What was once understood as "Shadow AI"—employees surreptitiously utilizing generative AI tools like ChatGPT for work tasks, potentially exposing sensitive information through prompts—has evolved into a far more complex and pervasive security challenge. This phenomenon has escalated beyond mere data input, now encompassing the creation of full-fledged applications by non-technical employees, which are then integrated into production systems and, alarmingly, published on the open internet, often bypassing critical security and IT oversight. This shift fundamentally alters the risk landscape, transforming a conversational artifact into a tangible product with significant vulnerabilities.
The scope of this emerging threat has been illuminated by a recent category-level investigation titled The Shadow Builders report, conducted by Red Access. This comprehensive study, which garnered attention from leading technology publications such as Axios, WIRED, and VentureBeat in May, identified over 380,000 publicly accessible web assets deployed across prominent "vibe-coding" platforms. A startling subset of these assets, approximately 5,000, exhibited corporate characteristics. Even more concerning, over 2,000 of these corporate-affiliated applications were found to contain sensitive corporate, operational, or personal data. These critical data repositories were often deployed on the open web without basic access controls, frequently granting administrative access by default to anyone who could access the URL. The problem spans six continents and affects virtually every industry, presenting a clear and present danger that requires no sophisticated exploitation—the data is simply exposed. This situation highlights a profound disconnect, with many organizations passing their routine security audits even as these significant exposures remain live and unaddressed within their digital perimeters.
The Evolution of Shadow AI: From Casual Prompts to Critical Applications
To fully grasp the magnitude of the "Shadow Builders" phenomenon, it’s crucial to understand the technological progression that has enabled it. The initial phase of Shadow AI, largely emerging with the public release of large language models (LLMs) like OpenAI’s ChatGPT, centered on individual employees leveraging these tools for everyday tasks. This included drafting emails, summarizing documents, generating code snippets, or even analyzing small datasets. The primary security concern at this stage was the inadvertent leakage of sensitive corporate data—intellectual property, customer details, or proprietary business strategies—through prompts entered into public AI services. While this posed a significant risk, it was largely confined to data ingress and egress at the individual user level, with security teams focusing on data loss prevention (DLP) strategies and user education.
However, the rapid innovation in AI-driven development platforms has ushered in a new era. These platforms, often referred to as "vibe-coding" environments, democratize application development by allowing users to build functional software through natural language descriptions rather than traditional coding. What once required specialized engineering teams months to accomplish can now be shipped by a non-developer in a matter of hours. This profound compression of the development cycle, coupled with intuitive user interfaces, has empowered a new class of "Shadow Builders" within organizations. These individuals, often in non-technical roles, are not just using AI; they are building with AI.
The Rise of the "Shadow Builders" and Their Unseen Digital Footprint
The applications built by these Shadow Builders are not isolated or trivial. They are robust tools designed to solve genuine business problems, often integrating directly with sanctioned production systems. Consider a marketing manager who, needing a more efficient way to track campaign performance, utilizes a vibe-coding platform to build a custom dashboard. This application is then directly connected to the company’s business intelligence (BI) tool, where real-time sales figures and customer engagement data reside. Similarly, an operations manager might develop a vendor intake form that automatically feeds into the company’s ticketing system, streamlining procurement processes. A finance team, under pressure to prepare for an upcoming board meeting, could create a custom dashboard that pulls invoice data directly from an ERP system, all before the end of the week.
These applications, while born of a desire for efficiency and problem-solving, introduce a cascade of security vulnerabilities. They are connected to mission-critical systems such as Customer Relationship Management (CRMs), Enterprise Resource Planning (ERPs), ticketing platforms, and BI tools. Crucially, these custom-built applications are frequently published to the open internet, with whatever access controls (or lack thereof) the builder happened to configure. In many cases, no access controls are applied, leaving sensitive corporate data openly accessible.
It is important to emphasize that the individuals engaging in this behavior are not malicious actors. They are competent, motivated employees attempting to enhance their productivity and solve organizational challenges with unprecedented speed. They are simply doing what these powerful, user-friendly platforms invite them to do. Similarly, the platforms themselves are not inherently villainous; they are delivering on the promise of accessible, rapid application development. The critical failure point lies in the absence of corresponding guardrails—both technical and behavioral—that should govern the security posture of applications once they are built and deployed.
