source: CIO, "Bridging Observability Gaps"
The financial reality of blindness is staggering. In 2025, one in eight enterprises loses over $10 million per month to undetected disruptions linked to observability gaps21. You can't manage what you can't see. And you can't govern what you can't audit.
Legacy systems run on end-of-life software that no longer receives security patches. This isn't a theoretical risk—it's an actively exploited attack vector.
new vulnerabilities per end-of-life image every 6 months
HeroDevs
of CISA's exploited vulnerabilities linked to end-of-service software
Automox
of data breaches linked to unpatched vulnerabilities
ModLogix
of 2026 ransomware incidents traced to outdated systems
Integrity360
An average end-of-life software image accumulates 218 new vulnerabilities every six months after support ends22. Nearly 46% of CISA's Known Exploited Vulnerabilities catalogue are linked to end-of-service software23. Unpatched vulnerabilities are linked to 60% of data breaches, with 44% of exploits targeting vulnerabilities that are 2–4 years old24. In 2026, 54% of ransomware incidents were traced back to outdated or poorly patched systems25.
The U.S. Government Accountability Office flagged 10 "critical" legacy IT systems years ago. Most still haven't been modernised. These systems "used outdated languages, had unsupported hardware and software, and operated with known cybersecurity vulnerabilities."26 If the U.S. federal government can't secure its legacy systems with effectively unlimited resources, mid-market companies with $2M budgets certainly can't.
Separation of duties (SoD) is fundamental: no single person should be able to initiate, approve, and complete a sensitive transaction. It's required by SOX, APRA, GDPR, and virtually every compliance framework27.
Modern systems enforce SoD through role-based access control, workflow approvals, and audit logging. When roles are well-defined and duties are separated, audit trails become clearer—auditors can trace actions back to specific individuals.
Legacy systems? Not so much.
The regulatory landscape is tightening. GDPR fines reached €5.65 billion cumulatively by March 2025, with 80% of 2024 fines linked to security lapses28. California's Insurance Consumer Privacy Protection Act (2025) specifically targets the insurance industry with privacy protections exceeding general privacy laws29. The EU AI Act becomes fully applicable August 2026, establishing risk-based obligations for high-impact systems—legacy systems processing insurance claims or medical data will be squarely in scope30.
"Your legacy system's security model was designed in 1998—before SOX, before GDPR, before APRA CPS 234. It predates the compliance framework it's supposed to satisfy."
Modern cloud-native applications can be replicated, containerised, and failed over in minutes. Legacy systems on proprietary hardware? That's a different story entirely.
AS400/iSeries disaster recovery requires specialised infrastructure, specialised skills, and specialised vendors—all of which are scarce and expensive31. Most businesses don't regularly test their DR plans—many skip backups, delay failover testing, or lack specialised staff to act when disaster strikes32.
| Dimension | Legacy DRP | Modern DRP |
|---|---|---|
| Recovery time | Hours to days (if tested) | Minutes to hours |
| Hardware dependency | Proprietary, matched hardware | Cloud-native, any infrastructure |
| Testing frequency | Rarely (expensive, disruptive) | Regular (automated) |
| Staff required | Specialised (scarce, aging) | Standard DevOps skills |
| Cost | $100K–$500K+ annually | Built into cloud hosting |
| Vendor dependency | Single vendor, pricing leverage | Multi-cloud, competitive |
The honest question for the board: "If this system fails catastrophically on a Friday afternoon, when does it come back? Who does the recovery? Have we tested this?"
Chapter 1 covered the workforce demographics. This chapter covers the governance risk of that concentration.
The scenario in regulated industries: one person understands the batch job that generates regulatory reports. One person knows how to recover the system from backup. One person can interpret the error codes. One person holds the admin credentials. That's not a staffing issue. That's a governance failure.
In any compliance framework, concentrating critical operational knowledge in a single individual—with no documented procedures, no tested succession plan, and no separation of duties—is a material risk.
The 5-phase pipeline described in Part II doesn't just replace the system—it replaces the knowledge concentration:
Replacement solves what maintenance never can:
| Dimension | Legacy (Maintained) | Modern (Replaced) |
|---|---|---|
| Observability | Black box | Full telemetry & alerting |
| Access control | Shared accounts, god-mode | RBAC, least privilege, MFA |
| Separation of duties | Same person initiates & approves | Enforced workflow gates |
| Audit trail | Incomplete, proprietary | Complete, structured, queryable |
| Data protection | Plaintext, no masking | Encryption & tokenisation |
| Disaster recovery | Specialised, untested | Cloud-native, automated, tested |
| Staff dependency | Single point of failure | Standard skills, documented |
| Compliance posture | Predates modern frameworks | Designed for current requirements |
The traditional framing asks "can we afford to replace this system?" The governance framing asks the harder question: "Can we afford to keep running a system that can't be audited, can't be secured, can't be recovered, and depends on one person who's approaching retirement?"
In regulated industries, the second question outweighs the first. The system isn't just expensive—it's non-compliant. And the gap between what regulators require and what legacy systems provide is widening every year as compliance frameworks evolve.
Many organisations "pass" audits on legacy systems through compensating controls: manual procedures, additional sign-offs, paper-based approvals layered on top of systems that can't enforce them. These compensating controls are expensive (labour-intensive), fragile (depend on people following procedures), and fundamentally dishonest—they satisfy the letter of compliance without the spirit.
The AI-driven pipeline replaces compensating controls with architectural controls: access is enforced by the system, not by policy. Audit trails are automatic, not manual. Separation of duties is enforced by workflow, not by trust.
Score your legacy system against modern governance requirements:
| Show who accessed what data, when | Yes / Partially / No |
| Enforce SoD for financial transactions | Yes / Partially / No |
| Encrypt PII at rest and in transit | Yes / Partially / No |
| Produce compliance reports on demand | Yes / Partially / No |
| Test disaster recovery quarterly | Yes / Partially / No |
| Recover from total failure within 4 hours | Yes / Partially / No |
| Operate without one specific person | Yes / Partially / No |
| Receive security patches from vendor | Yes / Partially / No |
6+ "Yes": Better governed than most legacy systems.
3–5 "Yes": Significant governance gaps.
0–2 "Yes": Compliance breach waiting to happen. The governance case for replacement may be stronger than the economics case.
"One person holding all the knowledge, all the access, and all the recovery capability isn't a staffing issue. It's a governance failure."
Chapter 1: The economics of maintenance are a death spiral.
Chapter 2: AI has flipped replacement into the cheaper bet.
Chapter 3: Governance risk may be the strongest reason of all.
Next: The five-phase pipeline that makes replacement practical—starting with observation.
Phase 1 — Capture what users actually do, not what they say they do.
"Do you think you'd know everything about the legacy system?"
Nearly everything that matters day-to-day, surprisingly fast, with evidence. And you'd have more honest requirements than any meeting could produce.
The answer to the full question—"would you know everything?"—is no. But you'd know nearly everything that matters. And more importantly, you'd know exactly what you don't know. That's the difference between fog-of-war discovery and measurable gap analysis.
Most legacy modernisation fails because it treats requirements as a meeting outcome. This approach treats requirements as an empirical artefact.
Meeting-based discovery captures what people say they do. Observation captures what they actually do. These are not the same thing. Workarounds, shortcuts, tribal knowledge, undocumented processes—all visible in behaviour, invisible in meetings.
Observation isn't just screen recording. It's a multi-layer evidence collection that, combined, produces a more complete specification than any requirements document could.
Screenshots and screen recordings (MP4), keystrokes and shortcuts, mouse clicks and scrolls, screen state transitions, UI element recognition, timing between actions, navigation patterns.
What this gives you: User flows, field mappings, screen states, and the frequency of each workflow.
Data dumps (data model, current records, reference tables), event logs (what happened, when, triggered by whom), API traces (integration flows), config exports (business rules), source code (if accessible).
What this gives you: The data model, business rules, integration contracts, and formal logic.
The combination is the specification:
The combination is more complete than any requirements document because it captures reality, not intention.
This is where AI's superpowers—batch processing, patience, parallelism—transform raw recordings into structured specifications.
Overnight, vision AI decomposes recordings frame by frame. For each frame or transition, it extracts:
This builds slowly into user flows, field mappings, screen states, business rules, and edge cases—all derived from empirical observation.
Beyond passive recording, AI agents can actively explore. Using tools like Playwright, agents navigate applications programmatically—clicking through the UI, discovering user journeys, and taking screenshots50. This creates an additional discovery layer: the AI itself finds paths that users might not have demonstrated during recording.
As Thoughtworks frames it: "Looking at systems purely from a behavioural standpoint is a useful way of thinking about reverse engineering the existing behaviour of an application."51
And the tools already exist at scale. Celonis Task Mining collects data by recording user activities through a workforce productivity app, automatically creating a dataset with screen records52. Skan.ai combines human task data with system-driven activities to create a complete picture of operational flow53.
Don't rely on one person's usage. Record across multiple staff members to capture different roles and permission levels, different workflows for the same task (individual workarounds), edge cases encountered naturally, and frequency data—which workflows happen daily versus weekly versus monthly.
A week of capture across 5–10 staff gives substantial workflow coverage. A month adds the monthly processes: month-end reconciliation, reporting cycles, and the seasonal flows that only surface under specific conditions.
