Steven LafortuneAI is reshaping how software companies operate, and Devolutions is no exception. As we deepen our investment in AI — across development, security, and internal tooling — our customers have questions.
We recently opened the floor on the Devolutions Forum and invited our community to send their toughest AI questions directly to Marc-André Moreau, our CTO. The response was strong — and so were the questions. He went through every submission and answered a selection below, without a script and without softening the edges.
Security, data safety, product quality, and employees
As someone who also works in a software company, I see firsthand the effects AI has on work and employees. How does Devolutions guarantee the security, data safety, and quality of its products — and what does this mean for your personnel?
This is a compound question; let me focus on the two parts I think matter most.
AI makes mistakes, but it is also very good at spotting mistakes, especially through the right tooling and with the proper instructions. Codex Security performs continuous security reviews of our code and has found several vulnerabilities that had survived years of scrutiny from human reviewers. GitHub Copilot code review also keeps improving and now provides useful comments on pull requests that go well beyond simple code style annoyances. We are at a point where external security researchers automatically decompile our software to find vulnerabilities and submit one-click proof-of-concept exploits for what they found.
There is a lot of discussion about AI layoffs and whether AI will take our jobs. While some individuals may have difficulty adapting to this new reality, there is an even bigger risk: if we do not learn how to use AI correctly and efficiently, we could go out of business. The rules have changed, and we need to thrive in this new environment.
“If we do not learn how to use AI correctly and efficiently, we could go out of business. The rules have changed, and we need to thrive in this new environment.” — Marc-André Moreau, CTO
Costs, tokens, and license limits
We’re heavy token users, and our license was recently reduced from 3,000 to 1,800 requests. On top of that, the best models consume more tokens. How do you manage the cost?
The simple answer is that we keep paying for tokens, even if the long-term sustainability of that approach is still unclear. I personally consume over $2,500 in tokens per month, and at the time of writing this, the internal record is $5,000 in a single month. Those are exceptional cases, but we have also been pushing hard for employees to learn and use AI. It would not make sense to hit the brakes exactly when someone finally understands how to use AI effectively and reaches a 10x productivity increase, even if the costs are high.
What truly matters is that tokens translate into results. We simply pay more attention when someone goes over $500 per month, to make sure they are not using AI in a wasteful manner; if they are using it efficiently, they can keep going. This is not about spending for its own sake, and we do not have an internal leaderboard rewarding employees for burning the most tokens. However, we give employees what they need to succeed with AI, and we do not hold back. They are expected to work with us, keep up with the new reality, and adapt the way they work accordingly. We have several examples of employees producing better output at incredible speed, so the real question is what made them click, and how we help others get there. A lot of learning happens internally by watching how peers use AI efficiently.
In a company like Devolutions, we sell software, so we benefit from a strong multiplier: the same software can be sold many times for the same cost of production. The real challenge is for companies with a different business model, especially service-based companies, that do not have the same multiplier. We can afford to spend a lot of money on tokens as long as it helps us reach goals we could only dream of a year ago. But what happens when there is no revenue coming in to match it? Even if AI makes you more efficient, it does not automatically mean you remain profitable. I am genuinely concerned for companies with lower margins: they will have to keep AI costs in check far more carefully than we do.
“It would not make sense to hit the brakes exactly when someone finally understands how to use AI effectively and reaches a 10x productivity increase.” — Marc-André Moreau, CTO
Environmental impact and costs
AI datacenters have a significant environmental impact. What is Devolutions’ position on this, and how are you handling the associated costs?
The environmental concern is real, and I do not want to wave it away. But Pandora’s box has been opened, and from here on, we have to either adapt or risk dying as a business.
If we were to take an overly cautious approach to AI for environmental reasons, we would unfortunately be putting the business at serious risk over time: customers not renewing over the next few years, stalled growth, and an industry that adapts to AI while discarding traditional software that does not work well with AI workflows.
As for our actual position, I won’t pretend environmental impact is the first thing we optimize for. On the cost side, we are fortunate to be in good financial standing and can afford it, even though we are well aware that is not the case for everyone. It is my responsibility as CTO to ensure that Devolutions navigates the AI shift correctly, and part of that is being proactive about responsible AI: we have begun adopting ISO/IEC 42001, the new international standard for AI management systems, so that our use of AI is governed deliberately and held to a recognized framework rather than left to improvisation.
Things are moving fast, even the meaning of “AI-native” is still a work in progress, and I cannot predict what the world will look like a year from now.
Source of the AI initiative
Is your AI initiative being driven from the C-level, or from the developer level?
Both, and that combination is exactly why it worked. AI adoption at Devolutions has been strongly encouraged at the executive level since the beginning, but it has also been matched by internal AI champions who surfaced in various teams. This has significantly changed team dynamics. It was not possible to predict who would become an “AI champion,” and we have seen individuals adopt AI so efficiently that they are now driving their entire teams forward and transforming daily workflows.
It was not embraced equally by everyone. Not everyone is willing to, or capable of, working in a truly AI-native company. When we started, we had everyone — developers and non-developers alike — take part in AI training with Mindstone. We have repeatedly told everyone that they must adapt, but also that we would give them the tools and training to do so. We have spared no expense on AI training and tooling, so the support is there and the rest is up to each person to take advantage of it.