This phenomenon significantly diverges from the historical concept of "Shadow IT." Traditional Shadow IT involved teams acquiring unsanctioned Software-as-a-Service (SaaS) vendors, perhaps using a corporate credit card without formal approval. While this presented risks, the data typically resided within a known, albeit unsanctioned, third-party vendor. These SaaS platforms inherently offered some level of identity management, audit logging, and a defined governance surface. The "Shadow Builders," however, invert this model entirely. The applications are custom-built, the data is custom-loaded, and the integrations are direct, often programmatic connections to core production systems. The resulting artifact is frequently published on the open internet, bypassing any enterprise-level governance. While the underlying vibe-coding platform might undergo security audits, the custom applications built upon it typically do not. In essence, there is the builder, the platform, and the public URL, with IT and security teams often completely out of the loop.
Why Traditional Security Stacks Are Falling Short
The immediate reaction of a Chief Information Security Officer (CISO) upon learning about the scale of these exposures is typically to review their existing security infrastructure. Organizations today invest heavily in robust security stacks, including Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), Cloud Access Security Brokers (CASB), firewalls, and Secure Service Edge (SSE) solutions. Some advanced organizations have even deployed enterprise browsers. Each of these tools is designed to perform specific security functions, and they generally do so effectively within their defined parameters. However, the "Shadow Builders" problem thrives precisely in the gaps between these established security layers.
-
Endpoint Detection and Response (EDR): EDR solutions primarily monitor endpoint activity. To an EDR agent, a Shadow Builder interacting with a vibe-coding platform appears as ordinary, non-malicious browser activity. The telemetry generated is indistinguishable from an employee reading news or browsing non-sensitive websites. Furthermore, modern EDR and enterprise browser solutions typically only provide deep visibility on corporate-owned, managed devices. Personal laptops, contractor machines, Bring Your Own Device (BYOD) endpoints, and even personal browser tabs on managed devices remain largely invisible by definition, creating vast blind spots.
-
Data Loss Prevention (DLP): DLP systems are configured to monitor and prevent data exfiltration through specific, enumerated channels. They can effectively flag a user attempting to paste regulated data into a known public AI chat interface. However, DLP is largely ineffective when a vibe-coded application programmatically connects to a sanctioned BI tool via an API, moving data directly cloud-to-cloud. This process physically bypasses the endpoint entirely, rendering endpoint-centric DLP solutions obsolete in this specific scenario.
-
Cloud Access Security Brokers (CASB): CASBs were developed to address Shadow IT by providing visibility and control over sanctioned and unsanctioned SaaS applications. They excel at identifying known SaaS vendors and applying policies. However, a CASB struggles to differentiate an unbounded population of custom applications hosted on a vibe-coding platform’s subdomains from the platform itself. The entire ecosystem of applications built on a single platform often registers as one approved SaaS vendor, masking the individual, custom-built risks within.
-
Firewalls and Secure Service Edge (SSE): Firewalls and SSE solutions monitor network traffic. While they can detect traffic directed to the domain of a vibe-coding platform, they inherently lack the granular context of the application as a business object. They cannot discern the specific custom application being built or deployed, nor the sensitivity of the data it processes. Moreover, many SASE/SSE deployments are partial, and even mature implementations frequently leave the critical problem of unmanaged devices—a significant vector for Shadow Builders—unsolved.
The core issue is not that these tools are failing in their intended purpose. Rather, the "Shadow Builders" category exists across the architectural gaps that the existing security framework leaves. Each tool generates fragments of signal, but these fragments never coalesce into a single, cohesive, and governable picture of the custom applications and their data flows.
Where Visibility Truly Needs to Reside: The Session Layer
The entire lifecycle of a vibe-coded application, from its inception to its deployment, is fundamentally a web-session event. The initial build process—the user describing their desired application—occurs within a browser session. The crucial OAuth grant, which authorizes the new application to connect to a sanctioned enterprise system (like a CRM or ERP), is also a browser event. The movement of data that the application is built around flows directly through this session. Finally, the deployment itself—the "publish" action that transforms the build into a live application accessible via a public URL—is a click executed within the very same browser tab where all preceding actions took place.
