Shadow AI is already in your Salesforce org. Somewhere in your company right now, someone is building an app with AI. Not your engineering team — a sales ops analyst, a partner manager, maybe someone in finance. They opened Lovable or Replit or Cursor, described what they needed in plain English, and had a working tool in a few hours.
It pulls from a CSV they exported from Salesforce last week. It tracks pipeline, or onboarding status, or partner activity. People on their team use it daily. It solves a real problem.
And your Salesforce org has no idea it exists.
This is shadow AI — and it’s happening in every mid-market Salesforce org we walk into. Not occasionally. Every single one.
The Numbers Are Worse Than You Think
A Gartner study found that 68% of employees use unauthorized AI tools at work. Microsoft’s research puts it even higher — 75% of workers use AI, and 78% of those are bringing their own tools. Three out of four CISOs have discovered unsanctioned AI tools already running in their environments.
Engineering teams lead the pack at 79% adoption of shadow AI tools, but the Salesforce-specific version of this problem hits differently. It’s not developers building microservices — it’s business users building apps that depend on Salesforce data but don’t connect to Salesforce.
The average cost of shadow AI per company is $412K per year. Shadow AI increases attack surface by 340%. And 88% of these tools lack proper data encryption.
Those numbers are bad. But in a Salesforce org, the real cost isn’t the security exposure — it’s the data divergence.
What Shadow AI Looks Like in a Salesforce Org
Here’s what we typically find when we audit a client’s environment:
The pipeline tracker. A sales manager wanted a visual way to see pipeline that Salesforce dashboards couldn’t do. They exported opportunity data to a Google Sheet, uploaded it to Lovable, and built a drag-and-drop pipeline board. It’s been running for four months. The data was last refreshed in February.
The onboarding checklist. An ops lead needed to track customer onboarding steps that span Account, Contact, and custom objects in Salesforce. They built it in Replit with a Supabase database. It captures information that should be on the Account record — contract details, technical contacts, integration requirements — but none of it writes back. Reps don’t see it. Reports don’t include it. Automation doesn’t trigger from it.
The partner portal. A partner manager couldn’t wait six months for an Experience Cloud build. They used Cursor to scaffold a Next.js app that lets partners submit deal registrations. The submissions go into a personal database. Someone manually copies them into Salesforce when they remember.
The executive dashboard. A VP of Sales wanted forecast analytics that standard dashboards couldn’t deliver — velocity tracking, pipeline-weighted predictions, year-over-year overlays. They hired a freelancer who built it in React and hosted it on Vercel’s free tier. It reads from Salesforce via an API key that’s hardcoded in the frontend JavaScript.
These aren’t hypothetical. These are composites from real client environments. Every one of them was built by someone solving a legitimate problem. And every one of them creates the same set of risks.
Why This Is Different from Shadow IT
Shadow IT was someone installing Dropbox instead of using SharePoint. Annoying, but manageable. Shadow AI is fundamentally different because of what these tools produce:
The apps are functional. Someone didn’t just sign up for an unauthorized tool — they built a working application that other people depend on. You can’t just revoke a license. People will notice, and they’ll push back because the tool actually works.
The data diverges immediately. The moment someone exports a CSV from Salesforce and loads it into another system, you have two versions of the truth. One updates in real time. One doesn’t. Every decision made from the stale copy is based on data that’s wrong by an unknowable amount.
Nothing writes back. This is the killer. Traditional shadow IT at least consumed data — someone looked at a report in a different tool. Shadow AI apps create data. They capture form submissions, log activities, track statuses. All of it should be in Salesforce. None of it is.
Free-tier hosting with zero security. 88% of shadow AI tools lack proper data encryption. These apps are running on free Vercel deploys, Replit hosting, personal Supabase instances. No authentication, no encryption at rest, no access controls. Your pipeline data — deal sizes, close dates, customer names — sitting on a free-tier server with a guessable URL.
They compound over time. One app becomes three. Three become twelve. Each one has its own database, its own version of the data, its own person who knows how it works. Six months in, you have a parallel data infrastructure that nobody planned and nobody governs.
The Vibe Coding Accelerant
This problem has gotten dramatically worse in the last twelve months, and it’s because of vibe coding.
Vibe coding — building applications by describing what you want to AI tools like Lovable, Cursor, Replit, and Bolt — has made it possible for anyone to build a working app in hours. You don’t need to know JavaScript or React or SQL. You describe the dashboard you want, and the AI builds it.
CIO Dive reported that the enterprise is “not ready” for vibe coding. A JetBrains survey found over a third of enterprise development teams using AI to generate large code blocks from natural language prompts. The problem isn’t the technology — it’s that organizations have no process for what happens after someone builds something worth keeping.
Salesforce recognized this with Agentforce Vibes, their enterprise vibe coding platform. Their pitch is sound — let people build, but within Salesforce’s security model and governance framework. The reality is that most employees aren’t waiting for IT to provision Agentforce. They’re already building in the tools they know.
How to Find What’s Been Built
You can’t govern what you can’t see. Here’s the practical approach we use to surface shadow AI in Salesforce orgs:
1. Check your Salesforce API logs. Connected Apps and API usage logs show every external system that’s authenticating against your org. Look for personal access tokens, unfamiliar OAuth clients, and API calls from IP addresses that aren’t your known infrastructure. If someone set up a Salesforce connection from a personal app, it’ll show up here.