Honesty demands acknowledging the limits. UI recordings will nail 80% of day-to-day workflows fast. Most users repeat the same patterns daily. The coverage comes quickly and with high confidence.
The long tail is where the legacy monster lives:
But here's why this is still dramatically better than meetings: with meetings, you miss the same long-tail items plus you get inaccurate descriptions of the 80% you could have captured directly. Observation gives you evidence-backed coverage of the common paths plus a measurable gap list for the uncommon ones.
The key advantage: you know what you don't know. The gap is measurable, not a fog of war. And the nightly build machinery described in Chapters 5 and 6 is exactly how you hunt the long tail—through diffs, gap detection, and active exploration in subsequent iterations.
"Observed behaviour is more honest than meeting requirements—the system confesses its actual rules through use."
Days 1–2: Setup
Install recording tools (Skan.ai, Celonis, or simple screen recording + keystroke logging) on 5–10 workstations across different roles. Configure data dump and log export scripts.
Days 3–7: Capture
Staff work normally. Recordings accumulate. Data dumps and log exports run in parallel. No disruption to daily operations.
Nights 1–7: AI Decomposition
AI decomposes each day's recordings: frame extraction, UI element recognition, workflow identification, field mapping. Runs overnight in batch—exactly AI's sweet spot.
End of Week: First-Pass Inventory
Workflow inventory with frequency data. Screen catalogue with field mappings. Auto-generated user flow diagrams. Business rule candidates. Data model sketch. And crucially: a gap list—what's NOT yet captured.
A month of capture adds the monthly processes (reconciliation, reporting, exception handling), deeper statistical pattern recognition (frequency, average time per task, exception rates), edge cases that only surface under specific conditions, and integration behaviour over a full business cycle.
You've observed the legacy system in action. You have workflows, field mappings, business rule candidates, and a measurable gap list. Raw material.
Now you need to convert that into something executable. The real specification isn't a document—it's a test suite.
That's Chapter 5: Hypothesise.
Phase 2 — Convert observations into executable specifications that can't be argued with at 2am.
Written specs are useful. But tests are the part you can't argue with at 2am.
When a nightly build fails at 3am, nobody pulls up the requirements document. They pull up the test suite. The test suite IS the specification—it's the only specification that's executable, falsifiable, and unambiguous.
This chapter covers Phase 2 of the pipeline: converting raw observations into executable specifications. The output isn't a 200-page document. It's a test harness that captures how the legacy system actually behaves.
Phase 1 delivered raw material: workflow inventories, field mappings, business rule candidates, a data model sketch, and a gap list. Phase 2 converts this into a layered specification—not a document, but a hierarchy of increasingly precise, testable assertions.
"As a [role], I use [screen] to [accomplish task] by [entering data] and [triggering action]." Auto-generated from observed workflows. Each story linked to specific recordings for traceability.
Entities, relationships, field types, validation rules. Extracted from data dumps and observed field behaviour. AI identifies business-critical logic buried in code—calculations, data transformations, conditional flows—and represents them in human-readable form55.
"If [condition], then [action]." Inferred from observed behaviour patterns and cross-referenced with source code analysis. AI tools can scan thousands of lines of legacy code and produce concise specifications of current business rules, along with unit tests56.
"Given [input], when [action], then [expected output]." These ARE the specification. Directly derived from observed input/output pairs. Executable, falsifiable, unambiguous.
This hierarchy maps cleanly to the Progressive Resolution approach57: intent before architecture, architecture before components, components before detail. Don't advance until the current layer passes its stabilisation gate. Stabilise the domain model before specifying field-level rules. Stabilise business rules before generating code.
Characterisation testing—also known as Golden Master testing—is a means to describe the actual behaviour of an existing piece of software and protect existing behaviour against unintended changes via automated testing58.
How it works: observe what the legacy system does for a given set of inputs. Write a test asserting that the replacement system produces the same output. That's it. The legacy system IS the oracle59.
When these disagree—and they will—the characterisation test wins. Because users have been relying on actual behaviour, not documented intention.
For each observed workflow:
After establishing a Golden Master suite, you can modernise with confidence. As understanding deepens, you add finer-grained tests further down the pyramid—from coarse "does the output match?" comparisons to precise unit tests60.
This approach is relatively easy to implement for complex legacy systems and works for complex outputs like PDFs, XML, and images61.
Step 1: Observe
User enters invoice #12345 into the legacy system. System displays: customer "Acme Corp", line items, total $4,567.89, GST $456.79, status "Pending Approval".
Step 2: Capture as Golden Master
Step 3: Test the Replacement
Feed the same input to the new system. Compare output field-by-field. Flag any differences for human review. The test captures not just "the invoice screen works" but the specific calculation logic, GST handling, and status determination.
The code is ephemeral. You steer at a higher level63.
The specification plus test suite is the durable asset. Code is generated from it nightly. When the spec improves, all code improves automatically. This is the opposite of traditional development, where code IS the asset and specs are stale documents gathering dust.
| Scenario | Traditional (Patch Code) | Pipeline (Fix Spec, Regenerate) |
|---|---|---|
| Fix a bug | Patch the code (fragile) | Fix the spec, regenerate (structural) |
| Models improve | Code doesn't get better | Same spec → better code (free) |
| Requirements change | Surgery on existing code (expensive, risky) | Update spec, regenerate (cheap, clean) |
The delete test makes this concrete: "If I deleted all the generated code, could I regenerate it at will from my spec and test suite?" For this pipeline, the answer should always be yes. The test harness captures legacy behaviour. The spec captures what to build. The code is regenerated nightly.
When source code is available, deeper analysis is possible. Abstract Syntax Tree (AST) techniques allow AI to infer and formally document critical business rules and map all data dependencies64. Execution traces captured via symbolic execution engines provide runtime behaviour data—data flows, state transitions, and decision paths at a deeper level than screen recording alone65.
But human validation remains critical throughout.
"AI accelerates the heavy lifting—analysis, translation suggestions, doc generation—but experienced developers and architects must validate, interpret, and guide the transformation."66
The balance: AI does the exhaustive capture and initial spec generation. Humans review, correct, and validate. Domain experts—the remaining legacy knowledge holders—review specs each morning and correct misinterpretations. Their knowledge gets encoded in the spec permanently. Not lost when they retire.
Before proceeding to Phase 3 (Build), verify:
"The real specification isn't a document—it's a test suite. Written specs are useful, but tests are the part you can't argue with at 2am."
You have an executable specification: a test harness that captures how the legacy system actually behaves, a domain model, business rules, and coverage metrics.
Now you need an army of coding agents to turn that spec into a working system—overnight, every night, converging closer each iteration.
That's Chapter 6: Build.
Phase 3 — An army of parallel coding agents, turning specifications into working systems overnight.
“An army of coding bots in parallel, coding up the specification changes from last night. Every day, a beta cut of the legacy system replacement.”
This is Phase 3 of the pipeline—and it’s where the economics become visceral. One night of parallel AI coding agents produces what would take a human team weeks. And because the code is regenerated from spec, every night’s build incorporates every improvement to date.
You have an executable specification from Phase 2. You have a test harness that captures legacy behaviour. Now you need to convert those into a working system—not once, but every night, each build converging closer to production-ready.
Multiple AI coding agents working simultaneously on different modules67. Each agent gets an independent copy of the code—a separate worktree providing true isolation68. One agent generates code while another writes tests, a third handles documentation, and a fourth reviews for security issues. All happening simultaneously43.
Tens of instances of AI running in parallel—being orchestrated to work on specifications, documentation, the full CI/CD DevOps lifecycle—condensing a month of teamwork into a single hour43.
This isn’t theoretical. Optimists report building complete projects in three days with swarms handling 50,000+ line codebases that choke single agents42. The parallel architecture removes the bottleneck of sequential processing and turns the 10-hour overnight window into a massive throughput multiplier.
A single AI agent working serially is still fast, but bounded. Ten parallel agents working on ten modules simultaneously deliver roughly 10x throughput, minus coordination overhead. The nightly window—say 8pm to 6am, a solid ten hours—gives enough time for multiple parallel passes, each building on the previous.
But speed alone isn’t the point. Parallel agents enable specialisation. Instead of one agent doing everything, you can assign:
The orchestrator is the boss, not any individual agent. It assigns modules to agents based on the spec, manages dependencies between modules, collects results and runs integration tests, detects conflicts and resolves them, and triggers re-generation when tests fail.
You can parallelise it, and then you can meta-manage it. It’s just off the charts capable. The meta-management—the orchestration—is what makes the swarm coherent rather than chaotic69. Without an orchestrator, you get 10 agents producing 10 different interpretations of the same system. With an orchestrator enforcing shared contracts, you get a unified system built at 10x speed70.
Without progressive resolution, the coding army produces spaghetti. With it, structure stabilises before detail, and structural problems get caught before code investment57.
Applied to code generation, the resolution layers look like this:
What does this module do? Derived directly from the spec. One sentence that captures the purpose.
Major architecture decisions: APIs, data model, integration points. The shape of the system before any implementation detail.
Each component’s interface, dependencies, and contracts. How the modules talk to each other.
Function signatures, data flows, error handling patterns. The bones of the implementation.
Detailed implementation plans for each function. Field mappings, validation rules, edge case handling.
Final implementation. Generated last, against stable foundations. Regenerated nightly.