Every critical step in this process occurs at the session layer, not merely adjacent to it. This realization points to a definitive solution: a control positioned at the session layer can achieve end-to-end visibility across the entire build path. Such a control can identify the specific vibe-coding platform used, the corporate systems it connects to, and the precise mechanism of that connection (e.g., OAuth, API key, manual upload). It can track the data moving in and out of the application and, crucially, detect the publish event that exposes the application to the open internet. This level of visibility is attributable to a specific person and a specific application instance, irrespective of the browser used, the network path taken, or, most critically, whether the device is a corporate-issued laptop or a contractor’s personal machine.
Immediate Actionable Steps for Organizations
Addressing the Shadow Builders challenge requires a proactive and strategic approach, rather than simply investing in more point solutions. Organizations can take four immediate, non-technology-purchase steps this week:
-
Start with Discovery, Not Auditing: The first and most crucial step is to initiate a discovery process by directly engaging employees. Most Shadow Builders are performing useful work and are not intentionally trying to hide anything. The framing of this inquiry is paramount. Instead of a policy memo or a new tool deployment, a workforce-wide prompt—"If you’ve built a tool using an AI development platform, please tell us about it. We’re not auditing; we’re inventorying"—will yield far more information on the initial pass. This approach fosters trust and encourages transparency.
-
Map the Landscape: For each application identified through the discovery process, it is essential to capture key details. This includes which corporate systems the application is connected to, the specific mechanism of that connection (e.g., OAuth, API key, manual upload, each with different audit trails), and whether the application is publicly reachable. Public reachability is the most actionable signal in the short term, as it represents an immediate and often critical exposure. Prioritizing remediation based on public accessibility and data sensitivity is vital.
-
Establish a Sanctioned Path: Organizations must move beyond simply identifying the problem and instead provide a clear, sanctioned pathway for innovation. This means giving Shadow Builders a designated channel to disclose their creations and receive guidance. This involves naming approved AI development platforms, defining acceptable categories of data that can be processed or integrated, and setting minimum authentication standards for applications. Creating a lower-friction process for compliance is inherently more effective than imposing strict prohibitions, which often lead to continued clandestine activity. The goal is to channel innovation securely, not stifle it.
-
Embrace Continuous Discovery: The dynamic nature of vibe-coding platforms means that new applications are constantly being created and modified. The inventory built this month will inevitably be incomplete next month. Therefore, a mature security posture demands continuous discovery at the layer where the activity actually occurs—the session layer. This ensures that the organization maintains an up-to-date and accurate picture of its custom application landscape, enabling ongoing risk assessment and remediation.
Broader Implications and The Path Forward
The "Shadow Builders" phenomenon underscores a significant paradigm shift in enterprise technology. The democratizing power of AI-driven development platforms, while immensely beneficial for productivity and innovation, has outpaced the traditional security frameworks designed to govern such activities. The exposure identified by Red Access is not theoretical; it exists in the majority of enterprises today, silently residing within their digital infrastructure.
The category of AI-driven development will continue to mature, and platforms will undoubtedly recalibrate their default security settings over time. However, these adaptations are not yet complete, and the current state presents an urgent risk. Organizations must recognize that securing the modern enterprise extends beyond traditional endpoints, networks, and known SaaS applications. It now necessitates granular visibility and governance at the session layer, encompassing all user activity, regardless of device ownership or network location.
The imperative for cybersecurity frameworks to adapt to this rapid, AI-driven innovation is clear. The balance between fostering employee agility and ensuring robust security is delicate but achievable. Solutions like Red Access, which offers an agentless, session-layer security platform providing SSE-grade visibility and governance across any browser and device—including unmanaged ones—represent a critical evolution in addressing this challenge. Such platforms, deployable in hours, offer the continuous discovery capabilities essential for managing the dynamic threat landscape posed by Shadow Builders. The time for a reactive approach has passed; proactive, pervasive session-layer security is now a fundamental requirement for enterprise resilience in the age of AI.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
