Home

Vibe coding is easy. Owning what you’ve built is harder

Rose de Fremery Rose de Fremery Writer, lowercase d
January 9, 2026
Vibe-coded apps lack owners and maintenance, creating a IT burden on IT departments.
(Credits: Viacheslav Life Studio/Shutterstock)

Now that anyone can build functional software, IT teams are having trouble getting a handle on how many vibe coded apps are in their environment. But even once they’ve found them, they’re left with a harder question: Who actually owns these apps?

Every app needs an owner. Not just someone who built it, but someone who responds when it breaks, knows what it connects to, and can actually fix it when something goes wrong. Vibe-coded apps often launch without any of these critical roles defined, and the gap doesn’t become obvious until the worst possible moment.

Shadow AI is generating orphaned code

When we were grappling with the first wave of shadow IT, there was usually a vendor somewhere in the picture. When someone signed up for Dropbox without permission, there was a support team to call, documentation to read, and a company that would keep the product running. At least we had something to go on when trying to figure out what an app did, how it worked, and how it would be maintained.

Now, when someone uses ChatGPT, GitHub Copilot, or Cursor to build an expense approval workflow that connects to your accounting system, there’s no vendor to call when it breaks. The person who built it probably doesn’t understand the code well enough to maintain it because they didn’t write it in any traditional sense. They just described what they wanted, and an AI produced something that worked.

Even professional developers are discovering how quickly AI-generated code is becoming a maintenance burden. In Stack Overflow’s 2025 Developer Survey, 66% of respondentsOpens a new window said their biggest frustration with AI tools is dealing with solutions that are “almost right, but not quite.” Debugging that code, which they cited as “more time-consuming,” ranked as the second biggest complaint (45%).

And those are software engineers with years of experience, mind you. When the person who built your department’s most critical tool is a business analyst who doesn’t know the difference between a function and a variable, the maintenance burden lands somewhere else entirely (usually on IT, without warning, during a crisis).

Industry analysts have a name for this now: “context engineeringOpens a new window .” Generating code turns out to be the easy part, not surprisingly, while managing everything around it is where the real work happens. IT leaders will likely end up supporting AI-assisted development whether they plan to or not. Their challenge is building accountability structures that don’t collapse the moment someone changes roles or leaves the company.

Assigning owners before the code ships

AI adoption has more than doubled in two years, but accountability hasn’t kept pace. According to the Spiceworks 2026 State of IT report, 52% of organizations now use AI, and writing or optimizing code is the single most popular use case at 46%. Yet only 24% plan to establish governance and accountability frameworks. That’s a lot of code being generated without anyone thinking through who owns it.

You can get out ahead of this problem by getting crucial ownership questions answered, ideally before anyone writes a line of code. These four questions will help you sort apps into natural risk tiers before they ever go live.

  • Who calls IT when this breaks?
  • What happens when the creator leaves or changes roles?
  • Does this touch customer data or systems of record?
  • Can we afford to lose this entirely?

Once you know what kind of app you’re dealing with, you’ll be able to figure out whether something can stay informal or needs to be hardened, documented, and assigned a formal owner. A script someone built for their own productivity, for example, will be handled very differently from an automated workflow that touches customer data and feeds into quarterly reporting.

This kind of tiered thinking isn’t new, of course. RACI matricesOpens a new window have been around for decades. Vibe coding creates a new wrinkle, though. The person who’s “Responsible” and the person who’s the “Expert” might be different people, or the expert might be nobody at all.

Intellectual property ownership also becomes complicated in a hurry when AI tools are involved in code generation. That’s a topic that deserves its own treatment, and your company’s legal team should ideally be part of that discussion. For now, the operational ownership question is pressing enough on its own.

Surfacing shadow AI through partnership

You can’t establish ownership over apps you don’t know exist, and business users won’t voluntarily report their AI experiments if they think IT’s response will be to shut everything down. A better approach positions IT as a partner rather than police. So make it easy for people to say, “I built something useful” and get help making it sustainable instead of hiding it until something breaks.

By collaborating with business users in this way, you also have a much better chance of catching security risks in AI-generated code before they become incidents. When they trust that IT is there to help rather than block, they bring problems forward earlier, helping your business prevent a costly breach.

Knowing when to take over a vibe coded app

What starts as a neat idea or a quick fix has a way of becoming mission-critical, and the triggers for when an app has outgrown its origins are usually obvious in hindsight. They might look like this:

  • Multiple users depend on it.
  • It integrates with core systems.
  • The creator can’t explain how it works anymore.
  • It’s grown well beyond its original scope.

Any of these signals that an informal app needs to become a formal one.

The handoff doesn’t need to be elaborate, but it does need to happen. Think of the citizen-built version as a prototype that proved the concept, and the IT-supported version as the production implementation. The business user validated that the tool was worth building, and now it’s IT’s job to harden that app for the long term. Both contributions matter and framing it that way makes the handoff feel like collaboration rather than confiscation.

Owning vibe coded apps before they own you

Vibe coding is still in its early days, which means the ownership structures you put in place now will shape how your company handles AI-generated apps for years to come. Thankfully, none of this work requires a massive governance overhaul or a new budget line item. The businesses that thrive won’t be the ones who locked down all the AI tools. They’ll be the ones who made it easy to bring a new app into the fold and difficult for critical tools to slip through the cracks.

AI
Rose de Fremery
Rose de Fremery

Writer, lowercase d

Former IT Director turned tech writer, Rose de Fremery built an IT department from scratch; she led it through years of head-spinning digital transformation at an international human rights organization. Rose creates content for major tech brands and is delighted to return to the Spiceworks community that once supported her own IT career.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

The build-versus-buy debate gets an AI twist
Software

The build-versus-buy debate gets an AI twist

Moltbook: The AI-only social network where bots run wild
Software

Moltbook: The AI-only social network where bots run wild

The rise of AI agents and their impact on work
Software

The rise of AI agents and their impact on work

How AI orchestration platforms actually work
Software

How AI orchestration platforms actually work

What Dell’s “One Dell Way” overhaul signals to IT leaders
Software

What Dell’s “One Dell Way” overhaul signals to IT leaders

Rust moves from experiment to a core Linux kernel language
Software

Rust moves from experiment to a core Linux kernel language