The rule that prevents spaghetti: “Don’t advance until the current layer passes its stabilisation gate.”
Humans review gate decisions each morning. The AI proposes, humans approve advancement. Nobody moves to L5 code generation until L1 architecture is stable and validated.
Here’s what one night looks like, end to end71.
Repeat nightly. Each cycle converges closer to production-ready.
5pm — Spec Freeze. Today’s spec changes are finalised: new characterisation tests from morning review, corrected business rules, resolved gaps. The spec is the “source of truth” for tonight’s build.
6pm — Build Starts. The orchestrator assigns work to parallel coding agents. Each agent receives its module spec, characterisation tests, and integration contracts. Agents work independently in isolated worktrees—they can’t interfere with each other.
6pm–2am — Coding. Agents generate or regenerate code from spec. Each agent runs its own unit and module tests as it works. Self-critique loops let the agent evaluate its own output, detect issues, and iterate. Agents that finish early take on additional modules or perform cross-module review.
2am–5am — Integration and Testing. The orchestrator merges all modules. The full characterisation test suite runs against the integrated build. Integration tests verify cross-module behaviour. Data migration scripts run against a snapshot of live data. A diff report is generated: what changed from last night’s build and why.
6am — Build Complete. New beta cut available. Test results summary ready for human review. Diff report highlighting changes, new passes, new failures. Gap report showing which characterisation tests still fail—the convergence metric.
9am — Human Review. The team reviews the beta cut, test results, and diff report. Test failures are analysed: is this a spec gap, a generation error, or a genuine edge case? Spec updates are queued for today’s spec freeze, feeding tomorrow’s build. Decision: is this build an improvement? Keep or roll back to yesterday’s?
“Once you call it a ‘nightly build,’ you suddenly inherit 20 years of software hygiene for free.”
This is the concept that changes everything about how you think about legacy replacement: the code is not the asset. The specification and test harness are.72
When a nightly build reveals a gap—a missing business rule, an edge case the test suite didn’t cover—you don’t fix the code. You fix the specification, add a characterisation test, and let the next nightly build regenerate everything. The regenerated code is clean. No accumulated patches. No spaghetti. No technical debt.
This is the “Nuke and Regenerate” principle in practice: specifications remain durable while code regenerates with model improvements49. If the spec is right, the code will be right—verified by the characterisation tests. And when AI models improve, the same spec automatically produces better code. No additional investment required.
Language matters because it activates the right mental models. When you say “legacy modernisation project,” people hear “18 months, $5 million, coin flip.” When you say “nightly convergence loop,” they hear “CI/CD, measurable, iterative.”
| Old Language | New Language |
|---|---|
| Legacy modernisation project | Nightly convergence loop |
| Requirements document | Executable specification (test suite) |
| Development sprint | Overnight build cycle |
| Code review | Morning verification |
| Release candidate | Tonight’s beta cut |
“AI recommendations” sounds like magic that should just work. “Nightly decision builds” sounds like engineering that needs discipline. The same reframe applies here: calling it a “nightly build” immediately activates 20 years of CI/CD muscle memory in any engineering organisation.
The deepest advantage of the nightly build pipeline isn’t speed or cost. It’s that specifications appreciate while code depreciates.
Today: Your spec generates working code via current AI models.
Six months from now: The same spec generates better code via improved models—for free. No changes to the spec required. The code quality improves automatically because the models improve.
Compare to traditional development: A $5M codebase written by humans in 2024 doesn’t get better in 2025. It requires ongoing maintenance just to stay the same quality. The economics run in opposite directions.
With LLM inference costs falling 200x per year post-January 202441, the economics improve on both axes simultaneously: the code gets better AND cheaper to generate. A nightly build that costs $500 today in API calls might cost $2.50 next year at the same scale.
This is the “delete test” for your pipeline: if you deleted all the generated code, could you regenerate it at will from your spec and test suite? For this pipeline, the answer should always be yes.
By framing legacy replacement as a CI/CD pipeline, you inherit decades of software engineering discipline for free.
| CI/CD Concept | Legacy Takeover Equivalent |
|---|---|
| Nightly build | Overnight coding agent run producing new beta cut |
| Regression test | Characterisation tests comparing new system to legacy behaviour |
| Canary release | Route 5% of traffic to new system via Strangler Fig (Chapter 7) |
| Rollback | Revert to previous night’s build |
| Diff report | What changed in the replacement system and why |
| Quality gate | Golden Master tests must pass before beta is deployable |
What this mapping buys you:
Each nightly increment follows a mini-waterfall: spec → generate → test → review73. Agile iteration happens at the day level—each day is a full cycle. But within each day, the process is spec-driven and deterministic. When generation is cheap and surgery is expensive, you optimise for spec clarity and ruthless evaluation harnesses.
“Remembering the code is ephemeral, you steer at a higher level using progressive resolution.”
The nightly coding army produces a beta cut every morning. But a beta cut isn’t a production system. It needs to be verified against the legacy system’s actual behaviour, tested with real data, and promoted through a controlled cutover.
You don’t need perfection. You need convergence. And convergence is something machines are annoyingly good at, provided you give them a scoreboard.
That’s Chapter 7: Verify and Promote.
Phases 4 & 5 — You don’t need perfection. You need convergence. And convergence is something machines are annoyingly good at, provided you give them a scoreboard.
The traditional modernisation mindset demands: “It must be complete and perfect before we switch.” This mindset is why projects take 18 months and still fail.
The alternative: measurable convergence through nightly builds, where each day’s build is closer to production-ready than yesterday’s—and you can prove it with numbers. Not hope. Not a project manager’s Gantt chart. Numbers.
You don’t have to trust AI to build code because you’ve built a test harness76. You’ve built SDLC and you can inspect the code. You don’t need to trust AI.
This removes the trust problem that kills other AI deployments—chatbots, autonomous agents, customer-facing systems. The governance model is identical to what you already use for human developers: code goes through PR review, automated tests must pass, human review before promotion, rollback if something goes wrong.
We don’t really trust developers either. We test their code and review their PRs. We check in PRs. We don’t just let them do whatever they want. A good AI is quite analogous to a developer that you don’t trust.
The AI coding agent IS an untrusted developer—one that works overnight, never gets tired, and produces reviewable artefacts. Existing SDLC governance applies without modification. No new governance frameworks needed. This is governance arbitrage: routing AI value through existing engineering controls rather than inventing new governance theatre.
Convergence is what separates this approach from traditional modernisation. Instead of “we’re in requirements” or “we’re in testing”—vague phases with no quantified progress—you have a single number that tells you exactly how close you are to production-ready80.
The convergence metric is the scoreboard. It’s visible, unambiguous, and tells you exactly how close you are to production-ready. Traditional modernisation has no equivalent metric. You’re either “in requirements” or “in development” or “in testing”—with no quantified progress indicator.
Each morning, the human review identifies why tests fail:
The characterisation test is correct but the spec doesn’t cover this scenario. Action: Update the spec.
The AI produced incorrect code for a valid spec. Action: Improve the spec’s clarity or add constraints.
A real behaviour wasn’t captured in Phase 1. Action: Add a characterisation test from new observations.
A scenario that’s legitimately complex. Action: Assign to domain expert for spec clarification.
Each morning’s findings become tonight’s spec improvements. Tomorrow’s build is closer to done. The loop is self-correcting: gaps don’t accumulate, they shrink. The unknown surface area decreases measurably each cycle.
After the first 80% converges quickly, the remaining 20% requires active hunting. Techniques for finding it:
“You don’t need perfection—you need convergence. And convergence is something machines are annoyingly good at, provided you give them a scoreboard.”
Not coding. Reviewing, validating, directing.
| Time | Activity |
|---|---|
| 5 minutes | Scan build summary and convergence metric. Is the trend positive? |
| 15 minutes | Review the diff report. Do the changes make sense? Anything alarming? |
| 30 minutes | Investigate newly failing tests. Is this a spec gap or a generation error? |
| Remaining | Functional testing of new capabilities in the beta cut. Does it “feel right”? |
Accept the build
Convergence improved, no regressions, ready for next cycle.
Reject the build
Something broke that worked before. Rollback to yesterday’s build, investigate.
Pause the pipeline
Fundamental architectural issue discovered. Fix at the right Progressive Resolution layer before continuing.
Humans provide what AI can’t: business judgment, domain knowledge, the “that doesn’t feel right” instinct81. Humans are NOT reviewing every line of code (that’s the test harness’s job). Humans ARE making strategic decisions: which gaps matter most, when to change approach, when to declare “good enough.”
Even if you can rebuild fast, production cutover is where blood pressure spikes. Big-bang cutovers—“turn off old system Friday, turn on new system Monday”—are the highest-risk deployment pattern in software engineering. 12–18 months of development leading to a single high-stakes moment. This is how 447% overruns happen77.
The sane pattern is the Strangler Fig approach, coined by Martin Fowler: put a façade (proxy) in front of the legacy system, route some traffic to the new system, and expand gradually74.
The key principle: at every stage, you can reverse79. The proxy routes traffic. If the new system stumbles, route back to legacy. No data loss, no downtime, no panic.
Route 5% of traffic to the new system. Both systems process the same requests. Compare outputs—any divergence triggers an alert. Blast radius: if something fails, only 5% of users affected.
