Skip to content
Tech News
← Back to articles

Vibe coders are gonna vibe code: How CISOs are tackling code sprawl

2026-06-15 | original
read original get Cybersecurity Coding Kit → more articles
Why This Matters

As AI-driven code generation becomes accessible to all employees, security leaders face increasing challenges in maintaining visibility and control over sprawling, often unsecured code assets. This rapid proliferation of code outside traditional review processes poses significant risks to organizational security and data integrity, highlighting the urgent need for better oversight tools and policies. The industry must adapt to this new reality where code sprawl can undermine security defenses and operational stability.

Key Takeaways

Security leaders from Datadog, Jamf, and ASOS weigh in on the visibility crisis quietly unfolding as AI puts code-writing capabilities in every employee's hands.

"I spent the weekend burning through Claude tokens," the moderator said. "It's more fun than hanging out with friends."

He laughed. The security leaders on the panel laughed too, perhaps a little nervously. They understand the appeal of using AI to build automations and applications. They also know what happens when that same impulse spreads across an organization without guardrails.

It was one of the defining topics of Workflow, a live virtual event hosted by intelligent automation platform Tines. The moderator, Andrew Steele, a Partner at Activant Capital, has spent a decade investing in enterprise AI and knows exactly where personal experimentation ends and workplace risk begins. Unfortunately for IT and security leaders, many employees don't.

How do these leaders maintain visibility and control when AI puts code-writing capabilities in every employee's hands? This is the question he asked Mario Villatoro, CISO at Jamf, Indu Sajeev, former CISO at ASOS, and Matt Muller, Director of Security Operations at Datadog.

The rise of wild code

Code sprawl is not a new concept. But in 2026, it's starting to run wild. Security and IT teams talk about code like a gardener talks about weeds - spreading fast, and threatening to overwhelm everything around them.

A report from RedAccess puts a number to the problem: scanning vibe coding platforms including Lovable, Base44, and Netlify, they found 380,000 publicly accessible assets - applications, databases, and related infrastructure - built outside any security review, with roughly 5,000 containing sensitive corporate information.

It comes from many sources: AI features embedded in approved SaaS tools activated without IT review, scripts and automations built outside approved environments, agents spun up by individual teams with no central visibility.

It isn't necessarily malicious - on the contrary, it's often well-intentioned. And rather than just tolerating it, many organizations are actively encouraging it. "Vibe coding" is appearing in job specs at Fortune 500 companies. Every employee who responds to that mandate is a potential source of ungoverned code. The roots are already taking hold.

... continue reading

Explore topics: datadog jamf asos code sprawl
Related:
Datadog veterans launch AI coding startup Niteshift on a bet against Big AI lock-in
Apple @ Work Podcast: A new era for Jamf
Dan Ives: Anthropic’s growth is 'just the tip of the spear' for AI rally
Dan Ives: Anthropic’s growth is 'just the tip of the sphere' for AI rally
Jamf names former CTO Beth Tschida as CEO to lead its new AI push

© 2026 GoKawiil

About | Editorial Policy | Contact