When Legacy Has No Source Code: Recovering Black-Box Applications with AI and Human Engineering

Some legacy systems are hard to modernize. Others are harder because they are barely systems anyone can still see.

They run critical operations, but no one can fully explain how they work. The source code is missing or inaccessible. Documentation is gone, incomplete or never existed. The people who built the application have left. What remains is a black-box dependency the business still relies on every day.

This is one of the most difficult modernization scenarios enterprises face. It is also one of the most urgent. An opaque application tied to plant operations, claims processing, payments or core back-office workflows is not just a technology problem. It is a business continuity risk. Leaders are forced into an uncomfortable position: keep depending on a system no one understands, or attempt to replace it without a reliable picture of what must be preserved.

The right response is not “magic” automation. It is a transparent recovery process that combines AI acceleration with human engineering control. With Sapient Slingshot, Publicis Sapient helps organizations recover, explain and modernize black-box applications in a way that makes the system readable again, produces reviewable artifacts quickly and keeps people accountable at every critical step.

The real risk in black-box legacy systems

When a legacy application has no usable source code, the problem goes beyond outdated technology. The deeper issue is lost understanding.

Business logic is trapped in binaries or aging runtime artifacts. Dependencies are hidden. Data relationships are unclear. Small changes become dangerous because teams cannot predict downstream effects with confidence. The longer that condition persists, the more operational exposure grows. In regulated or operationally sensitive environments, slower is not automatically safer. Delay can mean prolonged fragility, greater dependence on scarce specialists and more time spent carrying unsupported technology in production.

Traditional modernization approaches struggle here because so much effort is consumed just reconstructing intent. Teams can spend weeks or months trying to infer what the software does before they can even begin meaningful transformation. That is why black-box applications often remain untouched until the risk becomes impossible to ignore.

A more credible path starts by making the application understandable before changing it.

A practical proof point: RWE’s Tube Tracker

RWE Generation Ltd faced exactly this kind of challenge. Several aging applications that supported power plant operations were running on outdated stacks and had become difficult to understand or maintain. One application, Tube Tracker, was more than 24 years old and effectively a black box. It had no accessible source code, no documentation and no remaining experts available to support it. Yet it remained vital to operations.

Using Sapient Slingshot with human engineering oversight, Publicis Sapient modernized the application in two days. The significance was not just speed. It was the way the work was done: through a structured recovery sequence that turned an opaque dependency into a readable, maintainable asset.

The recovery sequence: from binary artifact to maintainable application

For black-box systems, modernization has to begin with recovery. In practice, that means working through a disciplined sequence that restores engineering visibility step by step.

1. Decompile what still exists

When source code is missing, the first task is to recover a workable representation of the application. In the Tube Tracker effort, binary files were converted into readable Java source code using open-source AI tools. That created a starting point the team could inspect, refine and validate. Without that step, the application would have remained sealed off from meaningful engineering work.

2. Rebuild the runtime on a modern environment

Recovered code is only useful if the application can run, be tested and be improved. The team rebuilt the development environment using Java 17 and PostgreSQL 16 so the application could execute on a modern stack. This is a crucial step in black-box recovery. The objective is not only to understand the old system, but to restore the ability to work on it as a living application again.

3. Refactor for readability and maintainability

Recovered code is rarely clean. Decompiled applications may technically compile, but they are often difficult to follow and expensive to extend. Sapient Slingshot was used to clean up and restructure the Tube Tracker codebase so it became understandable to modern engineers. More than 7,000 lines of code were reduced to roughly 5,000 lines, naming and syntax were improved and unit tests were added. The point was not cosmetic cleanup. It was to make the software maintainable and safer to evolve.

4. Extract the business logic

This is where real modernization begins. Code recovery alone is not enough. Teams need to understand what the system actually does.

Slingshot analyzed the recovered application to produce entity relationship diagrams and data flow sequences that exposed the application’s underlying behavior. That gave engineers and stakeholders something they could review together. Logic that had been inaccessible became visible. A black box started becoming an explainable system.

5. Generate documentation for future teams

Recovered understanding only creates lasting value if it is captured. AI assistance was used to generate inline documentation and external README files so future developers could understand, maintain and extend the application more easily. That final step matters more than it may seem. It prevents a rescue effort from becoming a one-time intervention and turns it into a foundation for sustained maintainability.

Why transparency matters more than novelty

The Tube Tracker example is compelling because it shows that even an extreme edge case can be recovered quickly. But speed is only part of the story. What makes the approach enterprise-ready is transparency.

At each stage, AI accelerated work that would otherwise be manual and slow. But engineers remained in control. They reviewed outputs, refined recovered code, validated extracted logic and shaped the resulting artifacts into something the organization could trust. That human-in-control model is what separates governed modernization from black-box automation.

For leaders responsible for operational resilience, this distinction is critical. They do not just need faster recovery. They need evidence. They need to see how logic was surfaced, how artifacts were generated and how decisions were validated. In high-stakes systems, explainability is what makes acceleration usable.

What Sapient Slingshot adds to black-box recovery

Sapient Slingshot helps connect recovery work across the software development lifecycle. Rather than jumping directly from an opaque legacy asset to new code, it inserts a specification-led layer between the old system and the target state. That means organizations can move from code recovery to business logic extraction, from reviewable specifications to cleaner implementation, from automated tests to deployment readiness with continuity across the workflow.

That continuity matters because black-box recovery is rarely only about one technical fix. It is about restoring engineering control. Slingshot helps teams surface hidden logic, map dependencies, generate documentation, create tests and maintain traceability between the original behavior and the modernized application. The result is a clearer source of truth for architects, engineers and business stakeholders.

From operational dependency to maintainable asset

The business outcomes in the Tube Tracker effort make the case concrete. One engineer completed the work in two days instead of an estimated two weeks of manual effort. Automated code generation delivered 35% to 45% time savings. Test creation and unit test setup improved efficiency by 30% to 40%. Most importantly, the application moved from an inaccessible operational risk to a deployable, maintainable asset that could support rollout across additional sites.

That is the real promise of AI-assisted recovery for black-box applications. Not automation for its own sake. Not an opaque leap of faith. A practical, reviewable path for turning undocumented systems back into readable software that teams can own, maintain and extend with confidence.

For enterprises dealing with inherited applications, missing source code or disappearing specialist knowledge, the path forward does not have to begin with guesswork. With the right combination of AI acceleration and human engineering discipline, even the most opaque systems can be recovered, explained and modernized while preserving business continuity and restoring control.