Your Employees Are Building Apps With AI. Nobody Approved Them.
A recent scan found 380,000 publicly accessible applications built by employees using AI coding tools. 5,000 contained sensitive corporate data. This is shadow IT with a compiler.
Shadow IT used to mean someone signing up for Dropbox without telling the IT department. Then it was unauthorized SaaS tools. Then it was employees pasting client data into ChatGPT and granting OAuth access to third-party AI apps. Each version was harder to detect than the last.
The latest version is harder still: employees using AI to build entire applications, automations, and internal tools, then deploying them to the public internet without any security review, compliance check, or IT awareness.
The numbers
Security firm RedAccess ran a scan of platforms commonly used for AI-assisted development (Lovable, Base44, Netlify, Vercel, Replit, and similar services) and found 380,000 publicly accessible assets built by employees. These include web applications, databases, API endpoints, and automation workflows. 5,000 of them contained sensitive corporate data: client records, internal credentials, financial information, and API keys.
These aren’t developers working on sanctioned projects. They’re operations staff who asked an AI to build them a scheduling tool. They’re finance analysts who prompted their way into a client-facing dashboard. They’re office managers who built a form that collects sensitive information and stores it on a platform nobody in IT has ever heard of.
The term for this is “vibe coding”: using AI tools (ChatGPT, Claude, Cursor, Copilot) to generate working applications by describing what you want in natural language. No programming experience required. The AI writes the code, suggests a hosting platform, and helps you deploy it. The whole process can take less than an hour.
Why this is different from traditional shadow IT
When someone signs up for an unauthorized SaaS product, the risk is data flowing into a system you don’t control. That’s bad, but it’s contained. The SaaS vendor handles security (hopefully), and the employee is a user of someone else’s platform.
With vibe coding, the employee is the developer, the deployer, and the sole administrator of something they built. There’s no vendor handling security patches. No security team reviewed the code. Access control is whatever the AI happened to suggest, which is often nothing. And the thing they built is frequently publicly accessible because that was the default deployment option.
The AI that wrote the code doesn’t think about security unless you specifically ask it to. It builds what you asked for and helps you put it on the internet. Authentication, encryption, access restrictions are all add-ons that require additional prompting. Most non-technical employees don’t know to ask.
What this looks like in a professional services firm
Imagine a paralegal asks an AI tool to build a simple intake form for new client information. The AI generates a form, suggests deploying it on a free-tier platform, and the paralegal sends the link to a few clients. The form collects names, contact info, case details, and maybe a document upload. It’s stored on a platform that the paralegal controls with a personal email login. No encryption. No access logging. No retention policy. No connection to the firm’s document management system.
Or imagine an accounting staff member builds a tool that pulls data from a shared spreadsheet and formats it into client-facing reports. The tool works great. It saves them two hours a week. It also has an API key for the firm’s cloud storage hardcoded into the source, and the whole thing is deployed to a public URL where anyone who knows the address can access it.
These aren’t hypothetical scenarios. They’re exactly what RedAccess found in their scan: functional applications built by non-technical employees, deployed to the public internet, containing credentials and data that should never be there.
The CISO perspective
At a recent security conference, CISOs from Datadog, Jamf, and ASOS discussed the problem. One summed it up: “Employees who want to get their job done are by far the most persistent and successful APTs.”
These employees are trying to be more productive. They’re solving real workflow problems. The AI made it possible for them to build something that actually works, and that’s genuinely impressive.
But “works” and “works securely” are different things. Nobody with security expertise was involved between “I had an idea” and “it’s live on the internet.”
What to do about it
You can’t ban AI coding tools without also banning the productivity gains that come with them. And realistically, you probably can’t detect every application an employee builds on their personal device using a free-tier platform. But you can narrow the blast radius.
Your acceptable use policy needs to address employee-built applications, not just employee-used applications. The policy should answer: are employees allowed to build tools that handle client data? What platforms are approved for deployment? Who reviews something before it goes live? What happens if someone already deployed something without asking?
If your firm has been using AI tools for more than six months, there’s a reasonable chance someone has already built something. Ask. Run a survey. Check if anyone has deployed anything on Lovable, Replit, Vercel, Netlify, or similar platforms using their work email.
For employees who want to build tools to improve their workflows, give them a sanctioned way to do it. Microsoft’s Power Platform (Power Apps, Power Automate) runs within your M365 tenant with your security policies applied. It’s not as flexible as vibe coding a standalone app, but it keeps everything within your governance boundary.
And if you have a security tool that monitors for credential leaks or exposed data (many cyber insurance policies now require this), make sure it’s scanning for your firm’s domain, email addresses, and API keys appearing in public code repositories or deployed applications.
The employees building these tools aren’t your adversaries. They’re your most motivated staff. The goal isn’t to punish initiative. It’s to make sure that initiative doesn’t accidentally put your firm’s client data on the public internet.
Artech Solutions helps professional services firms in the Des Moines metro build AI governance policies and secure their Microsoft 365 environments. If your team is using AI tools and you’re not sure what they’ve built, we can help you find out.