The Rise of AI Built Applications in Enterprise Environments
A new investigation by Red Access has uncovered a significant shift in shadow AI risks within organizations. Researchers identified more than 380,000 publicly accessible web assets across leading AI driven development platforms. Of these, roughly 5,000 appeared to be corporate applications, and over 2,000 contained sensitive corporate, operational, or personal data exposed on the open internet without basic access controls.
The phenomenon, known as vibe coding, allows employees with no formal development training to build fully functional applications by simply describing what they want. These applications are then often connected directly to sanctioned production systems such as CRMs, ERPs, and business intelligence tools, then published online without security or IT department involvement.
Impact and Scope Across Industries
The exposed applications span six continents and every industry examined. Many granted admin level access by default to anyone who reached the URL, requiring no authentication or exploitation to access sensitive data. The findings show that traditional security stacks and internal audits failed to detect these exposures while they were live.
The security community notes that this represents an evolution of shadow AI. Previously, the risk centered on employees pasting sensitive data into public chatbots. Now, employees are building complete products and connecting them to core business systems, creating a much broader attack surface that bypasses existing security controls.
Source: The Hacker News
