If you’ve ever watched someone set up a lemonade stand in the middle of a busy road without telling anyone, you’ve basically got the picture here. Regular employees — not IT people, not security experts — are now building and publishing actual working apps and databases using AI tools, often in an afternoon. These tools are genuinely impressive and easy to use, but the apps get connected to real company data and then just… sit there on the public internet, completely unguarded. Security teams have no idea they exist because nobody asked permission to build them.
The research here found nearly 400,000 of these exposed assets floating around online. Think of it like someone leaving a filing cabinet full of customer records on the sidewalk — except the filing cabinet is searchable by Google. The problem isn’t that AI tools are bad. The problem is that building something used to require enough technical knowledge that you’d naturally involve IT. Now anyone can ship a working app before lunch, and the safety guardrails haven’t caught up with how fast that’s happening.
So what does this mean for you practically?
If you run a small business, this is your reminder to do a quick audit of every tool your team uses to collect customer information — forms, intake pages, mini-apps someone built with an AI tool. Ask yourself: where does that data actually go? Tools like Notion forms, Typeform, or AI app builders are fine, but make sure you know exactly what database they’re feeding and whether that database requires a login to access. It takes an hour and could save you a very expensive conversation with a lawyer.
If you’re a freelancer or consultant, there’s real money in offering a simple “AI app security review” service to small businesses. You don’t need to be a cybersecurity expert. Just learn the basics of checking whether a Supabase or Airtable database is set to private, and whether any deployed apps are exposing sensitive fields. Businesses are building these things faster than they’re auditing them, and a few hundred dollars for peace of mind is an easy sell.
If you’re job hunting or upskilling, understanding basic data security around AI tools is a genuinely marketable skill right now. There’s a gap between people who can build with AI and people who understand what to lock down afterward. Filling that gap puts you ahead of 90% of people using the same tools.
The takeaway: building with AI got easy, but that doesn’t mean the consequences of getting it wrong got any lighter.
Join the conversation
Be respectful. Offensive language is automatically blocked.