If you work at a company where AI adoption is stalled, make sure you explain to the C-level that they must lead by example. Most of what I’ve read on AI transformation agrees that it needs to come from the top, mostly to signal that AI is a positive force rather than a negative one. We are lucky that the Devolutions CEO decided to go all-in on AI early while keeping a cool head about its true capabilities.
Optional AI features, LLM reliability, and AI-generated code
Will AI-based features in Devolutions products like RDM always remain optional and user-disableable? I ask because in my opinion, LLMs aren’t truly intelligent — they predict the next word based on statistical patterns, and they’ll confidently produce flawed output without flagging it. I’m also curious: what percentage of Devolutions product code is now AI-generated?
All the AI features we have added can be turned off, and they are not intrusive. Our intention is for them to stay optional and easy to turn off, both now and going forward. We do not want to behave like Microsoft by adding Copilot everywhere so that users click on it by mistake, almost like a trap. At the same time, there is demand for our products to work with AI, so we cannot ship products with zero AI features.
Today, these AI features typically require the user to bring their own key or sign in with GitHub Copilot, since the people who use AI heavily generally prefer to bring their own subscription into our products rather than buy yet another one.
As for how much code in our products is AI-generated, we do not have such a metric. What I can say is that the vast majority of new code is now AI-generated, but all of it goes through the same human review, testing, and security checks as before. The author changed, the gates did not. You are correct that LLMs are very good at claiming something is correct when it is not, and they do so with confidence. Whether or not you call that intelligence, what matters in practice is whether the output survives review. There is a fine line between an AI “slop cannon” and a 10x developer using AI efficiently.
There is a limit to how far AI takes you if you cannot evaluate its output. But someone who understands how to review AI output can go much, much faster, with higher quality, than with 100% manual work. AI does not get tired and can stay focused on long-horizon work for several hours, performing tasks that would normally take months in a single day. If you are smart about AI, you use it to pay down accumulated tech debt before jumping into new features.
AI models also keep improving. What was true last week may no longer hold for the current generation. Over the span of a year, we went from models that would call Bash commands on Windows to models that can perform complex code refactorings autonomously overnight and produce something that builds, runs, and is tested end to end, waiting to be reviewed by a developer.
PowerShell Universal and integration with Devolutions products
Beyond AI, how will PowerShell Universal integrate with your other products? I know Gateway is part of the plan, but how does PSU fit into the broader catalog — will it stay a standalone product with integrations, or become more deeply embedded?
Not strictly an AI question, but I’m happy to take it.
We understand the need to keep PowerShell Universal as its own thing, while being careful about how we integrate it within the rest of our product portfolio. There are real opportunities for integration: from the RDM side, it is more about making PSU discoverable to users who do not already know it. We received a lot of really good feature requests and feedback in person at PSConfEU, and it all points toward Devolutions Agent and Devolutions Gateway.
Concretely, that means replacing the current PSU Agent with Devolutions Agent and having Devolutions Agent connect back to PowerShell Universal to execute scripts, with the possibility of combining this with Devolutions Gateway for certain connection flows. That is where we are heading next.
On the AI side, since it always comes up: we also presented new AI features at PSConfEU — namely a brand-new MCP server that lets users vibe-code PSU dashboards with end-to-end validation through the Playwright MCP server, plus full PSU cmdlet information exposed to the AI agent so it does not have to guess parameters or how to call them.
Kill switch / global AI disablement for regulated environments
For on-premise and self-hosted products like Remote Desktop Manager and Devolutions Server, we need a reliable way to globally disable all AI features. Environments with strict compliance requirements can’t risk AI capabilities being enabled accidentally and potentially leaking information — especially across large or complex deployments managed through Infrastructure as Code.
First, AI cannot be enabled by accident: every AI feature requires deliberate configuration with your own API key and provider, and we do not offer a Devolutions-hosted AI service that could quietly switch on. We recognized the need to disable features that call external services even before AI became a concern, so the same controls that let administrators turn off online capabilities now also apply to AI capabilities.
For a feature like the AI assistant in RDM, even when a user has their own key, administrators can force-disable it through group policy, so the setting is enforced centrally and stays consistent across machines. AI features today are not so different from online features in that some environments require them to be fully turned off.
AI vs. classic deterministic logic
If a categorization task could just as easily be handled with if/else or case logic, would you go that route instead of AI? And is there a risk that a “temporary” AI solution becomes permanent and hard to replace down the line?
My default is deterministic logic wherever the rules are known and correctness has to be guaranteed: it is cheaper, testable, auditable, and repeatable. I reach for AI when the input is open-ended or messy enough that enumerating every case is impractical. A fixed category list is an if/else; classifying free-form text is where AI earns its place. You can also combine the two, and that mix often works best. Agent skills, for instance, work very well alongside PowerShell scripts: the deterministic script handles the predictable part, and the AI handles the exceptions.
Security, costs, governance, employment, environmental impact, product philosophy — this Q&A covers a lot of ground. What stands out across all of Marc-André’s answers is a consistent thread: AI adoption at Devolutions is intentional, not reactive. Features stay optional and administrator-controlled. Costs are monitored but not capped at the expense of productivity. And on the bigger questions — environmental impact, the future of jobs, what “AI-native” even means — the honest answer is that nobody has it fully figured out yet, including us.
This is the first installment in what we plan to make a recurring series. As the landscape shifts and new questions emerge from the community, we’ll keep bringing them to the people making the decisions. Got something you’d like addressed in the next round? Post it in the Devolutions Forum — we’re reading.
