Not long ago, writing code was reserved for engineers. Today, anyone with access to AI can build apps, automate workflows, and ship to production—no CS degree required. Sales reps, marketers, HR teams, and finance leads are all becoming creators. And that, Shahar Bahat argues, is the beginning of a new security crisis.
“Business users are now builders,” she told me. “But they don’t understand security—and they’re not supposed to.” Shahar, a former Unit 8200 operator and product leader at both startups and Microsoft, co-founded Pluto Security to address what might be the fastest-growing attack surface in the enterprise: software built by non-developers.
The shift is already here. At Microsoft, she saw it firsthand—teams reduced in size, told to “move faster” by embracing generative AI. “It wasn’t a suggestion. It was an expectation,” she said. Tools like Replit, Lavable, Base44, and internal copilots are being used to generate apps, integrations, and customer-facing tools—often without security oversight, review, or even awareness.
And these aren’t harmless prototypes. “We’re seeing AI-generated apps accessing production systems, integrating with sensitive data, and exposed to customers,” Shahar explained. “Secrets management, access control, logging—it’s all being skipped.”
Traditional security tools weren’t designed for this world. They assume code flows through CICD pipelines. They assume trained developers. But this new category of creators—what Pluto calls “business users”—operate outside those lanes. They’re using no-code tools, AI agents, and browser-based IDEs to build software that matters, fast.
The security team, meanwhile, is left behind. “You used to be responsible for X,” one CISO told Shahar. “Now you’re responsible for 5X—without 5X the budget.” Worse, even when security tries to intervene, it’s often too late—or too heavy-handed. “You can’t just throw pop-ups at non-technical users and hope they understand threat models,” she said. “You need communication, education, and guardrails that don’t get in the way.”
This aligns with themes I’ve heard from leaders like Iftach Amit and Neatsun Ziv: visibility without execution is liability. But Shahar’s insight adds a new twist—visibility alone isn’t enough when the creators themselves aren’t part of the security conversation. Pluto’s belief is that security must shift from gatekeeping to enabling: providing contextual, friendly guidance in the tools people already use.
“The answer isn’t more blocking,” she said. “It’s enabling – with smarter guardrails.”
In our conversation, Shahar highlighted several security concerns raised by AI-generated software: from DLP and secret leaks to lateral movement and unauthorized integrations. She also pointed out that production now means different things to different teams—sometimes it’s a live customer experience, other times it’s an internal dashboard pulling from sensitive systems. Either way, the risk is real.
And the urgency is growing. “We thought we had more time,” Shahar admitted. “But when we started talking to large enterprises, they were already dealing with this—right now.”
That’s why Pluto’s vision is to meet the moment: to secure the decentralized future of software creation by empowering security teams to support business builders without slowing them down.
“This is a good change,” Shahar said. “AI-driven creation is great for business. It’s our job to make sure it’s also great for security.”
About Michael Matias:
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
