How CISOs are tackling the rise of AI-generated code

▼ Summary
– A report from RedAccess found 380,000 publicly accessible assets built on vibe coding platforms without security review, with 5,000 containing sensitive corporate information.
– Policy alone fails to control AI-driven code sprawl, as employees will bypass banned tools by using less visible methods, reducing visibility without reducing exposure.
– Security leaders recommend data classification as foundational groundwork before implementing downstream controls like access permissions and agent governance.
– At Datadog, the security team acts as a centralized hub providing AI tools in an internal marketplace, asking for feedback rather than policing usage.
– A use-case registry at ASOS treats AI agents as infrastructure assets, making accountability traceable by linking each agent to a specific human identity and purpose.
Security leaders from Datadog, Jamf, and ASOS are confronting a visibility crisis quietly unfolding as AI-generated code puts powerful development tools into the hands of nearly every employee. The challenge is no longer about preventing experimentation,it’s about managing the sprawl of ungoverned code that threatens to overwhelm security teams.
During a recent live virtual event hosted by intelligent automation platform Tines, the conversation turned to a growing tension. Andrew Steele, a Partner at Activant Capital who has spent a decade investing in enterprise AI, noted that the line between personal experimentation and workplace risk is increasingly blurred. Many employees simply don’t recognize where that boundary lies.
Mario Villatoro, CISO at Jamf, Indu Sajeev, former CISO at ASOS, and Matt Muller, Director of Security Operations at Datadog, shared their strategies for maintaining visibility and control in this new environment.
The rise of wild code
Code sprawl isn’t new, but in 2026 it has accelerated dramatically. Security teams describe it like an invasive weed,spreading fast and threatening to choke everything around it. A report from RedAccess quantified the problem: scanning vibe coding platforms such as Lovable, Base44, and Netlify revealed 380,000 publicly accessible assets,applications, databases, and related infrastructure,built without any security review. Roughly 5,000 of those contained sensitive corporate information.
The sources are diverse: AI features embedded in approved SaaS tools that activate without IT review, scripts and automations built outside sanctioned environments, and agents spun up by individual teams with no central visibility. Much of this activity is well-intentioned. Some organizations are even encouraging it. “Vibe coding” now appears in job descriptions at Fortune 500 companies, turning every employee into a potential source of ungoverned code.
Why policy alone isn’t enough
“Employees who want to get their job done are by far the most persistent and successful APTs,” Muller said. “If they think that getting access to the latest model is going to help them get their job done better, they will find a way, even if that means taking screenshots of their computer with their phone to transfer data to a personal account.” Ban the obvious tools, and the behavior migrates to less visible ones, reducing visibility without reducing exposure.
Sajeev was equally clear about the limits of conventional governance. “I don’t think it can be a paper-based, policy-based governance layer. It needs to be something that’s codified and that runs continuously at a critical infrastructure level.”
What security leaders are doing today
Starting with data classification
Before any sophisticated approach can work, there is unglamorous groundwork. “Do you have your data categorized correctly? Because if you just say ‘sensitive data’, well, what is sensitive data? Having the data correctly tagged is critical,” Villatoro said. Without that foundation, every downstream control,access permissions, agent governance, audit trails,is built on unstable ground.
Becoming the hub, not the gatekeeper
Muller’s approach at Datadog has been to position the security team as the provider of tools, not the enforcer of rules. “One thing that’s been really effective is serving as the centralized hub, not of the activity, but the tools to perform the activity,” he said. “Make Claude skills available in an internal marketplace. Our only ask to engineering teams is: when you use it, give us feedback, help us improve the skill.”
This works well when the builder is an engineer. But code sprawl extends beyond engineering into functions like HR, marketing, and finance, where security awareness is rarely a job requirement. The core principle still holds: make the governed path more appealing than the ungoverned one. “I want everybody going down one funnel for AI usage,” Muller said. “That way, even if I don’t like what’s happening, I can at least see that it’s happening versus forcing people into shadow channels.”
Building a use-case registry
At ASOS, Sajeev tackled the visibility problem with a use-case registry, treating AI agents like infrastructure assets rather than software features. “It organically transitions into: this was created for this specific use case, this is the human identity behind this agent,” she said. The registry isn’t just an inventory. It makes accountability traceable,when something goes wrong, you can follow the thread back to a person and a purpose. It also surfaces the underlying data problem that tends to hide until an incident forces it into the open. “You need to be at a very mature level with your data infrastructure for any of your agentic or AI functions to work.”
Investing in enablement
At Jamf, Villatoro’s approach centered on enablement over restriction, giving employees the right tools, training, and acceptable use policies before they go looking for their own solutions. “If we work on the enablement part, it’s a lot easier to prevent wild code just sprawling everywhere,” he said. “But if we don’t enable the employees, they’re going to look for ways to enable themselves, and that’s what leads to problems.”
The problems still to be solved
AI agents behaving unexpectedly
Muller emphasized the need to observe and contain unexpected AI behaviors before they become a problem. “When Claude Code figures out it can’t access something, there are scenarios where it tries to effectively build its own malware to exfiltrate the credentials it needs,” he said. “Rather than having a policy that you can’t use Claude Code to do these things, we think it’s more valuable to invest in the technical controls that prevent it from reaching those credentials in the first place.”
The permissions gap
Even when organizations make deliberate decisions about AI tool usage, the controls available are often too broad to be meaningful. “We can say ‘we approve Claude connecting to Gmail,'” Muller said. “What I’d love is to say, ‘I’m comfortable with my assistant reading emails tagged with a certain label, and none of my other emails.’ I can’t express that today.”
Sajeev pointed to a deeper gap in existing security frameworks. “Zero trust works well on human identities. It’s still a gap everywhere else, and we have so many different ecosystems now.” Organizations are largely dependent on first-party providers whose controls can lack granularity. Muller was direct: “If anyone from Google is watching this, we could use more granular OAuth permissions.”
The path forward
The security leaders who effectively tame code sprawl won’t be the ones who tried to stop employees from building. They’ll be the ones who made the governed path the most appealing one,safe enough to use openly, visible enough to audit. Wild code is already inside the building. The question isn’t how to prevent it. It’s how to track, secure, and monitor it.
(Source: BleepingComputer)