If canary is clean, expand to 25%. Broader coverage catches edge cases the 5% didn’t hit. Human monitoring intensifies during expansion.
Half the traffic on the new system. Legacy still handles the other half. Data sync ensures both systems stay consistent.
New system handles all traffic. Legacy remains available as fallback for 30–60 days. After the holdback period with no issues: decommission legacy.
You benefit from the new system almost immediately—as soon as the first service goes live. The benefits steadily increase over time as more traffic shifts75. Value delivery starts immediately. You don’t wait for 100% completion.
The new system imports data from the legacy system every night. This ensures the new system always has current data—no “data migration day” risk. Both systems stay synchronised during the parallel-running period. Data integrity tests run nightly alongside code tests.
Even during cutover, nightly builds continue. Issues discovered at 50% traffic become tomorrow’s spec improvements. The system converges even while serving production traffic.
| Metric | What It Tells You | Target |
|---|---|---|
| Test pass rate | Overall convergence | >95% before production |
| Nightly trend | Converging or stalling? | Positive over 7-day window |
| New tests/day | Discovery velocity | Declining (fewer gaps) |
| Regression count | Stability | Zero on promoted builds |
| Shadow divergence | Real-world accuracy | <1% on live data |
| Resolution time | Spec improvement speed | Decreasing over time |
Not every test needs to pass to go to production. Apply a tiered approach to error tolerance:
Cosmetic differences, formatting variations, minor UI discrepancies. Threshold: Acceptable—these don’t block production.
Minor logic differences caught in review. Off-by-one rounding, non-critical field variations. Threshold: Must be under 5% of tests.
Data corruption, compliance violations, financial miscalculations. Threshold: Zero tolerance. Any Tier 3 failure blocks promotion.
This prevents “one test failure = stop everything” paralysis while maintaining absolute standards where they matter. Cosmetic imperfection is fine. Financial miscalculation is not.
“You don’t trust AI to build code because you’ve built a test harness. You’ve built SDLC and you can inspect the code. You don’t need to trust AI.”
Observe (capture behaviour) → Hypothesise (executable spec) → Build (nightly coding army) → Verify (convergence loop) → Promote (Strangler Fig cutover).
Five phases. Nightly iteration. Measurable convergence. Existing governance.
Now the question: when does this work in two months, and when does it take longer?
That’s Part III: Making It Real.
Variant 1 — When the conditions are right, two months from legacy to modern is realistic. Here’s exactly when and why.
“I think I could do an AI takeover of an application like that in a couple of months, doing nightly builds of an army of AI coding agents from a spec, using progressive resolution.”
Two months sounds aggressive. It IS aggressive. But for a specific class of legacy application—bounded, internal, with accessible data and available SMEs—it’s plausible. This chapter maps exactly when the two-month timeline holds, what it delivers, and what disqualifies an application from this category.
Not every legacy application qualifies for a two-month takeover. The characteristics that make it achievable are specific and identifiable:
Not customer-facing, not integrated into 50 other systems. Used by a known group of staff for defined purposes.
Talks to 2–5 other systems via known interfaces. Not 50 undocumented connections.
Dozens of tables, not thousands. Business logic is significant but not labyrinthine.
Staff do 10–20 core tasks. There’s a long tail, but the core is well-defined and covers 80%+ of daily use.
You can get to the UI, the database, the event logs, and ideally the source code.
The people who know the system are still employed. This is the clock that’s ticking—start while they can validate the spec.
A client asking about RPG programming on AS400/Power Series. Nobody in the organisation wants to run that technology. Falling behind on governance and security.82 Escalating costs for specialised hardware and scarce skills. This is the archetype: a bounded LOB app that’s become a liability, sitting on technology that’s aging out faster than the workforce.
Red Flags (Move to Chapter 9)
If you face TWO or more of these: this is Chapter 9’s territory, not Chapter 8’s.
Green Flags (Two Months Is Realistic)
Most of these conditions met = proceed with confidence.
Set up task mining across 5–10 users covering different roles. Run screen recording and keystroke capture for 10 business days. Export data model, configuration, event logs, source code.
Overnight AI decomposition begins on Day 2—don’t wait for all recordings to complete.
End of Week 2: Workflow inventory covering 80%+ of daily operations. Field mappings. Business rule candidates. Gap list.
Decision point: Based on coverage metrics and gap list, confirm this IS a bounded app. If surprises emerge (undocumented integrations, unexpected complexity), re-scope the timeline or move to Chapter 9 approach.
Convert observations into characterisation tests (Phase 2). Domain expert reviews business rule extraction—corrections incorporated daily.
Progressive Resolution: establish architecture (L0–L1), module boundaries, API contracts. First nightly builds begin mid-Week 3.
End of Week 4: Characterisation test suite covering major workflows. Architecture stable. First beta cuts showing core screens and data model working.
Convergence metric: Typically 50–65% of characterisation tests passing.
Nightly coding army at full speed: 10–20 parallel agents working against stable architecture. Convergence metric climbing: 65% → 75% → 85%.
Morning reviews shifting from “major gaps” to “edge cases and refinements.” Data migration running nightly—live data imported and verified. Long tail hunting via data diffs, exception logging, shadow comparison.
End of Week 6: Beta cut that handles 85–90% of daily operations. Remaining gaps identified and prioritised.
Convergence push: targeting 95%+ characterisation test pass rate. Shadow comparison running: both systems processing same inputs, comparing outputs.
Strangler Fig proxy deployed: 5% canary traffic to new system. Final SME review: domain experts validate business logic on key workflows.
End of Week 8: New system at 95%+ convergence, Strangler Fig at 5–25%, no regressions detected.
Decision point: Proceed to full cutover (expand Strangler Fig to 100% over next 2–4 weeks) or continue nightly builds to close remaining gaps.
Strangler Fig expands: 25% → 50% → 75% → 100%. Legacy system on standby for 30–60 days.
Nightly builds continue—any issues discovered in production become tomorrow’s spec improvements. Decommission legacy when confidence is established.
10–20 core workflows at roughly 50 characterisation tests each = 500–1,000 tests. A coding swarm of 10–20 parallel agents can generate and test significant codebases overnight. The 48x acceleration documented in case studies84 suggests that what once took months of human development compresses to days of AI development.
The limiting factor isn’t generation speed—it’s discovery speed. How fast can you capture and validate the spec? With task mining, the answer is days, not months.
Honesty demands precision about what two months means:
Honest framing: Two months to USABLE. Three months to SOLID. Ongoing nightly builds continue to improve.
Weeks 1–2: Record 12 users across 3 roles. Export AS400 database. Extract RPG source code for AI analysis. Overnight decomposition begins immediately.
Week 3: Characterisation tests generated. The RPG developer reviews business rule extraction—his 30 years of knowledge gets encoded in the spec permanently. This is the critical window: capture his expertise before he retires.
Weeks 4–6: Nightly builds. Python/React replacement taking shape. Data migration scripts converting AS400 data nightly. Convergence climbing steadily.
Weeks 7–8: 93% convergence. Strangler Fig at 25%. The RPG developer is reviewing the new system, not maintaining the old one—his role has shifted from “the only person who can keep it running” to “the domain expert who validates the replacement.”
• Modern Python/React application replacing 15-year-old RPG code
• RPG developer can retire with his knowledge encoded in tests
• New system maintainable by any modern developer
• $180K/year in direct costs eliminated
• Security and governance issues resolved
• Mobile access and modern integrations now possible
Before: Single point of failure, maintaining code nobody else can read.
During: Domain expert reviewing AI-generated specs, validating business rules, catching edge cases.
After: Knowledge permanently encoded in the test harness and spec. Can retire without the company losing 30 years of institutional knowledge.86
Don’t wait for the RPG programmer to retire—start while they can validate the spec.
“I think I could do an AI takeover of an application like that in a couple of months, doing nightly builds of an army of AI coding agents from a spec, using progressive resolution.”
Score your legacy application against these criteria to determine if the two-month timeline applies:
| Factor | Green (Bounded) | Yellow (Caution) | Red (Enterprise) |
|---|---|---|---|
| Users | <20 | 20–100 | 100+ |
| Integrations | <5 | 5–15 | 15+ |
| Database tables | <100 | 100–500 | 500+ |
| Core workflows | <20 | 20–50 | 50+ |
| SME availability | Available daily | Available weekly | Retired / gone |
| Source code | Accessible | Partial | No access |
Mostly green: Two months is realistic. This chapter applies.
Mixed yellow/green: Plan for 3–4 months. Some surprises expected.
Mostly red: Chapter 9 territory. Measured convergence, not a fixed timeline.
The bounded app is the tutorial level. The pipeline works beautifully when scope is contained, data is accessible, and SMEs are available.
For the core system with tentacles everywhere, the approach doesn’t promise two months. It promises you’ll know the size of the problem in two weeks.
That’s Chapter 9.
Variant 2 — For the core system with tentacles everywhere, the approach doesn’t promise two months. It promises you’ll know the size of the problem in two weeks.
That alone is worth more than six months of traditional discovery.
This chapter applies the same 5-phase pipeline to the harder case: the enterprise system nobody fully understands, with undocumented integrations, decades of accumulated logic, and “spiritually compromised” data. The pipeline still works. The timeline stretches. The emphasis shifts from speed to measurable convergence.
