Security leaders from Datadog, Jamf, and ASOS weigh in on the visibility crisis quietly unfolding as AI puts code-writing capabilities in every employee's hands.

"I spent the weekend burning through Claude tokens," the moderator said. "It's more fun than hanging out with friends."

He laughed. The security leaders on the panel laughed too, perhaps a little nervously. They understand the appeal of using AI to build automations and applications. They also know what happens when that same impulse spreads across an organization without guardrails.

It was one of the defining topics of Workflow, a live virtual event hosted by intelligent automation platform Tines. The moderator, Andrew Steele, a Partner at Activant Capital, has spent a decade investing in enterprise AI and knows exactly where personal experimentation ends and workplace risk begins. Unfortunately for IT and security leaders, many employees don't.

How do these leaders maintain visibility and control when AI puts code-writing capabilities in every employee's hands? This is the question he asked Mario Villatoro, CISO at Jamf, Indu Sajeev, former CISO at ASOS, and Matt Muller, Director of Security Operations at Datadog.

The rise of wild code

Code sprawl is not a new concept. But in 2026, it's starting to run wild. Security and IT teams talk about code like a gardener talks about weeds - spreading fast, and threatening to overwhelm everything around them.

A report from RedAccess puts a number to the problem: scanning vibe coding platforms including Lovable, Base44, and Netlify, they found 380,000 publicly accessible assets - applications, databases, and related infrastructure - built outside any security review, with roughly 5,000 containing sensitive corporate information.

It comes from many sources: AI features embedded in approved SaaS tools activated without IT review, scripts and automations built outside approved environments, agents spun up by individual teams with no central visibility.

It isn't necessarily malicious - on the contrary, it's often well-intentioned. And rather than just tolerating it, many organizations are actively encouraging it. "Vibe coding" is appearing in job specs at Fortune 500 companies. Every employee who responds to that mandate is a potential source of ungoverned code. The roots are already taking hold.

Why policy alone isn’t enough

"Employees who want to get their job done are by far the most persistent and successful APTs," Datadog’s Matt Muller said. "If they think that getting access to the latest model is going to help them get their job done better, they will find a way, even if that means taking screenshots of their computer with their phone to transfer data to a personal account." Ban the obvious tools and the behaviour tends to move to less obvious ones, reducing visibility without reducing exposure.

ASOS’s Indu Sajeev was clear on the limits of the conventional governance playbook: "I don't think it can be a paper-based, policy-based governance layer. It needs to be something that's codified and that runs continuously at a critical infrastructure level."

What security leaders are doing today

Starting with data classification

Before any more sophisticated approach can work, there's unglamorous groundwork to do, Villatoro said. "Do you have your data categorized correctly? Because if you just say 'sensitive data', well, what is sensitive data? Having the data correctly tagged is critical."

Without that foundation, every downstream control - access permissions, agent governance, audit trails - is built on unstable ground.

Becoming the hub, not the gatekeeper

Muller's approach at Datadog has been to position the security team as the people who provide the tools, not the people who police how they're used. "One thing that's been really effective is serving as the centralized hub, not of the activity, but the tools to perform the activity," he said. "Make Claude skills available in an internal marketplace. Our only ask to engineering teams is: when you use it, give us feedback, help us improve the skill."

This approach works when the builder is an engineer. But code sprawl extends beyond engineering, into functions like HR, marketing and finance, where security awareness is rarely a job requirement.

The core principle holds: make the governed path more appealing than the ungoverned one. "I want everybody going down one funnel for AI usage,” Muller said. “That way, even if I don't like what's happening, I can at least see that it's happening versus forcing people into shadow channels."

Building a use-case registry

At ASOS, Sajeev tackled the visibility problem with a use-case registry, treating AI agents like infrastructure assets rather than software features.

"It organically transitions into: this was created for this specific use case, this is the human identity behind this agent," she said. The registry isn't just an inventory. It makes accountability traceable - when something goes wrong, you can follow the thread back to a person and a purpose. It also surfaces the underlying data problem that tends to hide until an incident forces it into the open. "You need to be at a very mature level with your data infrastructure for any of your agentic or AI functions to work."

Investing in enablement

At Jamf, Villatoro's approach centred on enablement over restriction, giving employees the right tools, training, and acceptable use policies before they go looking for their own solutions.

"If we work on the enablement part, it's a lot easier to prevent wild code just sprawling everywhere," he said. "But if we don't enable the employees, they're going to look for ways to enable themselves, and that's what leads to problems."

The problems still to be solved

AI agents behaving unexpectedly

The permissions gap

Even when organizations make deliberate decisions about AI tool usage, the controls available are often too broad to be meaningful.

"We can say 'we approve Claude connecting to Gmail,'" Muller said. "What I'd love is to say, ‘I'm comfortable with my assistant reading emails tagged with a certain label, and none of my other emails.’ I can't express that today."

Sajeev pointed to a deeper gap in existing security frameworks: "Zero trust works well on human identities. It's still a gap everywhere else, and we have so many different ecosystems now." Organizations are largely dependent on first-party providers whose controls can lack granularity. Muller was direct: "If anyone from Google is watching this, we could use more granular OAuth permissions."

The path forward

The security leaders who effectively tame code sprawl won't be the ones who tried to stop employees from building. They'll be the ones who made the governed path the most appealing one - safe enough to use openly, visible enough to audit.

Wild code is already inside the building. The question isn't how to prevent it. It's how to track, secure and monitor it.

Watch the Workflow virtual event by Tines on demand at https://watch.workflow.live/.

Sponsored and written by Tines.