What 2,000 exposed Vibe-Coded apps reveal about the limitations of multiple security stacks
Shadow AI used to say that employees were posting things they shouldn’t post on ChatGPT. Now it means something big: workers are building applications full of AI, plugging them into production systems, and publishing them on the open internet. Without Security or IT in the loop.
The artifact has moved from knowledge to product. A dangerous place to go with it.
In Shadow Makers report (find here), a new category-level investigation covered in May by Axios, WIRED, and VentureBeat, Red Access identified more than 380,000 publicly accessible web assets across vibe-coding platforms.
There are approximately 5,000 corporate appearances. More than 2,000 of those held sensitive business, operational, or personal data – sitting on the open web, used without basic access controls, often automatically granting administrator access to anyone who accessed the URL. Six continents. Every industry is under scrutiny. No manipulation required.
Inside the organizations, they pass their research while this is being shown live.
The new Shadow AI is not about information. It’s about products.
Coding with Vibe — a vast AI-driven development platform where anyone can build an app by defining what they want — has compressed what used to take engineering teams months into something a non-developer could ship before lunch.
The marketing manager creates a campaign tracker and connects it to the BI tool where the real numbers live. The operations manager creates the vendor entry form and connects it to the ticketing system. The finance team builds a board-prep dashboard and pulls invoice data from it before Friday. Those applications are connected to authorized production systems – CRMs, ERPs, ticketing tools, BI platforms – and are often published on the open Internet, with whatever access controls the developer has put in place to manage them. Usually, there isn’t.
People who do this are not cruel. They are skilled workers who solve real problems faster than their organization could, doing exactly what the platforms invite them to do. Platforms aren’t villains either – they deliver what their real audience has asked for. What has not kept pace are the guardrails, technological and ethical, that govern what happens after construction.
This is not Shadow IT in the old sense. Shadow IT was in a bind: when a team bought a Trello account on a business card without telling anyone, the data remained inside an unauthorized SaaS vendor, but ownership, audit logs, and at least some management space was there. Shadow Builders changes that. The application is custom-built, the data is custom-loaded, the integration is a direct connection to the record-producing systems, and the artifact is often published on the open Internet. The basement may be inspected; the operating system it’s built on doesn’t exist. There is a constructor, a field, and a URL. IT? Especially not in the bedroom.
Why does an older security stack still miss this
The reflex of a CISO reading the above numbers is to check the stack. EDR is active. DLP is disabled. CASB is licensed. Firewall and SSE are available. Some organizations have added a business browser. Each tool does what it was designed to do. The section sits in the spaces between them.
EDR detects the browser process, not the architecture within it. To the endpoint agent, Shadow Builder using the vibe-coding platform looks like a normal, non-brutal browser task – the same telemetry orientation as a newsreader. When a modern EDR or enterprise browser does deep recognition, it does so only on devices that the organization does not own and the internal browsers that own them. Personal laptops, contractor machines, BYOD devices, and personal browser tabs are not visible by definition.
DLP watches the listed channels. It can flag a user’s attachment of controlled data to a known AI conversation. It can’t see a vibe-coded app that programmatically connects to an API-enabled BI tool, moving data cloud-to-cloud, literally past the endpoint.
CASB is designed for Shadow IT – owned SaaS vendors. It cannot easily separate the unlimited population of custom applications hosted on subdomains of the vibe-coding platform from the platform itself. All demographics tend to sign up as one authorized SaaS vendor.
Firewall and SSE see traffic in the platform domain but do not have the context of the application-as-business object. And most SASE/SSE deployments are partial – even the older ones leave the unmanaged device problem unsolved.
None of these tools fail. The stage sits between the gaps existing structures leave between the layers, producing signal fragments that do not fit together into a single, controlled image.
Where visibility should live
End-to-end, vibe writing is a web session event. Layout is a browser event. An OAuth grant that binds a new application to an authorized enterprise system is a browser event. The data the app is built around flows during the session. Submit is a browser event – a publish action that turns a layout into a live app on a public URL is clicked within the same tab where everything else happened.
All the action takes place in the session layer. Not close to it. Inside it.
A controller placed in the session layer, therefore, sees the entire architecture – not just a piece of it. The platform used. Corporate systems are connected to it, and in what way. Data flows in and out. A publishing event that puts the application on the open Internet. It is caused by a specific person and a specific instance of the application, regardless of the browser used or the network path taken by the traffic. And, most importantly, whether the device is a company-issued laptop or a contractor’s personal machine.
What to do this week
Four steps. None of them buy technology.
Start by finding out. Ask the staff directly what they have built. Most Shadow Builders do useful work and don’t hide anything; the frame is important. General notice to employees – if you have built a tool using the AI development platform, please tell us about it. We don’t check. We make a list of names – you get more with a first pass than a policy memo or tool shipment.
Then a map. For each exposed application, capture which corporate systems it connects to, how (OAuth, API key, manual upload – different test methods), and whether it’s publicly accessible. Social accessibility is a very effective brand in the short term.
Edit the path allowed. Give the Shadow Builders another place to tell you. Specify authorized fields, define acceptable data categories, and set a minimum authentication level. A lower conflict than the other, which is that they don’t tell you at all.
Then accept that work is not a one-time inventory. Vibe-coded apps continue to be created; the picture you are building this month will be incomplete next month. The position of adults is continuous discovery in the layer where the work actually takes place.
The section will continue to mature. Platforms will always automatically reset. None of those situations have been resolved. Exposure exists in many companies right now.
Red Access is an agentless, session-layer security platform built specifically for this – SSE-grade visibility and management of the session itself, on any browser, on any device, including unmanaged ones. It is usable in hours. Request your free trial.