The 65% over-budget rate and 447% catastrophic overruns from Chapter 1?87 Those statistics come primarily from enterprise-scale modernisation. The discovery phase alone can take 6–12 months—and still miss critical integrations. Requirements documents for enterprise systems are stale before they’re finished. Big-bang cutovers on enterprise systems are where “catastrophic” failures happen.
The same 5 phases apply: Observe → Hypothesise → Build → Verify → Promote. But the difference is in how they’re applied:
The first sprint isn’t about replacing anything. It’s about understanding what you’re dealing with.
Compare to traditional: after 6 months of meetings and requirements gathering, you often still don’t know these things with confidence.93 The pipeline makes uncertainty measurable in 1–2 weeks rather than 6 months of discovery.
“We need $10M and 24 months. We might be over-budget.”
A leap of faith. No incremental evidence. 65% chance of overrun.
“We need 2 weeks and $50K for an assessment. Then we’ll tell you exactly what each module costs and how long it takes, with measurable milestones.”
Incremental commitment with continuous evidence. A board can actually act on this.
“The approach makes the uncertainty measurable. After 1–2 weeks of capture and harness building, you can estimate the remaining surface area far better than traditional discovery.”
Instead of replacing the entire system at once, replace it module by module. Start with the “greenest” module: bounded, well-understood, limited integrations. Apply the full 5-phase pipeline to that module. Strangler Fig88 routes that module’s traffic to the new system while everything else stays on legacy.
Each successful module builds confidence and proves the approach.
| Priority | Module Type | Why This Order |
|---|---|---|
| 1st | Bounded, simple, high pain | Quick win. Builds confidence. Demonstrates capability. |
| 2nd | Medium complexity, clear interfaces | Extends the modern system. Proves integration works. |
| 3rd | Complex, many dependencies | Hardest, but by now you have proven patterns and infrastructure. |
| Last | Deeply integrated, core logic | Only after everything else works and integration patterns are proven. |
The enterprise system becomes a hybrid during transition: gradually modernising, with each module independently testable and deployable. Legacy and new modules coexist. Data synchronisation between legacy and new happens nightly. Interface contracts between modules are established in the specification phase.
The long tail is where enterprise complexity hides. After the first 80% converges quickly, the remaining 20% requires active, targeted hunting.
| Technique | What It Finds | When to Use |
|---|---|---|
| Historical data replay | Processes that only happen monthly/quarterly | After initial spec is stable |
| Shadow comparison | Real-world divergences on live data | During Strangler Fig cutover |
| Exception logging | Inputs the new system can’t handle | Throughout build phase |
| Batch job mapping | Scheduled processes and their data effects | During observation phase |
| SME deep dives | Tacit knowledge about why things work that way | Especially for test failures |
| Integration tracing | Upstream/downstream data flows and edge cases | After initial integration tests |
The principle: you don’t need to find everything upfront. The nightly build loop IS the discovery mechanism. Each cycle reveals more of the long tail.
The convergence trajectory for enterprise systems looks different from bounded apps:
The key insight: You know exactly where you are on this curve at all times. Traditional modernisation doesn’t.
| Phase | Duration | What’s Happening |
|---|---|---|
| Assessment | 2–4 weeks | Observation, initial decomposition, module classification |
| Module 1 (Green) | 6–8 weeks | Full pipeline on the simplest bounded module |
| Modules 2–3 (Yellow) | 8–12 weeks each | Progressively harder modules, proven patterns |
| Modules 4+ (Red) | 12–16 weeks each | Complex modules, deep integration testing |
| Full transition | 6–18 months total | All modules replaced, Strangler Fig at 100% |
This is still dramatically better than traditional enterprise modernisation: 12–36 months,89 $5–20M, 65% over-budget, with a big-bang cutover at the end. The AI pipeline approach delivers 6–18 months at a fraction of cost, module-by-module delivery,90 and measurable convergence at every stage. Value delivery starts at Module 1—not at “project completion.”
Enterprise legacy systems have the MOST accumulated knowledge, concentrated in the fewest people. Every year: 10% retirement rate.91 Irreplaceable knowledge walking out the door.
• Observation captures what experts DO (not just what they describe)
• Characterisation tests encode their knowledge as executable artefacts
• Spec review sessions permanently record their understanding
• The legacy system’s behaviour IS its specification—and that specification lives in the test harness, not in anyone’s head
• Once encoded, this knowledge survives retirement, turnover, and organisational change
The assessment phase costs very little relative to the risk of doing nothing. For enterprise systems, hidden costs typically far exceed the $300,000 annual threshold where modernisation pays for itself within 18–24 months.92
“Don’t wait for the RPG programmer to retire—start while they can validate the spec.”
Bounded app: Two months from legacy to modern. Enterprise system: Two weeks to know the problem, then module-by-module measured convergence.
Same pipeline. Same principles. Different timelines. Measurable progress at every stage.
The question now is: what do you do on Monday morning?
That’s Chapter 10: Your Next Move.
Everything has changed. It’s a complete reset. The question is what you do about it on Monday morning.
The question isn’t whether AI will replace legacy systems. It’s whether you start while the people who understand yours are still around to validate the spec.
This final chapter pulls together the pipeline, the economics, and the practical steps. No new concepts—just the “what do I do Monday morning?” action list.
10% of legacy specialists retiring annually.91 Average COBOL programmer: 55. RPG programmer: approaching 70.86 Every year you wait, more tribal knowledge walks out the door.
Starting NOW means domain experts validate the spec. Starting in 3 years means you’re reverse-engineering from code alone—much harder, much slower, much less certain.
AI coding capability: 80.9% on SWE-bench Verified today.34 Models improving quarterly. LLM inference costs falling 200x per year.41 The same spec will produce better code tomorrow.
The compounding advantage: Specs written today appreciate in value as models improve. The earlier you start, the more improvement cycles your spec captures.
Legacy costs compound 20% annually.4 Every year of maintenance is $2M+ that could fund the replacement.1 Security gaps widening. Competitors who escaped the legacy trap are moving faster.
The vicious cycle: High maintenance starves the budget for replacement, making the problem worse each year.
Previously, you might have said five years. But everything’s sped up. You can deploy new systems and reimagine your operations in months instead of years. We’re in the singularity. Everything has accelerated.
The convergence of workforce crisis + AI capability + cost collapse creates a window that didn’t exist 2 years ago and may close differently in 2 years, as the workforce disappears further. The best time to start was when the RPG programmer was 60. The second best time is now, while they’re 62 and still available.
| Requirement | Why |
|---|---|
| Access to the legacy system | Can’t observe what you can’t see: UI access, database read, event logs |
| Screen recording capability | Task mining captures user behaviour. Skan.ai, Celonis, or simple recording tools |
| Data export ability | Need the data model and current data: database exports, CSV dumps, API extracts |
| One AI-proficient developer | Someone who can orchestrate the coding army. Internal or consultant. |
| Domain expert availability | Someone who can validate the spec—ideally the legacy maintainer |
| Nightly build infrastructure | Cloud compute for overnight coding agents. Scales to demand. |
| Willingness to run the loop | This is iterative, not waterfall. Executive commitment to the nightly cadence. |
• Install screen recording on 5–10 representative workstations
• Export database schema and sample data
• Begin source code extraction (if available)
• Identify your domain expert—the person who knows the system best
• Staff work normally while being recorded
• AI decomposition of recordings begins on Day 4
• Data analysis: table structures, field types, relationship mapping
• Source code analysis: business rules, data transformations, integration points
• Workflow inventory compiled
• Complexity heat map: which modules are simple, which are complex
• Integration map: what connects to what
• Coverage estimate: what percentage of transactions observed
The deliverable: A one-page assessment: “This is a [bounded / mixed / enterprise] system. Module-by-module timeline is [X]. Estimated cost: [Y]. Confidence level: [Z].”
Proceed to full pipeline. 2-month timeline. Chapter 8 applies.
Plan module-by-module approach. 4–6 month timeline.
Plan measured convergence. 6–18 month timeline. Chapter 9 applies.
Too complex, too many unknowns. Honest assessment—not every system is ready for this approach today.
The cost of this decision: 2 weeks of effort and a modest budget. Compare to: committing $5M and 18 months to a traditional approach with a 65% chance of going over-budget.87
| Phase | What Happens | Bounded | Enterprise |
|---|---|---|---|
| 1. Observe | Record behaviour, export data, analyse source | 1–2 weeks | 2–4 weeks |
| 2. Hypothesise | Generate specs, build characterisation tests | 1–2 weeks | 2–4 wks/module |
| 3. Build | Parallel agents, nightly builds, progressive resolution | 4–6 weeks | 8–16 wks/module |
| 4. Verify | Test harness, morning reviews, convergence | Continuous | Continuous |
| 5. Promote | Strangler Fig cutover, gradual traffic shift | 2–4 weeks | 4–8 wks/module |
Every output is reviewable (code diffs, test results, spec changes). Every build is testable (characterisation tests, integration tests, data comparison). Every deployment is rollbackable (Strangler Fig keeps legacy as fallback). Existing SDLC governance applies without modification.
