Shadow AI meant employees pasting things into ChatGPT that they shouldn’t. It now has a larger meaning, with employees building complete applications using AI, connecting them to production systems, and publishing them on the open internet. No need to involve security or IT.
Artifacts have been moved from prompts to products. The risk profile has also changed accordingly.
In The Shadow Builders report (available here), a new category-level study featured in May by Axios, WIRED, and VentureBeat, Red Access identified more than 380,000 publicly accessible web assets across major vibecoding platforms.
Approximately 5,000 people appeared to be in business. More than 2,000 of these held sensitive corporate, business, and personal data and resided on the open web, deployed without basic access controls, often granting administrative access by default to anyone who reached the URL. Six continents. All industries will be investigated. No exploitation necessary.
Within the organization, an audit was passed while these exposures were being made.
The new Shadow AI isn’t about prompts. It’s about the product.
Vibe Coding, a broad spectrum of AI-driven development platforms that allow anyone to write what they want and build working applications, has compressed work that previously took engineering teams months into something that non-developers can ship before lunch.
Marketing managers build campaign trackers and connect them to BI tools where the real numbers reside. The operations manager creates a vendor acceptance form and connects it to the ticketing system. The finance team will build a board readiness dashboard and have invoice data in it by Friday. These applications are connected to sanctioned operational systems (CRM, ERP, ticketing tools, BI platforms) and frequently exposed to the open internet with access controls set by the builder. Often nothing.
The people who do this are not malicious. They are talented employees who solve real problems faster than your organization can and do exactly what the platform asks them to do. Platforms aren’t the bad guys either, they’re giving the original audience what they want. What hasn’t kept up are the technical and operational guardrails that govern post-build behavior.
This is not shadow IT in the old sense. Shadow IT had its limitations. When the team bought a Trello account with a corporate card without telling anyone, the data was stored within an unapproved SaaS vendor, but at least the identity, audit logs, and governance aspects were present. Shadow Builders reverses that. Applications are custom built, data is custom loaded, integrations are direct connections to production systems of record, and artifacts are often exposed on the open internet. The underlying platform may be audited. Applications built on top of it are not. There are builders, platforms, and URLs. that? He’s hardly in the room.
Why mature security stacks still miss this
After reading the numbers above, the CISO reflexively checks the stack. EDR is running. DLP is configured. CASB is licensed. Firewalls and SSE are in place. Some organizations are adding enterprise browsers. Each of these tools does exactly what it was designed to do. Categories sit in the gaps between them.
EDR is aware of browser processes, not internal builds. To endpoint agents, Shadow Builder, powered by the Vibecoding platform, looks like normal, non-malicious browser activity, the same form of telemetry as someone reading the news. If a modern EDR or enterprise browser displays more detailed information, it will only do so on an organization-owned device and within an organization-managed browser. Personal laptops, contractor machines, BYOD devices, and personal browser tabs are, by definition, invisible.
DLP monitors enumerated channels. If a user pastes regulated data into a known AI chat, it can be flagged. Vibe-coded applications can connect to sanctioned BI tools programmatically via APIs and move data from cloud to cloud, completely bypassing physical endpoints.
CASB was built for shadow IT, or SaaS vendors with discoverable identities. The platform itself cannot be easily distinguished from the unlimited population of custom applications hosted on subdomains of the Vibecoding platform. There is a tendency for the entire population to register as one approved SaaS vendor.
Firewalls and SSE see traffic to the platform’s domain, but not the context of the application as a business object. And even with most SASE/SSE deployments being partial and mature, the issue of unmanaged devices remains unresolved.
None of these tools have failed. This category exists across the gaps that existing architectures leave between layers, producing signal fragments that are never assembled into a single manageable picture.
Where visibility is really needed
End-to-end vibe coding is a web session event. Build is a browser event. OAuth permissions that connect new applications to authorized enterprise systems are browser events. The data used to build the application travels within the session. Deployments are browser events. The publishing action that turns your build into a live application with a public URL is just a click away within the same tab where everything else happens.
All steps occur at the session layer. Not adjacent. In it.
Therefore, controls placed in the session layer see the entire build path, not just a portion of it. Platform used. What mechanisms are used to connect corporate systems? Data is coming and going. A public event that exposes your application to the open Internet. Attributable to a specific person and a specific application instance, regardless of which browser was used or which network path the traffic took. And, importantly, whether the device is a company-issued laptop or a contractor’s personal machine.
what to do this week
4th move. None of those are technology purchases.
Let’s start with discovery. Ask your employees directly what they built. Most shadow builders are doing useful work and are not hiding anything. Framing is important. Prompt to the entire workforce – If you’ve built a tool using an AI development platform, please tell us about it. We don’t do audits. We are taking inventory. The first stage goes further than policy memos and tool implementation.
Then the map. For each application that surfaces, capture which corporate systems it is connected to, how it is connected (OAuth, API keys, manual uploads – various audit trails), and whether it is publicly accessible. Public reachability is the most actionable signal in the short term.
Establish an authorized path. Give the Shadow Builders a place to teach. Name approved platforms, define acceptable data categories, and set minimum authentication standards. It’s less friction than the alternatives, but they don’t tell you that at all.
And accept that the job is not a one-time inventory. Applications coded with Vibe continue to be created. The picture you created this month will be incomplete next month. A mature attitude is continuous discovery at the layer where activity actually occurs.
This category will continue to mature. The platform continues to readjust its defaults. None of those adaptations are complete. Most businesses are at risk today.
Red Access is an agentless, session-layer security platform built for exactly this purpose. That means SSE-grade visibility and governance of the session itself across any browser and any device, even unmanaged ones. Can be installed in a few hours. Request a free audit.
Source link
