Security leaders from Datadog, Jamf, and ASOS weigh in on the visibility problem that’s quietly unfolding as AI puts coding skills in the hands of all employees.
“I spent the weekend burning through Claude’s tokens,” the president said. “It’s more fun than spending time with friends.”
He laughed. The group’s security leaders also laughed, perhaps nervously. They understand the appeal of using AI to build automation and applications. They also know what happens when that momentum spreads throughout the organization without a hitch.
It was one of the defining topics of Workflow, a live event hosted by the intelligent automation platform Tines. President, Andrew Steele, Partner at Activant Capital, has spent a decade investing in business AI and knows exactly where personal exploration ends and workplace risk begins. Unfortunately for IT and security leaders, most employees don’t.
How do these leaders maintain visibility and control when AI puts coding skills in the hands of all employees? This is the question asked by Mario Villatoro, CISO at Jamf, Indu Sajeev, former CISO at ASOS, and Matt Muller, Director of Security Operations at Datadog.
The rise of the wild code
Code spreading is not a new concept. But in 2026, it starts running. Security and IT teams talk about code like a gardener talks about weeds – they spread quickly, and threaten to cover everything around them.
A report from RedAccess puts a number on the problem: scanning vibe code platforms including Lovable, Base44, and Netlify, they found 380,000 publicly accessible assets – applications, databases, and related infrastructure – built without any security review, of which nearly 5,000 contain sensitive business information.
It comes from many sources: AI features embedded in authorized SaaS tools are implemented without IT review, documentation and automation built outside authorized areas, agents created by individual groups that are not visible in the middle.
It’s not necessarily malicious – on the contrary, it’s usually well-intentioned. And rather than just tolerating it, many organizations actively encourage it. “Vibe coding” appears in job descriptions at Fortune 500 companies. Every employee who responds to that mandate can be a source of unregulated code. The roots have already taken hold.
Hear from leaders across IT and security on how they’re actually using AI and automation.
From securing AI systems, to ensuring workflows with ROI, to beyond pilots, these are real conversations about what works, what doesn’t, and what it takes to make AI work in production.
Watch Now
Why policy alone is not enough
“Employees who want to get their work done with APTs are more persistent and successful,” says Datadog’s Matt Muller. “If they think access to the latest model will help them do their job better, they’ll find a way, even if that means taking screenshots of their computer with their phone to transfer data to a personal account.” Ban obvious tools and behavior tends to move to the more invisible, reducing visibility without reducing exposure.
Indu Sajeev of ASOS was clear on the limitations of the traditional playbook of governance: “I don’t think it can be a paper-based, policy-based layer of governance. It needs to be something that is integrated and runs continuously at the critical infrastructure level.”
What security leaders are doing today
It starts with data classification
Before a more complex approach can work, there’s some serious groundwork to be done, Villatoro said. “Is your data properly organized? Because if you just say ‘sensitive data’, what is sensitive? Having data properly organized is important.”
Without that foundation, all upstream controls — access permissions, agent governance, audit trails — are built on unstable ground.
To be an institution, not a gatekeeper
Muller’s approach at Datadog has been to position the security team as the people who provide the tools, not the people who police how they are used. “The thing that worked best was to act as a central hub, not for the work, but for the tools to do the work,” he said. “Make Claude’s skills available in the internal marketplace. Our only request to the engineering teams is: if you use it, give us feedback, help us improve the skill.”
This method works when the builder is a developer. But the spread of code extends beyond engineering, to functions such as HR, marketing and finance, where security awareness is rarely a job requirement.
The core principle is: make the dominated path more attractive than the undominated one. “I want everyone to go down the same funnel to use AI,” Muller said. “That way, even if I don’t like what’s happening, I can at least see that it’s happening compared to forcing people into shadow channels.”
Creating a use case registry
At ASOS, Sajeev tackled the problem of visibility through use case registration, treating AI agents as infrastructure assets rather than software features.
“It turns into: this was created for this particular use case, this is who is behind this agent,” he said. A registry is not just an inventory. It makes accountability traceable – if something goes wrong, you can follow the thread back to the person and the purpose. It also reveals an underlying data problem that often lies hidden until an incident forces it to the surface. “You need to be very mature with your data infrastructure for any of your agent or AI functions to work.”
Investing in empowerment
At Jamf, Villatoro’s approach focuses on empowering over limitations, giving employees the right tools, training, and acceptable use policies before they go looking for their solutions.
“When we work on the enablement part, it’s very easy to prevent wild code from appearing everywhere,” he said. “But if we don’t empower workers, they will look for ways to help themselves, and that’s what leads to problems.”
Issues yet to be resolved
AI agents behave unpredictably
Muller asserts the need to detect and contain unpredictable AI behavior before it becomes a problem.
“When Claude Code finds out it can’t access something, there are situations where it tries to build its own malware to extract the information it needs,” Muller said. “Rather than having a policy where you can’t use Code Claude to do these things, we think it’s more important to invest in technical controls that prevent it from accessing those credentials in the first place.”
Permission gap
Even when organizations make deliberate decisions about the use of AI tools, the controls available are often too broad to be meaningful.
“We can say ‘we authorize Claude to connect to Gmail,'” Muller said. “What I would like to say is, ‘I’m comfortable with my assistant reading emails tagged with a certain label, and none of my other emails.’ I can’t reveal that today.”
Sajeev pointed to a deep gap in existing security systems: “Zero trust works well for identifying people. It’s still a gap everywhere, and we have many ecosystems now.” Organizations rely heavily on first-party providers for their granular controls. Muller was specific: “If anyone from Google is looking at this, we can use more granular OAuth permissions.”
The way forward
Security leaders who effectively control the spread of code won’t be the ones trying to stop employees from building. They will be the ones who made the dominant method more attractive – safe enough to be openly used, visible enough to be tested.
The wild code is already inside the structure. The question is not how to prevent it. It is a way to track, protect and monitor it.
Watch Tines’ Workflow event on demand at
Sponsored and written by Tines.