This sits squarely on the Cognition Ladder at Rung 2 (Augment) and Rung 3 (Transcend)—batch, overnight, artefact-based.46 This is where AI wins. Not Rung 1 (real-time customer interaction) where AI struggles with latency, governance, and human-advantage constraints.
| Old Model | New Model |
|---|---|
| “18-month, $5M modernisation project” | “2-week assessment to know the timeline and cost” |
| “Requirements come from meetings” | “Requirements come from observation” |
| “The spec is a document” | “The spec is a test suite” |
| “Code is the asset” | “The spec is the asset; code regenerates nightly” |
| “Big-bang cutover when ready” | “Strangler Fig cutover, module by module” |
| “We can’t afford to replace it” | “We can’t afford NOT to replace it” |
Legacy replacement isn’t just about technology. It’s about escaping the constraints of 1995-era system design and operating with 2026-era economics. The companies that replace legacy systems aren’t just cutting maintenance costs—they’re gaining the ability to change at modern speed. That’s the real competitive advantage.
It’s not vendors’ copilots trying to sell you a little bit of AI just to get some revenue and distract you from what you should be looking at. Your current system, maintained at $2M/year by people approaching retirement, with a 65% chance of going over-budget87 if you try traditional modernisation—that’s the risky bet. The nightly convergence loop is the safe one.
| Question | If YES | If NO |
|---|---|---|
| Legacy costing >$300K/year?92 | Strong economics for replacement | May not justify investment yet |
| Specialists within 5 years of retirement? | Start NOW—their knowledge is the spec | Less urgent, but costs still compound |
| Traditional modernisation quoted and shelved? | The pipeline offers a different path | Consider the pipeline anyway—cheaper assessment |
| Access to legacy system (UI, data, logs)? | You can start the observation phase | Need to solve access first |
| Executive willingness to try new approach? | Green light for 2-week assessment | Build the case with Ch 1–2 economics |
If 3+ questions are YES: Start the 2-week assessment sprint. The cost is low and the information is invaluable.
If fewer than 3: Build the economic case using the data in Chapters 1 and 2, then revisit.
If you’re sitting on a legacy system nobody wants to maintain, start by recording a week of user activity. That’s your specification.
One week of screen recording + overnight AI decomposition = more requirements information than months of meetings.
That first week tells you whether you have a bounded app or an enterprise beast—and gives you a data-driven basis for the investment conversation.
“Everything has changed. It’s a complete reset.”
This ebook draws on primary research from consulting firms, industry analysts, academic sources, and practitioner frameworks developed through enterprise AI transformation consulting. All statistics and claims are attributed to their original sources.
RTInsights, “Overcoming Hidden Costs of Legacy Systems”
Two-thirds of companies spend $2M+ on legacy maintenance annually.
https://www.rtinsights.com/modernizing-for-growth-overcoming-the-hidden-costs-of-legacy-systems/
Sunset Point Software, “The Legacy Paradox”
75% of IT budgets consumed by legacy maintenance in financial services.
https://www.sunsetpointsoftware.com/post/the-legacy-paradox-why-people-know-they-need-to-get-rid-of-legacy-systems-but-just-can-t-bring-the
V2Connect, “Cost of Delay in Legacy System Modernization”
60–80% of IT budgets on maintenance; $2.5 trillion global annual costs.
https://v2connect.v2soft.com/the-cost-of-delay-what-happens-when-legacy-system-modernization-is-ignored/
Profound Logic, “True Cost of Maintaining Legacy Applications”
20% annual cost compounding; $1.5M in 5 years for mid-sized firms.
https://www.profoundlogic.com/true-cost-maintaining-legacy-applications-industry-analysis/
Ponemon Institute, “Cost of Legacy Systems”
$9,000/minute unplanned downtime; legacy accounts for 40% of major outages.
https://www.linkedin.com/pulse/cost-legacy-systems-how-outdated-holds-companies-back-andre-occec
Perimattic, “Cost of Maintaining Legacy Systems”
Average COBOL programmer age 55; 10% retiring annually; 2,000 graduates worldwide.
https://perimattic.com/cost-of-maintaining-legacy-systems/
Integrative Systems, “Finding COBOL Programmers in 2025”
60% mainframe professionals over 50; RPG programmers approaching 70.
https://www.integrativesystems.com/iseries-cobol-programmer/
Vertu, “Claude Opus 4.5 vs GPT-5.2 Codex Coding Benchmark”
80.9% SWE-bench Verified; first AI model to exceed 80% on real-world coding.
https://vertu.com/lifestyle/claude-opus-4-5-vs-gpt-5-2-codex-head-to-head-coding-benchmark-comparison/
Andrew Ng, “Agentic Workflows”
GPT-3.5 jumps from 48% to 95% with agentic workflow; architecture beats raw capability.
https://www.linkedin.com/posts/andrewyng_one-agent-for-many-worlds-cross-species-activity-7179159130325078016-_oXr
Swfte AI, “AI API Pricing Trends 2026”
200x annual decline in LLM inference costs post-January 2024.
https://www.swfte.com/blog/ai-api-pricing-trends-2026
ISBSG, “Impact of AI-Assisted Development on Productivity and Delivery Speed”
48x acceleration in model development; months to days compression.
https://www.isbsg.org/wp-content/uploads/2026/02/Short-Paper-2026-02-Impact-of-AI-Assisted-Development-on-Productivity-and-Delivery-Speed.pdf
Wikipedia, “Characterization Test”
Characterisation/Golden Master testing methodology for legacy behaviour capture.
https://en.wikipedia.org/wiki/Characterization_test
Martin Fowler, “Strangler Fig Application”
Strangler Fig pattern for incremental migration; avoiding big-bang cutovers.
https://martinfowler.com/bliki/StranglerFigApplication.html
U.S. GAO, “IT Modernization Planning” (GAO-25-107795)
Documentation requirements and modernisation planning warnings.
https://www.gao.gov/products/gao-25-107795
McKinsey, “AI for IT Modernization: Faster, Cheaper, and Better”
$100M modernisation now costs less than half with generative AI.
https://www.mckinsey.com/capabilities/quantumblack/our-insights/ai-for-it-modernization-faster-cheaper-and-better
McKinsey, “Capturing AI Potential in TMT”
GitHub Copilot users complete tasks 56% faster.
https://www.mckinsey.com/~/media/mckinsey/industries/technology%20media%20and%20telecommunications/high%20tech/our%20insights/beyond%20the%20hype%20capturing%20the%20potential%20of%20ai%20and%20gen%20ai%20in%20tmt/beyond-the-hype-capturing-the-potential-of-ai-and-gen-ai-in-tmt.pdf
Hexacorp, “Legacy System Modernization Risk Guide”
65% over-budget; 62% average overrun; 447% catastrophic overrun rate.
https://hexacorp.com/legacy-system-modernization-risk-guide/
Techolution, “The Silent Workforce Crisis”
60% of modernisation delayed due to skills shortage; 70% stall.
https://www.techolution.com/blog/the-silent-workforce-crisis-making-legacy-systems-a-ticking-time-bomb/
Cutter Consortium, “Legacy Modernization”
Conventional approaches have failure rates no better than typical projects.
https://www.cutter.com/journal/legacy-modernization-487226
CodeWave / Gartner, “Future of Agentic AI Swarms”
1,445% inquiry surge; 40% enterprise agent adoption by end 2026.
https://codewave.com/insights/future-agentic-ai-swarms/
Martin Fowler, “Legacy Modernization Meets GenAI”
Human validation remains critical; AI accelerates but humans must guide.
https://martinfowler.com/articles/legacy-modernization-gen-ai.html
Planet Mainframe, “Mainframe Careers Are Changing”
“Developers are not just retiring, they are expiring.”
https://planetmainframe.com/2026/01/mainframe-careers-are-changing-not-disappearing-what-to-expect/
SoftwareSeni, “Learning COBOL and Mainframe Systems in 2025”
95% of ATM swipes and 70% of Fortune 500 transactions on COBOL/legacy.
https://www.softwareseni.com/learning-cobol-and-mainframe-systems-in-2025-legacy-technology-career-paths-and-opportunities/
Slashdot, “AI Tackles Aging COBOL Systems”
US Social Security Administration’s $1B AI-assisted COBOL upgrade.
https://developers.slashdot.org/story/25/04/24/1725256/ai-tackles-aging-cobol-systems-as-legacy-code-expertise-dwindles
Zen van Riel, “Claude Code Swarms: Multi-Agent Orchestration”
Parallel worktree architecture; “month of teamwork into a single hour.”
https://zenvanriel.nl/ai-engineer-blog/claude-code-swarms-multi-agent-orchestration/
ByteIota, “Claude Code Swarms Hidden Feature”
50,000+ line codebases handled by swarm systems.
https://byteiota.com/claude-code-swarms-hidden-multi-agent-feature-discovered/
Thoughtworks, “Blackbox Reverse Engineering”
AI agents navigating applications with Playwright for discovery.
https://www.thoughtworks.com/en-us/insights/blog/generative-ai/blackbox-reverse-engineering-ai-rebuild-application-without-accessing-code
Celonis, “Task Mining Solutions”
Screen recording and automated process extraction capabilities.
https://www.celonis.com/process-mining/what-is-task-mining/
Microservices.io, “Strangler Fig Pattern”
Incremental value delivery; benefits start immediately.
https://microservices.io/post/refactoring/2023/06/21/strangler-fig-application-pattern-incremental-modernization-to-services.md.html
Faros.ai, “Claude Code Token Limits”
Productivity paradox: 19% slower, perceived 20% faster.
