Unnamed Corporations: What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Unnamed Corporations: What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Shadow AI Evolves: From Risky Prompts to Unsecured Public Applications

A new report from Red Access, The Shadow Builders, reveals a growing cybersecurity threat: employees are no longer just pasting sensitive data into AI tools they’re building full applications with AI, integrating them into production systems, and publishing them on the open internet often without IT or security oversight.

The investigation uncovered over 380,000 publicly accessible web assets across leading AI-driven development platforms, with roughly 5,000 appearing corporate-related. Of those, more than 2,000 contained sensitive corporate, operational, or personal data, frequently exposed with no access controls or default admin permissions. The issue spans six continents and every major industry, with exposures occurring even as organizations passed security audits.

This isn’t traditional "Shadow IT," where unsanctioned SaaS tools create limited risk. Instead, employees often non-developers are using "vibe coding" platforms to rapidly build functional applications. A marketing manager might create a campaign tracker linked to a BI tool; a finance team could deploy a board-prep dashboard pulling live invoice data. These applications often connect directly to CRMs, ERPs, ticketing systems, and other production environments, then get published online with minimal or no security controls.

The problem isn’t malicious intent. Employees are solving real business problems faster than their organizations can, using tools designed for speed and accessibility. However, existing security stacks EDR, DLP, CASB, firewalls, and SSE fail to detect these risks. Endpoint agents see only browser activity, DLP misses cloud-to-cloud API transfers, and CASB treats custom apps as a single approved vendor. Even mature security architectures leave gaps, particularly for unmanaged devices, personal browsers, and BYOD environments.

The solution requires session-layer visibility, as every step from building to deployment happens within a browser. Red Access’s report outlines immediate actions for organizations, including direct employee outreach to inventory existing apps, mapping connections to corporate systems, establishing sanctioned development paths, and adopting continuous discovery to account for ongoing application creation.

The exposure is already widespread, with platforms and security practices still catching up to the risks of AI-driven development.

Source: https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html

Unnamed Firm LLC cybersecurity rating report: https://www.rankiteo.com/company/unnamedfirm

"id": "UNN1780064848",
"linkid": "unnamedfirm",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'All major industries',
                        'location': 'Six continents',
                        'type': 'Corporate'}],
 'attack_vector': 'Misconfigured Public Applications',
 'data_breach': {'personally_identifiable_information': 'Potential',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Corporate data',
                                              'Operational data',
                                              'Personal data']},
 'description': 'A new report from Red Access, *The Shadow Builders*, reveals '
                'a growing cybersecurity threat where employees are building '
                'AI-driven applications, integrating them into production '
                'systems, and publishing them on the open internet without IT '
                'or security oversight. Over 380,000 publicly accessible web '
                'assets were uncovered, with roughly 5,000 corporate-related '
                'and more than 2,000 containing sensitive data exposed with no '
                'access controls or default admin permissions. The issue spans '
                'six continents and every major industry, often bypassing '
                'traditional security measures like EDR, DLP, CASB, and '
                'firewalls.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'data exposure',
            'data_compromised': 'Sensitive corporate, operational, or personal '
                                'data',
            'identity_theft_risk': 'High (if personally identifiable '
                                   'information was exposed)',
            'legal_liabilities': 'Potential regulatory violations',
            'operational_impact': 'Potential unauthorized access to production '
                                  'systems and data',
            'systems_affected': ['CRMs',
                                 'ERPs',
                                 'ticketing systems',
                                 'production environments']},
 'investigation_status': 'Ongoing (discovery phase)',
 'lessons_learned': 'Traditional security stacks (EDR, DLP, CASB, firewalls) '
                    'fail to detect risks from AI-driven development. Security '
                    'oversight must extend to browser-based AI tools and '
                    'unmanaged applications. Employee-driven innovation '
                    'requires sanctioned development paths to mitigate risks.',
 'motivation': 'Non-malicious (employee productivity and business '
               'problem-solving)',
 'post_incident_analysis': {'corrective_actions': ['Session-layer visibility '
                                                   'for browser-based AI '
                                                   'development',
                                                   'Inventory and secure '
                                                   'existing AI-driven '
                                                   'applications',
                                                   'Establish sanctioned '
                                                   'development paths for AI '
                                                   'tools',
                                                   'Enhance security for '
                                                   'unmanaged devices and BYOD '
                                                   'environments'],
                            'root_causes': ['Lack of IT/security oversight for '
                                            'AI-driven development',
                                            "Employees using 'vibe coding' "
                                            'platforms to build applications '
                                            'without security controls',
                                            'Publication of applications with '
                                            'default admin permissions or no '
                                            'access controls',
                                            'Gaps in traditional security '
                                            'stacks (EDR, DLP, CASB, '
                                            'firewalls) for browser-based AI '
                                            'tools']},
 'recommendations': ['Implement session-layer visibility for browser-based AI '
                     'development',
                     'Conduct direct employee outreach to inventory existing '
                     'AI-driven applications',
                     'Map connections between AI apps and corporate systems',
                     'Establish sanctioned development paths for AI-driven '
                     'applications',
                     'Adopt continuous discovery to account for ongoing '
                     'application creation',
                     'Enhance security measures for unmanaged devices, '
                     'personal browsers, and BYOD environments'],
 'references': [{'source': 'Red Access'},
                {'source': 'The Shadow Builders Report'}],
 'response': {'enhanced_monitoring': 'Session-layer visibility for '
                                     'browser-based AI development',
              'remediation_measures': ['Direct employee outreach to inventory '
                                       'existing apps',
                                       'Mapping connections to corporate '
                                       'systems',
                                       'Establishing sanctioned development '
                                       'paths',
                                       'Adopting continuous discovery for '
                                       'ongoing application creation']},
 'title': 'Shadow AI Evolves: From Risky Prompts to Unsecured Public '
          'Applications',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Lack of access controls, default admin '
                            'permissions, unmanaged AI-driven applications'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.