Millions of apps are built by AI every day. None of them are governed.
45% of AI-generated code has security vulnerabilities. 63% of vibe coding users are non-developers (Gartner, 2025). No existing framework governs what AI builds. CLAVE is the first.
Every governance layer is covered — except one
Existing frameworks govern AI models, AI data, and AI tool usage. No framework governs the output: the applications people build with AI coding tools. CLAVE fills this gap.
Three incidents waiting to happen in your organization
These are not hypothetical. They are happening today in enterprises worldwide. The question is whether you discover them proactively or after the damage is done.
The invisible breach
A marketing analyst built a customer segmentation tool with Claude Code three months ago. It pulls customer PII from Salesforce via an unauthorized API. The analyst left the company last week. The app is still running. Still pulling PII. Nobody knows it exists. Your next data breach will not come from a sophisticated attack — it will come from an app that was never supposed to be in production.
The audit you cannot pass
An external auditor asks: "Provide a complete inventory of all applications that use or were created by artificial intelligence, including data flows, ownership, and risk classification." You check with IT. They have the official app catalog. But the 200+ apps employees built with Cursor, Bolt, and Lovable? They are not in any catalog. You have seven days to respond.
The $2M project that already exists three times
The CFO approves a $2M project to build a financial forecasting dashboard. During a CLAVE discovery scan, you find three different teams already built forecasting dashboards with AI tools. One is actually quite good. Nobody knew about any of them because there was no registry. The $2M project duplicates work that already exists.
Existing solutions leave AI-created apps ungoverned
Every major category covers an adjacent concern. None cover the applications employees create with AI tools.
| Capability | Shadow AI | Citizen dev | AI governance | CLAVE |
|---|---|---|---|---|
| Discover apps built with AI tools | × | ~ | × | ✓ |
| Register and inventory AI-created apps | × | ~ | × | ✓ |
| Classify by data sensitivity and risk | × | ~ | × | ✓ |
| Assign ownership and accountability | × | ✓ | × | ✓ |
| Scan AI-generated code for vulnerabilities | × | × | × | ✓ |
| Lifecycle management with TTL and auto-expiry | × | × | × | ✓ |
| Detect orphaned apps when owners leave | × | × | × | ✓ |
| Tool-agnostic (any AI creation tool) | n/a | × | n/a | ✓ |
Shadow AI: Relyance, Entro, Credo AI. Citizen dev: Power Platform CoE, Superblocks. AI governance: Securiti, OneTrust AI, Credo AI.
Current measurements, not projections
No inventory
87% of Fortune 500 use vibe coding platforms (Gartner, 2026). None have a complete registry of resulting apps.
Data violations
Average enterprise: 223 data policy violations per month from AI usage.
Code debt
8x increase in duplicated code blocks. 39.9% decrease in refactoring.
Unsanctioned
98% of organizations report unsanctioned AI use. 47% via personal accounts.
Skills gap
40%+ of junior devs deploy AI code they don’t understand.
Policy gap
Only 37% of organizations have any AI governance policies.
Real-world incidents from ungoverned AI-created applications
These are not hypotheticals. These are documented incidents from 2025–2026 caused by applications built with AI coding tools and deployed without governance.
Additional data: Veracode found 45% of AI-generated code introduces security flaws with 2.74x more vulnerabilities than human-written code. 10.3% of Lovable-generated apps had critical row-level security flaws. Apiiro documented 322% more privilege escalation paths from AI-generated code at Fortune 50 enterprises.
What CLAVE protects and which risks it mitigates
AI-created applications introduce a distinct class of security risks not addressed by traditional AppSec, shadow IT tools, or AI governance platforms. CLAVE is designed to mitigate all of them.
Priority threat scenarios mitigated by CLAVE
The following are the highest-impact threat scenarios that CLAVE's 42 directives address. Each maps to MITRE ATT&CK/ATLAS techniques and the specific directives that mitigate it. This is a representative set, not an exhaustive list — the full framework covers additional vectors including shadow data stores, cross-border data flows, AI API data leakage, and unauthorized external integrations.
| Threat scenario | MITRE reference | Severity | CLAVE mitigation |
|---|---|---|---|
| Unregistered app accesses customer PII via unauthorized API | ATT&CK T1530 ATLAS AML.TA0010 |
Critical | DIS-01 (Registry), DIS-03 (Repo scan), CLS-02 (Data flow mapping), GOV-04 (Data contracts) |
| Hardcoded credentials in AI-generated code exposed in repo | ATT&CK T1552.001 | Critical | SEC-03 (Secrets detection), SEC-01 (Code scanning), SEC-10 (Remediation SLA: 72h) |
| Orphaned app runs after creator leaves, no owner or monitoring | ATT&CK T1078 ATLAS AML.TA0006 |
High | LIF-04 (Orphan detection), LIF-06 (Auto deprecation), LIF-08 (Kill switch) |
| SQL injection in AI-generated code reaches production | ATT&CK T1190 | Critical | SEC-01 (SAST), SEC-05 (OWASP validation), SEC-08 (Penetration testing) |
| Compromised dependency in AI-generated supply chain | ATT&CK T1195.001 ATLAS AML.T0010 |
High | SEC-02 (SCA/dependency analysis), SEC-04 (ATLAS threat profiling) |
| AI app used as pivot point for lateral movement | ATT&CK T1021 ATT&CK T1570 |
High | SEC-06 (Access control), SEC-07 (Encryption), SEC-09 (Runtime monitoring) |
| Expired app with known vulnerabilities still in production | ATT&CK T1190 | High | LIF-01 (TTL), LIF-03 (Expiry alerts), LIF-06 (Auto deprecation), LIF-08 (Kill switch) |
| No audit trail during incident response for AI-created app | Compliance risk | High | DIS-01 (App Card metadata), LIF-07 (Decommissioning audit trail), MEA-04 (Reporting) |
| Auditor requests AI system inventory, none exists | Compliance risk | Medium | DIS-01 (Registry), DIS-08 (Gap metric), CLS-01 (Tier assignment), MEA-04 (Reporting) |
Without CLAVE, organizations face a fundamental security gap: they cannot protect what they cannot see. Every unregistered AI-created application is an unmanaged asset with potential access to enterprise data, operating without security controls, and invisible to incident response teams. CLAVE closes this gap.