https://www.faros.ai/blog/claude-code-token-limits/
HeroDevs, “Outdated Systems Fueling Cyber Attacks”
218 new vulnerabilities every 6 months for end-of-life software.
https://www.herodevs.com/blog-posts/how-outdated-systems-and-legacy-software-are-fueling-modern-cyber-attacks
Automox, “Unpatched Vulnerabilities Make Legacy Systems Easy Prey”
46% of CISA KEV linked to end-of-service software.
https://www.automox.com/blog/unpatched-vulnerabilities-make-legacy-systems-easy-prey
ModLogix, “Legacy Systems and Cybersecurity Risks”
60% of data breaches linked to unpatched vulnerabilities.
https://modlogix.com/blog/legacy-systems-and-cybersecurity-risks-what-you-need-to-know-in-2025/
Integrity360, “Biggest Cyber Attacks of 2025”
54% of ransomware incidents from outdated systems.
https://insights.integrity360.com/the-biggest-cyber-attacks-of-2025-and-what-they-mean-for-2026
LowTouch.ai, “AI Adoption 2025 vs 2026”
Amazon modernised thousands of legacy Java applications with AI agents.
https://www.lowtouch.ai/ai-adoption-2025-vs-2026/
33. McKinsey, “AI for IT Modernization: Faster, Cheaper, and Better”
$100M modernization now costs less than half with generative AI.
https://www.mckinsey.com/capabilities/quantumblack/our-insights/ai-for-it-modernization-faster-cheaper-and-better
34. Vertu, “Claude Opus 4.5 vs GPT-5.2 Codex Coding Benchmark”
80.9% on SWE-bench Verified; first AI model to exceed 80% on real-world coding.
https://vertu.com/lifestyle/claude-opus-4-5-vs-gpt-5-2-codex-head-to-head-coding-benchmark-comparison/
35. LM Council, “AI Model Benchmarks January 2026”
GPT-5.2 Codex achieves 80.0% on SWE-bench performance.
https://lmcouncil.ai/benchmarks/
36. Andrew Ng, “Agentic Workflows” (DeepLearning.AI)
GPT-3.5 jumps from 48% to 95% with agentic workflow; architecture beats raw capability.
https://www.linkedin.com/posts/andrewyng_one-agent-for-many-worlds-cross-species-activity-7179159130325078016-_oXr
37. LM Council, “AI Model Benchmarks”
Anthropic's custom harness adds 10 percentage points to Opus 4.5 performance.
https://lmcouncil.ai/benchmarks/
38. Medium, “Claude Code is Redefining Software Engineering”
11,900 lines of production code generated without opening an IDE.
https://medium.com/@ajepym/claude-code-is-redefining-software-engineering-faster-than-were-ready-for-da1a110b5567
39. LinkedIn, “OpenAI Internal Usage”
Agent Builder developed in 6 weeks with Codex writing 80% of pull requests.
https://www.linkedin.com/posts/justinhaywardjohnson_openai-unveils-o3-and-o4-mini-activity-7318687442868342784-1l3m
40. McKinsey, “Capturing AI Potential in TMT”
GitHub Copilot users complete tasks 56% faster.
https://www.mckinsey.com/~/media/mckinsey/industries/technology%20media%20and%20telecommunications/high%20tech/our%20insights/beyond%20the%20hype%20capturing%20the%20potential%20of%20ai%20and%20gen%20ai%20in%20tmt/beyond-the-hype-capturing-the-potential-of-ai-and-gen-ai-in-tmt.pdf
41. Swfte AI, “AI API Pricing Trends 2026”
200x annual decline in LLM inference costs post-January 2024.
https://www.swfte.com/blog/ai-api-pricing-trends-2026
42. ByteIota, “Claude Code Swarms Hidden Feature”
50,000+ line codebases handled by swarm systems.
https://byteiota.com/claude-code-swarms-hidden-multi-agent-feature-discovered/
43. Zen van Riel, “Claude Code Swarms: Multi-Agent Orchestration”
Parallel worktree architecture condensing month of teamwork into one hour.
https://zenvanriel.nl/ai-engineer-blog/claude-code-swarms-multi-agent-orchestration/
44. ISBSG, “Impact of AI-Assisted Development on Productivity and Delivery Speed”
48x acceleration; 100 AI models per year vs 2–5 with traditional methods.
https://www.isbsg.org/wp-content/uploads/2026/02/Short-Paper-2026-02-Impact-of-AI-Assisted-Development-on-Productivity-and-Delivery-Speed.pdf
45. CodeWave / Gartner, “Future of Agentic AI Swarms”
1,445% surge in multi-agent inquiries; 40% enterprise adoption by end 2026.
https://codewave.com/insights/future-agentic-ai-swarms/
46. LeverageAI, “Maximising AI Cognition and AI Value Creation”
The Cognition Ladder framework: Rungs 1–3 (Don’t Compete, Augment, Transcend).
https://leverageai.com.au/maximising-ai-cognition-and-ai-value-creation/
47. Faros.ai, “Claude Code Token Limits”
Productivity paradox: developers 19% slower but perceived 20% faster.
https://www.faros.ai/blog/claude-code-token-limits/
48. ISBSG, “Impact of AI-Assisted Development on Productivity and Delivery Speed”
Speedups in boilerplate tasks; slowdowns in critical-path engineering.
https://www.isbsg.org/wp-content/uploads/2026/02/Short-Paper-2026-02-Impact-of-AI-Assisted-Development-on-Productivity-and-Delivery-Speed.pdf
49. LeverageAI, “Stop Nursing Your AI Outputs: Nuke Them and Regenerate”
Specifications are durable while code regenerates; spec as appreciating asset.
https://leverageai.com.au/stop-nursing-your-ai-outputs-nuke-them-and-regenerate/
50. Thoughtworks, “Blackbox Reverse Engineering: Rebuild Application Without Accessing Code”
AI agents with Playwright navigate applications for discovery; behavioral system analysis.
https://www.thoughtworks.com/en-us/insights/blog/generative-ai/blackbox-reverse-engineering-ai-rebuild-application-without-accessing-code
51. Thoughtworks, “Context Engineering: Tackling Legacy Systems with Generative AI”
Behavioral standpoint for reverse engineering; observing system behavior over code analysis.
https://www.thoughtworks.com/en-us/insights/podcasts/technology-podcasts/context-engineering-tackling-legacy-systems-generative-ai
52. Celonis, “Task Mining Solutions”
Screen recording through workforce productivity app; automated dataset creation and analysis.
https://www.celonis.com/process-mining/what-is-task-mining/
53. Skan.ai, “The Celonis Alternative for Process Intelligence”
Combined human task data with system activities; complete operational flow picture.
https://www.skan.ai/the-celonis-alternative-for-process-intelligence
54. Skan.ai, “The 10 Best Task Mining Tools in 2025”
Task mining vs process mining distinction; complementary approaches for legacy analysis.
https://www.skan.ai/the-10-best-task-mining-tools-in-2025
55. Aspire Systems, “AI for Reverse Engineering: Modernizing Legacy Software”
AI extracts business-critical logic from code—calculations, transformations, conditional flows.
https://www.aspiresys.com/blog/digital-software-engineering/agile-software-solutions/reverse-engineering-with-ai-will-generative-models-unravel-30-year-old-codebases/
56. Evermethod, “Modernizing Legacy Systems with GenAI Solutions”
AI scans thousands of lines of legacy code for business rules and generates unit tests.
https://evermethod.com/blog/modernizing-legacy-systems-with-generative-ai-solutions
57. LeverageAI, “Progressive Resolution: The Diffusion Architecture for Complex Work”
Resolution Ladder L0–L5 for coarse-to-fine build methodology with stabilisation gates.
https://leverageai.com.au/wp-content/media/Progressive_Resolution_Diffusion_Architecture_ebook.html
58. Wikipedia, “Characterization Test”
Characterisation testing definition: describes actual behaviour and protects against unintended changes.
https://en.wikipedia.org/wiki/Characterization_test
59. Understand Legacy Code, “Characterization Tests or Approval Tests”
Characterisation test methodology: observe inputs/outputs, legacy system as oracle.
https://understandlegacycode.com/blog/characterization-tests-or-approval-tests/
60. Codurance, “How to Test Legacy Software When Modernising”
Golden Master suite enables confident modernization; progression from coarse to fine-grained tests.
https://www.codurance.com/publications/how-to-test-legacy-software-when-modernising
61. Steve Schwenke, “Golden Master Technique”
Benefits and limitations: easy to implement for complex systems; works for PDFs, XML, images.
https://stevenschwenke.de/whatIsTheGoldenMasterTechnique
62. Steve Schwenke, “Golden Master Technique”
Non-deterministic value handling: repeatability requirement; masking volatile values.
https://stevenschwenke.de/whatIsTheGoldenMasterTechnique
63. LeverageAI, “Stop Nursing Your AI Outputs: Nuke Them and Regenerate”
Nuke and Regenerate principle: specifications are durable, code is ephemeral.
https://leverageai.com.au/stop-nursing-your-ai-outputs-nuke-them-and-regenerate/
64. Data Science Society, “AI for Reverse Engineering: Modernizing Legacy Software”
Abstract Syntax Tree (AST) analysis for business rule extraction and data dependency mapping.
