What happened
Retool surveyed 307 CTOs, CIOs, and CISOs on AI governance and internal tool development. Key finding: 93% of senior tech and security leaders are 'at least somewhat concerned' about vibe-coded (AI-generated) internal tools running in production, with 38% ranking it among their top operational risks. Only 8% of organizations report having strong governance in place. The report identifies a critical gap: 51% of respondents said 'not to my knowledge, but I can't say for certain' whether their organization has experienced a production incident from AI-generated code, while 19% confirmed they have. The survey reveals that 55% of leaders want centralized platform-level governance to address these risks, yet only 24% currently govern at the environment level.
Why it matters
This report quantifies an acute governance gap that CISOs and CTOs must address immediately: the speed of AI-enabled code generation has outpaced visibility and control mechanisms. The data shows enterprises are deploying AI-generated applications without adequate security, compliance, or audit infrastructure—a finding that directly informs risk appetite and platform architecture decisions for any organization scaling AI coding tools.
Action needed
Assess your organization's current visibility into AI-generated code and internal tool deployments; establish a governance-by-default platform architecture before further AI agent authorization; implement centralized permission models and audit trails for all AI-generated applications.