Complete framework architecture
Four layers: AI tool inputs, core framework (6 domains, 42 directives), governance outputs, and formal alignments to global standards.
Six domains, 42 directives
Each directive has implementation levels (Basic / Intermediate / Advanced), evidence requirements, and formal mappings.
DISCOVER
Centralized registry with App Cards. Automated discovery via repo scanning, infrastructure monitoring, network analysis, CI/CD hooks.
CLASSIFY
Three tiers based on data sensitivity. Automated via DSPM. Escalation triggers on new data sources. Duplication detection.
GOVERN
Mandatory owners. Authorized data sources. Risk-proportional approvals. Cross-functional governance committee.
SECURE
SAST/SCA, secrets detection, MITRE ATLAS threat profiling, OWASP validation, remediation SLAs by severity.
LIFECYCLE
TTL by tier. Active renewal with reassessment. Orphan detection via HR. Auto-deprecation. Kill switch for incidents.
MEASURE
12 KPIs across operational, risk, and executive levels. Dashboards. Executive reports. Readiness score + benchmarking.
From framework to working software
The CLAVE Framework defines what to govern. The CLAVE Platform is the open-source application that operationalizes it. Self-host it, contribute to it, extend it.
Centralized catalog
Standardized App Cards with 15 metadata fields. Search, filter, export. Self-registration portal for creators. REST API for integration.
Find unregistered apps
Automated scanning of Git repos, cloud deployments, K8s clusters, network traffic. CI/CD pipeline hooks. Gap reporting.
Automated tier assignment
Data sensitivity-based classification. DSPM integration. Tier escalation triggers. Duplication detection across portfolio.
TTL, orphans, kill switch
Automated TTL notifications (30/14/7 days). Orphan detection via HR/AD integration. Ownership transfer. Emergency kill switch.
Gap analysis and reports
Automatic mapping to NIST AI RMF, MITRE ATLAS, ISO 27001. Per-app and per-org compliance posture. Audit-ready exports.
Readiness score and KPIs
Real-time 12-KPI dashboard. CLAVE Readiness Score. Risk distribution by tier. Orphan rate. Trend analysis. Exportable reports.
Six levels from unaware to optimized
Assessed per domain. Produces an overall CLAVE Readiness Score (0-5).
| Level | Name | Characteristics | Evidence |
|---|---|---|---|
| 0 | Unaware | No visibility into AI-created apps. | None |
| 1 | Ad Hoc | Awareness exists. No formal processes. | Spreadsheets |
| 2 | Managed | Central registry. Ownership assigned. Basic tiers. | Partial registry |
| 3 | Defined | Policies. Automated discovery. Data contracts. TTL. | >80% coverage |
| 4 | Measured | Active KPIs. Continuous compliance. Auto risk scoring. | Dashboards, reports |
| 5 | Optimized | Predictive. Self-remediation. Full integration. | Full automation |
Who should implement CLAVE
CISO / Security Directors
AI-created apps expand your attack surface daily without your visibility. CLAVE gives you a registry, risk tiering, and vulnerability management for apps you did not know existed.
CIO / CTO
Your employees build faster than ever. The duplication and orphaned apps are the cost. CLAVE provides governance that enables innovation at scale.
Platform Engineering
New services appear in your clusters and DNS. CLAVE's DISCOVER domain finds and registers everything, regardless of creation tool.
Compliance Officers
Regulators will ask for your AI system inventory. CLAVE provides the structure with formal mappings to NIST, MITRE, and ISO.
Complements existing standards
NIST AI RMF 1.0
Full crosswalk to GOVERN, MAP, MEASURE, MANAGE. Directly supports the AI system inventory requirement (GOVERN 1.1).
MITRE ATLAS
SECURE directives mapped to ATLAS adversarial tactics for AI-specific threat modeling, including 2026 agentic extensions.
ISO/IEC 27001:2022
Directives reference Annex A controls for integration into existing ISMS implementations.
Implementation resources
All core resources are free and open under CC BY-SA 4.0.
Framework document v1.0
6 domains, 42 directives, readiness model, 12 KPIs, implementation guide, compliance mappings.
Implementation toolkit (Excel)
Directives Tracker, App Registry, Maturity Assessment, KPI Dashboard, NIST Crosswalk.
Self-assessment tool
Online questionnaire for CLAVE Readiness Level. Benchmark against anonymized peers. Coming soon.
Compliance packs
EU AI Act, GDPR, Ley 21.719, LGPD, sector-specific. Planned for future releases.
How CLAVE is maintained
CLAVE is a community-governed framework. Transparency in how it evolves is as important as the governance it provides.
Join the CLAVE Advisory Board
We are assembling a board of practitioners to review, validate, and refine the framework before general release.
Apply to joinEngage with CLAVE
Whether you want to implement CLAVE, contribute to the open-source platform, join the advisory board, or pilot it in your organization, we welcome the conversation.