What If Everybody Can Code?

AI and large language models (LLMs) are redefining who can code. Tools that once required deep technical expertise are now accessible to anyone who can describe what they want to build. This shift is enabling a new generation of “citizen developers,” people across departments and roles who use AI to create applications, automate tasks, and solve business problems independently. 

However, as more people start writing code without traditional safeguards in place, organizations face new challenges. Security, data governance, and oversight become harder to manage when development happens outside established processes. The risks are real, from accidental data exposure to the unchecked growth of shadow IT. 

To make the most of this shift, companies need a way to support this new wave of builders without losing sight of security, governance, or control.

Preparing for the next billion developers

A billion developers might sound like a stretch, but it’s starting to look less like science fiction and more like a fast-approaching reality. AI is dismantling barriers to entry, drawing more individuals into coding for everything from one-off scripts to passion projects and everyday work tasks.

But AI tools aren’t just helping newcomers. Seasoned developers use them to solve harder problems, move faster, and focus on higher-value work. How people write software is evolving, and it’s no longer just a job for the formally trained.

As AI keeps improving, the gap between developers and non-developers is narrowing. People who never considered themselves technical now contribute to codebases, automate workflows, and build real tools. The rise of these ‘citizen developers’ is changing how software gets built and who’s involved in the process.

For organizations, that shift comes with big questions. What does software development look like when almost anyone can code? And how do teams adapt when the ability to build isn’t limited to a small group of specialists?

Two types of citizen developers: Specialized platforms and natural language prompts

AI enables more people to build, which they do in two main ways: through specialized platforms and natural language tools.

Many workers use low-code and automation platforms to build internal tools or streamline repetitive tasks. Tools like Retool, n8n, and Salesforce make it easy for non-developers to connect databases, create workflows, and automate business processes — all through simple interfaces and minimal code.

Retool helps teams build internal apps by pulling from existing APIs and data sources. N8n uses a drag-and-drop interface to automate complex workflows. Salesforce also allows users to automate CRM tasks like sales outreach and marketing follow-ups without writing traditional code.

These tools remove the need to wait for developers or IT teams to get things done. Employees can solve problems on their own, speed up projects, and free up time across the organization. It’s a big reason why the demand for low-code tools keeps growing — they give teams the freedom to move faster.

At the same time, a different group of users is turning to AI assistants that generate code from plain English. Platforms like GitHub Copilot and Claude make writing scripts, cleaning up data, or running simple analyses easy, with no formal training required. Just describe what you want to do, and the tool does the rest.

This type of access is especially helpful for teams who need quick, lightweight solutions, not full-blown applications. It shortens the learning curve, saves time, and lets more people contribute to work that used to be siloed in engineering.

Together, these tools are expanding to include those who get to build software. They’re not just simplifying code but making technology more accessible, inclusive, and open to experimentation. But they also raise new questions: What happens to traditional developer roles? And how do we make sure that security keeps up when everyone can code?

When everyone builds, shadow IT builds up too

Shadow IT spreads fast as AI-generated code and low-code platforms become more common. Employees are building tools on their own, often without involving IT, simply because they can. While that independence can boost productivity, it also adds risk and complexity behind the scenes.

Too many tools, not enough visibility

When teams build their own apps or workflows, IT often has no visibility into how they work, what data they touch, or how they’re secured. Each tool may use different authentication methods, store data in different places, or skip basic security checks altogether. That makes it harder to manage infrastructure and easier for problems to go unnoticed.

Data moves fast and sometimes without guardrails.

Citizen developers often work with real business data, customer information, financials, and internal records. Even well-meaning employees can create compliance risks or expose sensitive data by accident without proper training or oversight. Without consistent governance, it’s hard to know which tools meet standards and which don’t.

Support starts with shared responsibility

Solving these problems doesn’t mean shutting things down, but guiding them. Organizations can offer clear security guidelines, lightweight approval processes, and practical training that helps employees build safely. IT teams should also have the tools to track what’s being built and step in when needed.

Innovation doesn’t have to mean losing control

Giving teams the freedom to solve their own problems can drive faster, more creative results. But it works best when that freedom is paired with support. When IT and other departments work together, it’s possible to balance innovation with strong governance and to scale safely without slowing anyone down.

Malicious actors in low-code AI platforms

As low-code and AI-powered development platforms grow more popular, they’re also becoming prime targets for attackers. Many of these tools were designed for speed and accessibility, not for hardened security. And when non-experts build applications without secure defaults or oversight, vulnerabilities can slip through.

More tools, more risk — especially in the hands of new builders

Citizen developers often lack formal training in secure coding practices. That’s not their fault—it’s just not part of their job. But it does mean that the tools they build may lack basic protections like input validation, authentication, or encryption. Attackers know this and are actively scanning for easy wins, scripts with open endpoints, misconfigured access controls, or apps pulling in sensitive data without safeguards.

Build fast, but build with support

Organizations can’t rely on citizen developers to think like security engineers, nor should they have to. What’s more effective is providing clear guardrails: baseline security controls, automated scanning for known issues, and safe patterns to follow. Regular audits and automated testing help, but they’re just part of the equation.

Turn security into a shared skill, not a blocker

Security training doesn’t have to be heavy-handed. Quick guides, built-in templates, and just-in-time education can go a long way. Teach employees how to handle data responsibly, recognise risky behavior (like copying API keys into shared docs), and think about the impact of what they build.

Work with, not around, your citizen developers

The best defense is collaboration. When IT and security teams partner with citizen developers instead of policing them, they build trust and better outcomes. That partnership creates a foundation where anyone can build quickly and safely, without introducing unnecessary risk.

Ready or not, everyone can code. The question is: Can your organization support it securely?

Empowering citizen developers doesn’t mean lowering the bar for security. It means shifting how we think about who builds software, how we govern it, and what support looks like. By pairing AI-powered tools with the right guardrails, training, and collaboration, teams can move faster without sacrificing control.

Snyk helps organizations stay ahead of the curve by embedding security into every layer of the development process, from citizen-built tools to enterprise-grade applications.

Start securing what’s being built — wherever it’s being built.

Explore how Snyk helps.