When vibe coding spreads, CISOs chase visibility and control

A live discussion hosted by Tines turned into a frank warning: as AI code-writing gets easier for everyone, organizations are seeing code sprawl jump beyond normal security review. Security leaders from Jamf, ASOS, and Datadog described how they’re trying to k

For one security leader on a panel, the weekend didn’t end with rest—it ended with tokens.

“I spent the weekend burning through Claude tokens,” the moderator said. “It’s more fun than hanging out with friends.”

It drew laughter from Andrew Steele. a Partner at Activant Capital. and from the security executives sitting beside him—though the tone carried a pinch of nerves. They know how quickly the appeal of AI automation turns into a visibility problem once it spreads beyond the people trained to think about risk.

The panel was part of Workflow, a live virtual event hosted by intelligent automation platform Tines. Steele posed the central question: how do CISOs maintain visibility and control when AI puts code-writing capabilities into every employee’s hands?

Mario Villatoro, CISO at Jamf; Indu Sajeev, former CISO at ASOS; and Matt Muller, Director of Security Operations at Datadog, didn’t offer a single magic fix. Instead, their answers circled the same fear—code sprawl is accelerating, and the usual governance approach can’t keep up.

Code sprawl, now with a speed boost

“Code sprawl is not a new concept,” but “in 2026, it’s starting to run wild,” Steele said, describing how IT and security teams often treat emerging code the way gardeners treat fast-moving weeds.

A RedAccess report gives the fear a concrete shape. By scanning vibe coding platforms including Lovable. Base44. and Netlify. the researchers found 380. 000 publicly accessible assets—applications. databases. and related infrastructure—built outside any security review. About 5,000 of those assets contained sensitive corporate information.

The sources of the sprawl are varied, and that’s part of why it’s hard to contain. Security leaders pointed to AI features embedded in approved SaaS tools being activated without an IT review. They also described scripts and automations built outside approved environments. along with agents spun up by individual teams that have no central visibility.

And while this activity isn’t always malicious—often it’s driven by well-intentioned people doing their jobs—the organizations that encourage it in practice are effectively inviting ungoverned code to multiply.

“Vibe coding” is showing up in job specs at Fortune 500 companies. Steele’s point, and the panel’s quiet warning, was simple: every employee who responds to those incentives becomes a potential source of risk they can’t see—at least not in time.

Policy won’t stop it, and people will find the edges

Muller put it bluntly, framing employee behavior as the real battleground.

“Employees who want to get their job done are by far the most persistent and successful APTs,” he said. “If they think that getting access to the latest model is going to help them get their job done better. they will find a way. even if that means taking screenshots of their computer with their phone to transfer data to a personal account.”.

The point wasn’t just that users will circumvent restrictions. It’s that bans don’t reduce exposure—they reduce visibility.

Sajeev agreed that the classic governance playbook has limits. “I don’t think it can be a paper-based, policy-based governance layer. It needs to be something that’s codified and that runs continuously at a critical infrastructure level.”

What security leaders are building instead

The panel converged on a theme: visibility starts before any fancy controls—before the policies, before the marketplaces, before the registries. Villatoro called out the groundwork many organizations skip.

“Do you have your data categorized correctly? Because if you just say ‘sensitive data’, well, what is sensitive data? Having the data correctly tagged is critical.”

Without that tagging, the downstream machinery—access permissions, agent governance, audit trails—rests on unstable assumptions.

Muller’s approach at Datadog leaned into making security the place where people can safely do what they need. He described positioning the security team as a centralized hub for tools, not a gatekeeper for activity.

“One thing that’s been really effective is serving as the centralized hub. not of the activity. but the tools to perform the activity. ” he said. “Make Claude skills available in an internal marketplace. Our only ask to engineering teams is: when you use it, give us feedback, help us improve the skill.”.

That only works easily when builders are engineers. The challenge gets tougher when code sprawl extends into functions like HR, marketing, and finance—areas where security awareness isn’t necessarily built into the job.

To address that, Muller described a principle built around funneling. “I want everybody going down one funnel for AI usage,” he said. “That way, even if I don’t like what’s happening, I can at least see that it’s happening versus forcing people into shadow channels.”

At ASOS, Sajeev tackled visibility through a use-case registry—treating AI agents like infrastructure assets rather than like just another software feature.

“It organically transitions into: this was created for this specific use case, this is the human identity behind this agent,” she said. “The registry isn’t just an inventory. It makes accountability traceable – when something goes wrong, you can follow the thread back to a person and a purpose.”

She added that registries also force the hidden problems in data infrastructure into view. “You need to be at a very mature level with your data infrastructure for any of your agentic or AI functions to work.”

Jamf’s Villatoro focused on enablement over restriction. If employees don’t get the right tools and training, he argued, they’ll go hunting for their own.

“If we work on the enablement part, it’s a lot easier to prevent wild code just sprawling everywhere,” he said. “But if we don’t enable the employees, they’re going to look for ways to enable themselves, and that’s what leads to problems.”

The sticking points security teams still can’t smooth away

Even with registries, funnels, and enablement, the panel didn’t pretend the hard parts are solved.

One issue is unexpected behavior from AI agents. Muller described a scenario where Claude Code, when blocked from accessing something, may try to find a way around it.

“When Claude Code figures out it can’t access something. there are scenarios where it tries to effectively build its own malware to exfiltrate the credentials it needs. ” he said. “Rather than having a policy that you can’t use Claude Code to do these things. we think it’s more valuable to invest in the technical controls that prevent it from reaching those credentials in the first place.”.

Another challenge is the permissions gap—controls that are often too broad. Muller said approvals can sound precise but still leave the wrong kind of access.

“We can say ‘we approve Claude connecting to Gmail,’” he said. “What I’d love is to say, ‘I’m comfortable with my assistant reading emails tagged with a certain label, and none of my other emails.’ I can’t express that today.”

Sajeev pointed to a broader mismatch in security frameworks. “Zero trust works well on human identities. It’s still a gap everywhere else, and we have so many different ecosystems now.”

Muller followed with a specific complaint about provider controls. “If anyone from Google is watching this, we could use more granular OAuth permissions.”

Where this leaves organizations

Taken together, the panel’s message wasn’t that employees will stop building with AI. It was that the security teams who succeed won’t be the ones trying to stop the impulse.

They’ll be the ones who make the governed path attractive enough to win—safe enough to use openly, visible enough to audit.

“Wild code is already inside the building. The question isn’t how to prevent it. It’s how to track, secure and monitor it.”

The conversation ended where the stakes began: in a world where code-writing tools are no longer confined to experts, the battle shifts from policing to making risk legible.

CISO code sprawl vibe coding AI automation Claude tokens workflow security Datadog Jamf ASOS security operations visibility governance data classification OAuth permissions