https://www.datasciencesociety.net/ai-for-reverse-engineering-modernizing-legacy-software-efficiently/
65. Thoughtworks, “Context Engineering: Tackling Legacy Systems with Generative AI”
Execution trace analysis via symbolic execution engines for runtime behaviour capture.
https://www.thoughtworks.com/en-us/insights/podcasts/technology-podcasts/context-engineering-tackling-legacy-systems-generative-ai
66. Martin Fowler, “Legacy Modernization Meets GenAI”
Human validation remains critical: AI accelerates but developers must validate and guide.
https://martinfowler.com/articles/legacy-modernization-gen-ai.html
67. Augment Code, “What Is Agentic Swarm Coding: Definition, Architecture, and Use Cases”
Multiple specialized AI agents working together autonomously to complete software engineering tasks.
https://www.augmentcode.com/guides/what-is-agentic-swarm-coding-definition-architecture-and-use-cases
68. Apiyi, “Claude Swarm Mode: Multi-Agent Guide”
Independent worktrees for parallel development; automated testing upon completion.
https://help.apiyi.com/en/claude-code-swarm-mode-multi-agent-guide-en.html
69. Multimodal.dev, “Best Multi-Agent AI Frameworks”
MetaGPT simulates human project teams with agents that plan, code, test, and review collaboratively.
https://www.multimodal.dev/post/best-multi-agent-ai-frameworks
70. DataCamp, “Best AI Agents in 2026”
LangGraph with 4.2M monthly downloads; Klarna reduced customer support resolution time by 80%.
https://www.datacamp.com/blog/best-ai-agents
71. LeverageAI, “Nightly AI Decision Builds”
CI/CD discipline applied to AI systems: regression tests, diff reports, canaries, rollback.
https://leverageai.com.au/nightly-ai-decision-builds-backed-by-software-engineering-practice/
72. LeverageAI, “STOP Customizing, STOP Technical Debt, START Leveraging AI”
Spec as appreciating asset; code as ephemeral; platform escape path.
https://leverageai.com.au/stop-customizing-stop-technical-debt-start-leveraging-ai/
73. LeverageAI, “Waterfall Per Increment”
Spec-driven SDLC for agentic coding: when generation is cheap, optimise for spec clarity.
https://leverageai.com.au/waterfall-per-increment-how-agentic-coding-changes-everything/
82. HeroDevs, “Outdated Systems Fueling Cyber Attacks”
218 new vulnerabilities every 6 months for end-of-life software.
https://www.herodevs.com/blog-posts/how-outdated-systems-and-legacy-software-are-fueling-modern-cyber-attacks
83. KS Softech, “Legacy System Rebuilds: Modernize Outdated Software”
Traditional legacy modernization takes 12–18 months.
https://kssoftech.com/legacy-system-rebuilds-modernize-outdated-software/
84. ISBSG, “Impact of AI-Assisted Development on Productivity and Delivery Speed”
48x acceleration in model development; reducing months to days.
https://www.isbsg.org/wp-content/uploads/2026/02/Short-Paper-2026-02-Impact-of-AI-Assisted-Development-on-Productivity-and-Delivery-Speed.pdf
85. Automox, “Unpatched Vulnerabilities Make Legacy Systems Easy Prey”
46% of CISA KEV linked to end-of-service software.
https://www.automox.com/blog/unpatched-vulnerabilities-make-legacy-systems-easy-prey
86. Integrative Systems, “Finding COBOL Programmers in 2025”
Teaching mainframe maintenance requires 30–40 years of business logic experience.
https://www.integrativesystems.com/iseries-cobol-programmer/
87. Hexacorp, “Legacy System Modernization Risk Guide”
65% over-budget; 62% average overrun; 447% catastrophic overrun rate.
https://hexacorp.com/legacy-system-modernization-risk-guide/
88. Martin Fowler, “Strangler Fig Application”
Strangler Fig pattern for incremental migration avoiding big-bang rewrites.
https://martinfowler.com/bliki/StranglerFigApplication.html
89. KS Softech, “Legacy System Rebuilds: Modernize Outdated Software”
Traditional legacy modernization takes 12–18 months.
https://kssoftech.com/legacy-system-rebuilds-modernize-outdated-software/
90. Microservices.io, “Strangler Fig Pattern for Incremental Modernization”
Incremental value delivery; benefits start with first service.
https://microservices.io/post/refactoring/2023/06/21/strangler-fig-application-pattern-incremental-modernization-to-services.md.html
91. Perimattic, “Cost of Maintaining Legacy Systems”
Average COBOL programmer age 55; 10% retiring annually; 2,000 graduates worldwide.
https://perimattic.com/cost-of-maintaining-legacy-systems/
92. Hexacorp, “Legacy System Modernization Risk Guide”
If hidden costs exceed $300,000 annually, modernization typically pays for itself within 18–24 months.
https://hexacorp.com/legacy-system-modernization-risk-guide/
93. Cutter Consortium, “Legacy Modernization”
Conventional approaches have failure rates no better than typical projects.
https://www.cutter.com/journal/legacy-modernization-487226
74. Martin Fowler, “Strangler Fig Application”
Strangler Fig pattern for incremental migration avoiding big-bang rewrites.
https://martinfowler.com/bliki/StranglerFigApplication.html
75. Microservices.io, “Strangler Fig Pattern for Incremental Modernization”
Incremental value delivery; benefits start with first service.
https://microservices.io/post/refactoring/2023/06/21/strangler-fig-application-pattern-incremental-modernization-to-services.md.html
76. Wikipedia, “Characterization Test”
Golden Master testing methodology for capturing legacy behaviour.
https://en.wikipedia.org/wiki/Characterization_test
77. Hexacorp, “Legacy System Modernization Risk Guide”
447% catastrophic cost overruns in failed modernization projects.
https://hexacorp.com/legacy-system-modernization-risk-guide/
78. Codurance, “How to Test Legacy Software When Modernising”
Golden Master suite enables confident modernization and regression detection.
https://www.codurance.com/publications/how-to-test-legacy-software-when-modernising
79. AWS Prescriptive Guidance, “Strangler Fig Pattern”
Façade routes requests to legacy or new services with rollback capability.
https://docs.aws.amazon.com/prescriptive-guidance/latest/cloud-design-patterns/strangler-fig.html
80. Understand Legacy Code, “Characterization Tests or Approval Tests”
Test methodology observing inputs/outputs with legacy as oracle.
https://understandlegacycode.com/blog/characterization-tests-or-approval-tests/
81. Martin Fowler, “Legacy Modernization Meets GenAI”
Human validation remains critical; AI accelerates but developers must guide.
https://martinfowler.com/articles/legacy-modernization-gen-ai.html
Practitioner frameworks and interpretive analysis developed through enterprise AI transformation consulting. These frameworks are integrated as the author’s analytical voice throughout the ebook and are listed here for transparency and further exploration.
“Stop Automating, Start Replacing”
90% of IT leaders say legacy systems hinder innovation.
https://leverageai.com.au/stop-automating-start-replacing-why-your-ai-strategy-is-backwards/
“Maximising AI Cognition and AI Value Creation”
The Cognition Ladder framework (Rungs 1–3): Don’t Compete, Augment, Transcend.
https://leverageai.com.au/maximising-ai-cognition-and-ai-value-creation/
“Progressive Resolution: The Diffusion Architecture for Complex Work”
Resolution Ladder L0–L5: coarse-to-fine build methodology with stabilisation gates.
https://leverageai.com.au/wp-content/media/Progressive_Resolution_Diffusion_Architecture_ebook.html
“Nightly AI Decision Builds”
CI/CD discipline applied to AI systems: regression tests, diff reports, canaries, rollback.
https://leverageai.com.au/nightly-ai-decision-builds-backed-by-software-engineering-practice/
“Waterfall Per Increment”
Spec-driven SDLC for agentic coding: when generation is cheap, optimise for spec clarity.
https://leverageai.com.au/waterfall-per-increment-how-agentic-coding-changes-everything/
“The Simplicity Inversion”
Why the “easy” AI project (chatbot) is actually the boss fight, while the “hard” project (legacy replacement) is the tutorial zone.
https://leverageai.com.au/the-simplicity-inversion-why-your-easy-ai-project-is-actually-the-hardest/
“Stop Nursing Your AI Outputs: Nuke Them and Regenerate”
Nuke and Regenerate principle: specifications are durable while code regenerates.
https://leverageai.com.au/stop-nursing-your-ai-outputs-nuke-them-and-regenerate/
“STOP Customizing, STOP Technical Debt, START Leveraging AI”
Spec as appreciating asset; code as ephemeral; platform escape path.
https://leverageai.com.au/stop-customizing-stop-technical-debt-start-leveraging-ai/
This ebook draws on 40+ web sources from 2025–2026, including official reports from McKinsey, Gartner, and the U.S. Government Accountability Office; academic sources (arXiv, IEEE, ISBSG); industry platforms (Skan.ai, Celonis, Anthropic, OpenAI); and technical documentation (AWS, Microsoft, Martin Fowler).
All statistics include source attribution. Primary sources are cited for major claims. Cross-validation was performed where data points overlapped across multiple sources.
Research compiled February 2026. Some links may require subscription access. URLs verified at time of publication.