Bottom line: Uncontrolled AI-driven code development by employees forces CISOs to establish new governance models that balance security with agility.
Employees are increasingly creating AI-powered automations, agents, and applications outside established security processes. CISOs must get control over this uncontrolled code proliferation and shadow tools.
The trend of employees using AI tools such as low-code and no-code platforms as well as generative AI models is leading to massive proliferation of code, automations, and agents in enterprise environments. Many of these developments occur outside the visibility of security teams and without formal governance structures.
For CISOs, this creates a classic visibility problem: it is unclear which AI-powered tools are actually in use, how they handle enterprise data, and what security risks they pose. At the same time, such shadow tools complicate compliance requirements and significantly increase the attack surface.
The answer lies in a combination of technical controls, governance frameworks, and user-friendliness: CISOs must not only monitor infrastructure but also establish secure channels and policies through which automation is authorized and transparent. Without parallel facilitation from the business side, pure restrictions only create more circumvention of controls.
Source: www.bleepingcomputer.com · Published 15 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.