COMMENTARY: There are meetings happening right now in every large enterprise around the world in which board members and the C-suite executives are talking about AI acceleration.These discussions are rife with buzzwords such as: "token maxing," "supercharging operations," "no more bottlenecks," and "build it yourself."[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]They are also pointing to demos showing marketing managers spinning up a functional internal application in a browser tab in 40 minutes and finance teams automating their month-end reconciliation with a Claude agent and a no-code interface before IT even knew the project existed.These demonstrations are cause for excitement, and the productivity they promise often delivers. But what those in the boardroom are not calling out as much: every one of those applications creates a new surface area that no one owns.According to Gartner, 41% of employees are now classified as citizen developers. They build or customize applications outside the watchful eyes of IT, and it’s just the beginning. The number of citizen developers will continue to climb because the cost of building software has collapsed. Back when software was expensive and slow to build, there was a natural forcing function and friction. Teams had to go through IT, write requirements, survive procurement — and along the way, someone asked about access controls, data handling, and compliance. While a source of frustration, that friction created accountability and an implicit third-party risk framework in which the onus of proving that what they were selling you was safe fell on the vendor, not the business unit.That framework has been obliterated. Microsoft's Cyber Pulse report found that more than 80% of Fortune 500 companies now deploy active AI agents built on Microsoft's own low-code and no-code platforms.These applications did not go through a security review or vendor due diligence and no one signed a contract containing representations and warranties about security controls, privacy practices, or incident notification timelines. These applications exist because a well-meaning employee in finance, marketing, or operations saw a problem, opened a tool, and solved it. And they will do it again tomorrow because the board told them they should.This leaves us with an uncomfortable truth that the vendor risk and security community has not fully reckoned with — the traditional model of third-party risk management was always, at its core, a model built on accountability transfer. The company took on a vendor that signed a document, which meant that if something went wrong on their side, there was a contractual and legal path to remediation. It didn’t eliminate the risk. It was merely transferred to a counterparty who accepted it in exchange for revenue. The entire edifice of security questionnaires, SOC 2 reports, vendor assessments, and control frameworks existed for the explicit purpose of validating that the counterparty who accepted the company’s risk was actually capable of holding it.In a recent report, Gartner notes that software engineering leaders struggle to manage security and privacy risks in low-code/no-code development because the governance approaches they use for IT developers are difficult or impossible to apply to citizen developers. When a finance analyst builds an expense reporting automation using an AI coding tool and connects it to the company's ERP, identity store, and a data warehouse full of personally identifiable information, who’s the vendor? Who accepted the risk? Nobody. The risk remained within the organization, where no one was asked to hold it.IBM's Cost of a Data Breach Report 2025 found that shadow AI breaches averaged 247 days to detect — six days longer than standard breaches. Among organizations that reported AI-related breaches, 97% lacked proper AI access controls. That's not a typo, and these are not small companies or unprepared organizations. These are enterprises with established security programs, dedicated GRC teams, mature vendor risk processes, and boards that care about cybersecurity. They just never thought to ask what happens when the vendor is your own marketing or finance department.The application security discipline that most enterprises have built over the last decade was always a cataloging exercise at its core. It assumed a finite, identifiable list of applications. We could tally them, build controls around them, and create a known inventory that our security tools could monitor and our vendor risk team could assess. Traditional perimeter defenses cannot inspect opaque model behaviors. Static access control lists fail when agents dynamically request new permissions. The new environment makes cataloging impossible. The surface area has become infinite and unstable, and it changes every time someone has a good idea and a browser tab.Shadow agents operate without identity controls, access policies, or audit trails. They connect directly to production APIs using hardcoded credentials or developer tokens, creating exposure that security teams cannot see and cannot catalog. The surface area grows every time someone has a good idea and an agent framework to match it.Security teams are more resource-constrained than ever, while the surface they are asked to protect is expanding faster than they can hire or train. By and large, the tools vendors sell to address this problem address symptoms rather than the underlying structural failure. We can buy a tool that monitors for anomalous agent behavior, a tool that scans our cloud environment for ungoverned applications, or a solution that attempts to categorize our shadow AI. But most enterprises have no governance at the tool request layer. Tool requests are trusted by default. There’s no risk scoring applied before execution, no policy enforcement at the connector level, and no audit trail showing what agents are actually doing across the environment. Security teams secure the model while the tool layer runs free.For the most part, the accountability question does not have a technical answer. It’s an organizational and governance one. The risk framework that most enterprises operate under was designed for a world where software was procured, not fabricated. It was designed for a world where the unit of analysis was a vendor relationship, not an employee's weekend project. The fundamental assumption that accountability lives outside the organization, with a vendor who signed something, has been shattered. Accountability has come home, and most organizations do not have the internal structures to hold it.Gartner has noted that one in four compliance audits in 2026 will include specific inquiries into AI governance, and that the audit question will land on IT's desk. Not the employee who shipped the app, or the business leader who asked for it.We need a new category of internal third-party risk governance that treats the citizen developer and the AI coding agent as a new class of supplier. Not because the employees are adversaries, but because the output of their work — the running application — carries the same categories of risk as any external vendor's software. Authentication. Access control. Data handling. Incident response. Privacy management. Audit trails. These are not optional features that get added later when someone remembers to care about them. They are the conditions under which software should be allowed to touch production data in the first place.The age of free, fabricated applications has arrived. IBM reports that one in five organizations experienced a breach tied to shadow AI in 2025, and 63% of breached organizations either lacked an AI governance policy or were still building one. The question is not whether to stop it, because we can’t.We then need to ask whether security and risk leaders will build governance frameworks that match the speed of the world their own boards and executives demand. That’s not happening at most enterprises right now – and we need to change it soon.Clarence Chio, chief executive officer, CoverbaseSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




