Shadow AI and the Rise of Vibe‑Coded Applications
Shadow AI in enterprises refers to employees using AI development platforms to build and deploy full applications, wired into production systems, without Security or IT oversight, turning informal experimentation into untracked products that quietly reshape the organization’s attack surface. In the “Shadow Builders” report from Red Access, researchers scanned popular “vibe‑coding” platforms where non‑developers can describe what they want and receive a working web app within minutes. What they found was not a niche phenomenon but a structural shift in how business tools are created. Marketing, operations, and finance teams are building campaign trackers, vendor forms, and executive dashboards on their own, then connecting them directly to CRMs, ERPs, ticketing tools, and BI platforms. These apps often land on the open internet, governed only by whatever access controls the creator configured. In many cases, that means none at all.
2,000 AI‑Built Apps, 380,000 Assets, and Widespread Access Control Failures
Red Access identified more than 380,000 publicly accessible web assets on leading vibe‑coding platforms, and about 5,000 of those assets appeared to be corporate applications. Over 2,000 contained sensitive corporate, operational, or personal data exposed to anyone who could guess or receive the URL. Many of these apps granted admin‑level access by default, with “no exploitation required” beyond visiting the page. This is a textbook case of access control failures: authentication missing, authorization misconfigured, and sensitive data sets bound to public endpoints. The exposures spanned industries and geographies while the affected organizations were still passing internal audits, highlighting how enterprise data exposure can occur fully outside established governance channels. The people building these tools were solving legitimate work problems, but AI‑generated interfaces and templates made it easy to bind powerful back‑end data to public front‑ends with almost no friction and little understanding of security impact.
Why Enterprise Security Stacks Miss AI Security Vulnerabilities
Most traditional controls were never designed for AI‑built, browser‑native applications created by non‑developers. Endpoint detection and response tools see a browser process but cannot discern that a user is constructing a production‑bound app rather than reading a news site. Data loss prevention monitors defined channels, such as copy‑and‑paste into known AI chats, but it cannot see AI‑generated code that connects via OAuth or API from one sanctioned cloud system to another. CASB tools, built for classic Shadow IT, usually register all those custom apps as activity on a single approved SaaS vendor, not as thousands of separate business applications. Network tools like firewalls and SSE stacks see traffic to a platform’s domain without the application‑level context needed to flag enterprise data exposure. As a result, AI security vulnerabilities emerge from fragments of signal scattered across tools, never coalescing into a single, actionable view.
How AI‑Generated Code Creates New Security Blind Spots
Vibe‑coding platforms compress months of traditional development into a few browser sessions, but that speed comes with new AI‑generated code risks. The build, the OAuth grant to production systems, the data flow, and the final publish click all occur inside a single web session. Default templates and prompts often emphasise functionality over security, so novice builders rarely configure authentication or role‑based access correctly. Because the platform itself may be audited, enterprises can assume safety even though each custom application on top of it is effectively unreviewed code and configuration. Shadow Builders invert old Shadow IT patterns: instead of parking data in an unsanctioned SaaS silo, they wire custom apps directly into systems of record and then expose them publicly. Without visibility at the session layer, organizations cannot see which data sets are being pulled, where access control failures exist, or when a new public endpoint goes live.
Closing the Gaps: Practical Steps for Enterprises
Addressing enterprise data exposure from Shadow AI starts with visibility rather than new tools. Red Access recommends asking employees directly what they have built on AI development platforms, framing the effort as inventory, not punishment. For each discovered application, security teams should map which corporate systems it connects to, how it connects (OAuth, API keys, or file uploads), and whether the app is publicly reachable. Public reachability combined with sensitive data is the most urgent risk. Organizations then need a sanctioned path: approved platforms, clear categories of data that may be used, and a minimum authentication standard for any app touching production systems. Because vibe‑coded apps keep appearing, one‑time discovery is not enough. Security needs continuous monitoring at the browser session layer, where builds, data flows, and publish actions converge into a complete picture of AI security vulnerabilities before they turn into the next wave of silent breaches.