2. Talk to your team leads. This sounds obvious, but it’s the highest-signal step. Ask every department: “Has anyone on your team built a tool or dashboard that uses Salesforce data?” You’ll be surprised how openly people share — they’re usually proud of what they built. They don’t think of it as a risk. They think of it as a solution.
3. Search for exported data. Check Salesforce data export logs. Look at scheduled reports being emailed to personal addresses. Audit who has Data Export permissions. Every CSV export is a potential seed for a shadow AI app.
4. Scan your network. Tools like Nudge Security can discover SaaS apps and AI tools in use across your organization by analyzing email and authentication patterns. This catches the ones nobody talks about.
5. Inventory and map. For every app you find, document: What Salesforce data does it use? Does it write data back? Who depends on it? Where is it hosted? What’s the security posture? This becomes your assessment — the foundation for deciding what to connect, rebuild, or retire.
What to Do About It
The wrong response is to shut everything down. These apps exist because Salesforce didn’t give someone what they needed in the format they needed it. Killing the apps without solving the underlying problem just sends people back to spreadsheets — or worse, they rebuild it somewhere you can’t find.
The right response is threefold:
Connect what’s worth keeping
Some of these apps are genuinely good. The pipeline tracker that the sales team loves? Connect it to Salesforce with a proper OAuth integration so it reads live data instead of a stale CSV. Build a bidirectional sync so changes in the app write back to Opportunity records. Move it from free-tier hosting to managed infrastructure.
Rebuild what belongs in Salesforce
That executive dashboard running on Vercel with a hardcoded API key? It should be a custom LWC dashboard inside Salesforce. Same visualizations, same interactivity, but running on existing Salesforce licenses with proper security and no integration to maintain. The onboarding checklist that captures data across multiple objects? That’s a Screen Flow or a custom LWC — not an external app with its own database.
Govern what comes next
The goal isn’t to stop people from building. It’s to give them a path from prototype to production that connects to Salesforce from day one. That means platform guidelines (approved tools, Salesforce connection requirements, go-live checklists), a review pipeline for new apps, and quarterly health checks.
43% of companies have no policy on AI tool usage. If yours is one of them, you’re already behind.
The Governance Framework That Actually Works
We’ve implemented shadow AI governance at multiple Salesforce orgs. Here’s what works and what doesn’t.
What works:
- Make it easy to do the right thing. If connecting an app to Salesforce requires a six-month IT project, people will keep using CSVs. Give teams a lightweight process — a short architectural review, a standard integration pattern, and help getting to production. Two weeks, not six months.
- Approved tool list with connection templates. “You can use Lovable, but here’s the template for connecting it to Salesforce with OAuth.” Remove the friction between building and integrating.
- Quarterly audits. Every three months, review API logs, talk to teams, and inventory what’s new. Shadow AI is an ongoing challenge, not a one-time cleanup.
What doesn’t work:
- Banning AI tools. 68% of employees are already using them. A ban just pushes it underground.
- Making governance a bottleneck. If your review process takes longer than building the app, nobody will use it.
- Treating every app the same. A read-only dashboard pulling from five Salesforce fields is not the same risk as an app that captures customer PII in a personal database. Triage accordingly.
Start Here
If you’re a VP of Engineering, CTO, or Salesforce admin reading this and thinking “we definitely have this problem” — you’re probably right. Here’s where to start:
- Run the five-step discovery outlined above. API logs, team conversations, export audits, network scan, inventory.
- Categorize by risk. Apps that write data or handle sensitive information are urgent. Read-only dashboards are lower priority.
- Pick one high-value app to connect first. The one people depend on most and that handles the most sensitive data. Connect it properly. Show the organization what “done right” looks like.
- Build the governance framework before you have twenty more apps to deal with.
We’ve built a service specifically for this — assessment, architecture, migration, and ongoing managed services for shadow AI apps in Salesforce orgs. If you want help running the discovery audit or connecting what your team has already built, reach out. We’ll give you a straight assessment, not a sales pitch.
FAQ
How long does a shadow AI audit take?
A typical discovery audit for a mid-market Salesforce org takes one to two weeks. We inventory the apps, map the data flows, assess security posture, and deliver a prioritized roadmap. It’s a fixed-fee engagement.
Should we just rebuild everything natively in Salesforce?
Not necessarily. Some apps are better outside Salesforce — especially customer-facing tools, partner portals, or anything that needs a modern frontend framework. The question is whether it’s properly connected to Salesforce and running on managed infrastructure. We assess each app individually and recommend the right approach.
What about Salesforce’s Agentforce Vibes for vibe coding?
Agentforce Vibes is a solid platform for vibe coding within Salesforce’s governance framework. The challenge is adoption — most employees are building with the tools they already know (Lovable, Cursor, Replit), not waiting for IT to provision Agentforce. A practical governance strategy accounts for both paths.
How do we prevent this from happening again?
You don’t prevent it — you channel it. Employees are building with AI tools because they solve real problems. The goal is to give them a path from prototype to production that includes Salesforce integration from day one. Platform guidelines, a lightweight review process, and quarterly audits keep things on track without killing innovation.
What if we find an app with a security issue?
If an app is storing sensitive data on free-tier hosting without authentication, that’s an immediate priority. We can help you assess the exposure, secure or decommission the app, and migrate the data to proper infrastructure. Don’t wait for a quarterly audit if you know there’s a problem now.