Resources Power to the People.  Risk to the Enterprise.

Power to the People.  
Risk to the Enterprise.

Alon Dankner

15 Apr 2026

Insights from 200 enterprise CISOs on risk, budget shifts, and securing business-built AI apps

Across enterprises, citizen developers now outnumber professional developers, and their numbers continue to grow.

But visibility, governance, and control have not kept pace. Security teams often see only part of what’s being built, even as these applications become business critical.

The result is a rapidly expanding attack surface that many organizations are still struggling to fully understand, let alone secure.

The 2026 State of Security in Business-Built Apps  and AI Agents:

Software developers are no longer the main builders in your organization.

Business builders now outnumber professional developers by 4X on average, and up to 10X in some organizations.

98% of CISOs expect these numbers to keep growing. This isn’t a shift on the horizon. It’s already happening, and it’s accelerating.

Professional
Developer

3-10 New 

Business Builders

Business builders now outnumber professional developers by 4X on average, and up to 10X in some organizations.

98% of CISOs expect these numbers to keep growing. This isn’t a shift on the horizon. It’s already happening, and it’s accelerating.

They know it’s happening. They just can’t see it.

Over 80% of CISOs and security leaders report that they lack full visibility into applications and AI agents built by business users.

Complete Visibility

Only 30% of CIOS’s say they have complete visibility

Partial Visibility

Over 70% of CISOs say they don’t have complete visibility, with many describing it as partial or minimal.

Over 80% of CISOs and security leaders report that they lack full visibility into applications and AI agents built by business users.

Governance is coming. Budget is already here.

Security leaders aren’t waiting to respond. On average, organizations expect to implement policies and controls for this activity within 6.5 months.

More than 90% and a total of 67% already have a defined budget for securing applications and AI agents built by business users in 2026.

Immediately

Within 6 months

Within 12 months

Beyond

Average: 6.5 months

A 12-Month timeline shows that 90% of CISOs are acting to close the gap by 12 months

Security leaders aren’t waiting to respond. On average, organizations expect to implement policies and controls for this activity within 6.5 months.

More than 90% and a total of 67% already have a defined budget for securing applications and AI agents built by business users in 2026.

Power to the People.  
Risk to the Enterprise.

Insights from 200 enterprise CISOs on risk, budget shifts, and securing business-built AI apps

The 2026 State of Security in Business-Built Apps  and AI Agents:

Software developers are no longer the main builders in your organization.

They know it’s happening. They just can’t see it.

Governance is coming. Budget is already here.

Get The Full Picture

Reveal what’s really growing in your jungle.

Power to the People. Risk to the Enterprise.

Insights from 200 enterprise CISOs on risk, budget shifts, and securing business-built AI apps

The 2026 State of Security in Business-Built Apps and AI Agents:

Software developers are no longer the main builders in your organization.

They know it’s happening. They just can’t see it.

Governance is coming. Budget is already here.

Get The Full Picture