Skip to content

2,000 Exposed Vibe-Coded Apps Reveal Limitations of Security Stacks

Key Point: Shadow AI is no longer uncontrolled pasting into ChatGPT, but rather the development and deployment of complete AI-generated applications beyond security oversight.

Employees build complete applications using AI tools and deploy them to the internet without IT and security controls. A security risk that goes beyond the earlier Shadow AI problem.

The “Shadow AI” phenomenon has fundamentally shifted. While it previously involved individual employees entering data into generative AI systems like ChatGPT, the term now describes something structurally different: employees develop complete applications with the help of AI tools, integrate them into production systems, and make them accessible over the public internet – without security or IT involvement whatsoever.

The threat surface has expanded considerably. The artifact of shadow AI is no longer a single prompt, but a deployed, production system with interfaces to enterprise data and external actors.

The report “The Shadow Builders” documents 2,000 such exposed, vibe-coded applications and demonstrates that existing security stacks are not equipped to handle this threat category. The degree of visibility, control, and governance is minimal – traditional intrusion detection or endpoint protection do not engage at all, since these applications are created outside the usual security perimeter.


Source: thehackernews.com · Published May 29, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.

Share on: