45% of AI-generated code has security vulnerabilities. 63% of vibe coding users are non-developers (Gartner, 2025). No existing framework governs what AI builds. CLAVE is the first.
Existing frameworks govern AI models, AI data, and AI tool usage. No framework governs the output: the applications people build with AI coding tools. CLAVE fills this gap.
These are not hypothetical. They are happening today in enterprises worldwide. The question is whether you discover them proactively or after the damage is done.
A marketing analyst built a customer segmentation tool with Claude Code three months ago. It pulls customer PII from Salesforce via an unauthorized API. The analyst left the company last week. The app is still running. Still pulling PII. Nobody knows it exists. Your next data breach will not come from a sophisticated attack — it will come from an app that was never supposed to be in production.
An external auditor asks: "Provide a complete inventory of all applications that use or were created by artificial intelligence, including data flows, ownership, and risk classification." You check with IT. They have the official app catalog. But the 200+ apps employees built with Cursor, Bolt, and Lovable? They are not in any catalog. You have seven days to respond.
The CFO approves a $2M project to build a financial forecasting dashboard. During a CLAVE discovery scan, you find three different teams already built forecasting dashboards with AI tools. One is actually quite good. Nobody knew about any of them because there was no registry. The $2M project duplicates work that already exists.
Every major category covers an adjacent concern. None cover the applications employees create with AI tools.
| Capability | Shadow AI | Citizen dev | AI governance | CLAVE |
|---|---|---|---|---|
| Discover apps built with AI tools | × | ~ | × | ✓ |
| Register and inventory AI-created apps | × | ~ | × | ✓ |
| Classify by data sensitivity and risk | × | ~ | × | ✓ |
| Assign ownership and accountability | × | ✓ | × | ✓ |
| Scan AI-generated code for vulnerabilities | × | × | × | ✓ |
| Lifecycle management with TTL and auto-expiry | × | × | × | ✓ |
| Detect orphaned apps when owners leave | × | × | × | ✓ |
| Tool-agnostic (any AI creation tool) | n/a | × | n/a | ✓ |
Shadow AI: Relyance, Entro, Credo AI. Citizen dev: Power Platform CoE, Superblocks. AI governance: Securiti, OneTrust AI, Credo AI.
87% of Fortune 500 use vibe coding platforms (Gartner, 2026). None have a complete registry of resulting apps.
Average enterprise: 223 data policy violations per month from AI usage.
8x increase in duplicated code blocks. 39.9% decrease in refactoring.
98% of organizations report unsanctioned AI use. 47% via personal accounts.
40%+ of junior devs deploy AI code they don’t understand.
Only 37% of organizations have any AI governance policies.
These are not hypotheticals. These are documented incidents from 2025–2026 caused by applications built with AI coding tools and deployed without governance.
Additional data: Veracode found 45% of AI-generated code introduces security flaws with 2.74x more vulnerabilities than human-written code. 10.3% of Lovable-generated apps had critical row-level security flaws. Apiiro documented 322% more privilege escalation paths from AI-generated code at Fortune 50 enterprises.
AI-created applications introduce a distinct class of security risks not addressed by traditional AppSec, shadow IT tools, or AI governance platforms. CLAVE is designed to mitigate all of them.
The following are the highest-impact threat scenarios that CLAVE's 42 directives address. Each maps to MITRE ATT&CK/ATLAS techniques and the specific directives that mitigate it. This is a representative set, not an exhaustive list — the full framework covers additional vectors including shadow data stores, cross-border data flows, AI API data leakage, and unauthorized external integrations.
| Threat scenario | MITRE reference | Severity | CLAVE mitigation |
|---|---|---|---|
| Unregistered app accesses customer PII via unauthorized API | ATT&CK T1530 ATLAS AML.TA0010 |
Critical | DIS-01 (Registry), DIS-03 (Repo scan), CLS-02 (Data flow mapping), GOV-04 (Data contracts) |
| Hardcoded credentials in AI-generated code exposed in repo | ATT&CK T1552.001 | Critical | SEC-03 (Secrets detection), SEC-01 (Code scanning), SEC-10 (Remediation SLA: 72h) |
| Orphaned app runs after creator leaves, no owner or monitoring | ATT&CK T1078 ATLAS AML.TA0006 |
High | LIF-04 (Orphan detection), LIF-06 (Auto deprecation), LIF-08 (Kill switch) |
| SQL injection in AI-generated code reaches production | ATT&CK T1190 | Critical | SEC-01 (SAST), SEC-05 (OWASP validation), SEC-08 (Penetration testing) |
| Compromised dependency in AI-generated supply chain | ATT&CK T1195.001 ATLAS AML.T0010 |
High | SEC-02 (SCA/dependency analysis), SEC-04 (ATLAS threat profiling) |
| AI app used as pivot point for lateral movement | ATT&CK T1021 ATT&CK T1570 |
High | SEC-06 (Access control), SEC-07 (Encryption), SEC-09 (Runtime monitoring) |
| Expired app with known vulnerabilities still in production | ATT&CK T1190 | High | LIF-01 (TTL), LIF-03 (Expiry alerts), LIF-06 (Auto deprecation), LIF-08 (Kill switch) |
| No audit trail during incident response for AI-created app | Compliance risk | High | DIS-01 (App Card metadata), LIF-07 (Decommissioning audit trail), MEA-04 (Reporting) |
| Auditor requests AI system inventory, none exists | Compliance risk | Medium | DIS-01 (Registry), DIS-08 (Gap metric), CLS-01 (Tier assignment), MEA-04 (Reporting) |
Without CLAVE, organizations face a fundamental security gap: they cannot protect what they cannot see. Every unregistered AI-created application is an unmanaged asset with potential access to enterprise data, operating without security controls, and invisible to incident response teams. CLAVE closes this gap.
Four layers: AI tool inputs, core framework (6 domains, 42 directives), governance outputs, and formal alignments to global standards.
Each directive has implementation levels (Basic / Intermediate / Advanced), evidence requirements, and formal mappings.
Centralized registry with App Cards. Automated discovery via repo scanning, infrastructure monitoring, network analysis, CI/CD hooks.
Three tiers based on data sensitivity. Automated via DSPM. Escalation triggers on new data sources. Duplication detection.
Mandatory owners. Authorized data sources. Risk-proportional approvals. Cross-functional governance committee.
SAST/SCA, secrets detection, MITRE ATLAS threat profiling, OWASP validation, remediation SLAs by severity.
TTL by tier. Active renewal with reassessment. Orphan detection via HR. Auto-deprecation. Kill switch for incidents.
12 KPIs across operational, risk, and executive levels. Dashboards. Executive reports. Readiness score + benchmarking.
The CLAVE Framework defines what to govern. The CLAVE Platform is the open-source application that operationalizes it. Self-host it, contribute to it, extend it.
Standardized App Cards with 15 metadata fields. Search, filter, export. Self-registration portal for creators. REST API for integration.
Automated scanning of Git repos, cloud deployments, K8s clusters, network traffic. CI/CD pipeline hooks. Gap reporting.
Data sensitivity-based classification. DSPM integration. Tier escalation triggers. Duplication detection across portfolio.
Automated TTL notifications (30/14/7 days). Orphan detection via HR/AD integration. Ownership transfer. Emergency kill switch.
Automatic mapping to NIST AI RMF, MITRE ATLAS, ISO 27001. Per-app and per-org compliance posture. Audit-ready exports.
Real-time 12-KPI dashboard. CLAVE Readiness Score. Risk distribution by tier. Orphan rate. Trend analysis. Exportable reports.
Assessed per domain. Produces an overall CLAVE Readiness Score (0-5).
| Level | Name | Characteristics | Evidence |
|---|---|---|---|
| 0 | Unaware | No visibility into AI-created apps. | None |
| 1 | Ad Hoc | Awareness exists. No formal processes. | Spreadsheets |
| 2 | Managed | Central registry. Ownership assigned. Basic tiers. | Partial registry |
| 3 | Defined | Policies. Automated discovery. Data contracts. TTL. | >80% coverage |
| 4 | Measured | Active KPIs. Continuous compliance. Auto risk scoring. | Dashboards, reports |
| 5 | Optimized | Predictive. Self-remediation. Full integration. | Full automation |
AI-created apps expand your attack surface daily without your visibility. CLAVE gives you a registry, risk tiering, and vulnerability management for apps you did not know existed.
Your employees build faster than ever. The duplication and orphaned apps are the cost. CLAVE provides governance that enables innovation at scale.
New services appear in your clusters and DNS. CLAVE's DISCOVER domain finds and registers everything, regardless of creation tool.
Regulators will ask for your AI system inventory. CLAVE provides the structure with formal mappings to NIST, MITRE, and ISO.
Full crosswalk to GOVERN, MAP, MEASURE, MANAGE. Directly supports the AI system inventory requirement (GOVERN 1.1).
SECURE directives mapped to ATLAS adversarial tactics for AI-specific threat modeling, including 2026 agentic extensions.
Directives reference Annex A controls for integration into existing ISMS implementations.
All core resources are free and open under CC BY-SA 4.0.
6 domains, 42 directives, readiness model, 12 KPIs, implementation guide, compliance mappings.
Directives Tracker, App Registry, Maturity Assessment, KPI Dashboard, NIST Crosswalk.
Online questionnaire for CLAVE Readiness Level. Benchmark against anonymized peers. Coming soon.
EU AI Act, GDPR, Ley 21.719, LGPD, sector-specific. Planned for future releases.
CLAVE is a community-governed framework. Transparency in how it evolves is as important as the governance it provides.
We are assembling a board of practitioners to review, validate, and refine the framework before general release.
Apply to joinWhether you want to implement CLAVE, contribute to the open-source platform, join the advisory board, or pilot it in your organization, we welcome the conversation.