A senior executive at one of the world’s largest enterprise data platforms recently shared a stat that should get every CIO’s attention: AI agents are now creating 4x more databases than humans on their platform. A year ago, that number was closer to 1x.
That is more than a datapoint. It is a signal.
AI is collapsing the cost of building software. Cursor and Claude Code have made engineers dramatically faster. Replit, Lovable, and Vercel's v0 made it possible for anyone to build an app from a prompt. Non-engineers can now generate working apps from prompts. And when the cost of building drops, demand rises.
That changes the enterprise question. It is no longer “How do we build apps faster?” It is “How do we govern the wave of apps now being built on top of our enterprise data?”
I spend a lot of time with IT leaders, engineering leaders, and enterprise platform teams. This is the shift they are all working through now.
Gartner predicts that by 2026, 40% of enterprise applications will feature AI agents, up from less than 5% in 2025. McKinsey's latest State of AI report shows 78% of companies now use AI in at least one business function. The volume of AI-built apps inside enterprises is about to increase by an order of magnitude.
The data layer is already governed. The app layer usually is not.
That is the gap. Your data platform has row-level security, access policies, and audit trails. But the apps touching that data often have no SSO, no access controls, no audit logging, and no deployment infrastructure.
Your data is locked down, but the applications surfacing that data are often wide open.
Two versions of the same problem
At most enterprises I work with, app layer pains show up in one of two ways.
- The engineering bottleneck
Every internal app request goes through a central engineering team. Business teams submit tickets. Engineering prioritizes, builds, deploys, maintains. The backlog grows.
A large financial services company I work with had 200-300 operational workflows stuck in Google Sheets because their engineering team couldn't get to them. Each migration took a full quarter. They needed it done in hours.
- The governance gap
This is the frontier company problem. Teams across the org are already building with AI coding tools. Apps are getting created fast. But none of them have SSO, role-based access, audit logging, or a deployment pipeline. The code exists, but the production infrastructure doesn't.
The engineering team of a large e-commerce logistics company spent the majority of their time building and maintaining internal tools instead of working on customer-facing product. They had the talent to build fast, but no platform to govern, deploy, or scale what was being built. Every app required manual wiring for auth, permissions, and deployment. Multiply that across dozens of apps and engineering never gets out of the internal tools queue.
Different starting points, same outcome: engineering becomes the bottleneck for internal apps, whether you're building slow or building fast.
The IT leaders I talk to all inevitably arrive at the same problem and have the same questions. Who maintains this when the builder leaves? Who answers the auditor? Who revokes access across 50 tools at once? Who owns the app that broke at 2am?
I wanted to share the way the enterprises I work with are thinking about this, and what the ones ahead of the curve are actually doing.
What the app layer needs to do
If you've solved data governance, the app layer is the missing piece. Here's what it needs to handle:
Inherit your data platform's governance. Row-level security and access policies should carry over automatically. If a user can't see certain rows in your lakehouse, they shouldn't see them in the app either. No rebuilding governance from scratch.
Connect to your identity provider. SSO through Okta, Azure AD, or Google Workspace. One login. The app knows who the user is and what they can access.
Enforce role-based access control. Finance sees finance. Operations sees operations. Configurable by IT, no code required.
Log everything. Every action, every data access, every change. Piped to your SIEM or available in a centralized dashboard. Non-negotiable in regulated industries.
Deploy to your infrastructure. Your VPC. Your data platform's app hosting layer. Not a third-party cloud. Not someone's laptop.
Connect beyond the data platform. A procurement app reads from your lakehouse and writes to Salesforce. A support dashboard pulls from your data warehouse and sends alerts to Slack. The app layer needs to reach 50+ systems while respecting your governance standards.
Support the full lifecycle. Build, integrate, secure, deploy, maintain, iterate. If business users own the build but engineering owns the other five steps, you haven't solved the problem.
How enterprises are solving this today
The companies getting this right treat the app layer with the same rigor they treat the data layer. A few examples:
A commercial real estate firm rejected an $850K vendor quote and built the replacement themselves. 800+ agents use the app in production daily. The person who built it was a recent college grad, six months into the job.
A B2B healthcare company had a TPM with no engineering background build a prescription processing app that handles 1 million prescriptions a year on a 48-hour SLA. It replaced a 20-person manual team. 99% of the code was AI-generated.
A national healthcare system in Europe is working towards deploying an app to 100,000+ users. 60-70 APIs. SOC 2 and GDPR compliant. The person building the app is a designer.
None of these started with an engineering ticket. All of them run in production with full governance. The model behind them is the same:
- IT configures once. Approved data integrations, SSO, RBAC policies, design standards, audit logging. One setup. Every app inherits it.
- Business teams build freely. AI generates apps from natural language. Teams connect to the data platform, Salesforce, Slack, whatever the use case needs. They own the build, the iteration, the maintenance. No engineering tickets.
- The platform enforces the bridge. Every app deploys through the same pipeline. Same security standards. Same audit trail. IT sees what's running, who built it, who's using it, and what data it touches from a single dashboard. Distributed building. Centralized governance. Engineering stays focused on customer-facing product.
How Superblocks handles this
Superblocks is the app platform that sits on top of your data platform. Governed production apps without handing everything back to engineering.
Your data platform's permissions carry over. Connect to your lakehouse, data warehouse, or SQL engine. Your existing access policies, row-level security, audit policies, and column masking apply automatically. You inherit governance. You don't rebuild it.
Deploy inside your infrastructure. Deploy apps directly into your data platform's app hosting layer or your VPC. Not next to your infrastructure. Inside it. Your security perimeter stays intact.
SSO and RBAC out of the box. Connect your identity provider. Configure role-based access once. Every app inherits those policies. IT sets the rules. Builders don't think about it.
Audit logging is always on. Every action, every data access, every deployment. Centralized dashboard. Exportable to your SIEM. When auditors ask questions, you have answers.
50+ integrations in the same app. Read from your lakehouse. Write to Salesforce. Pull from your data warehouse. Send alerts to Slack. Connect to Jira, ServiceNow, internal APIs. One app, multiple data sources, one governance layer.
Business users own the full lifecycle. Clark, our AI builder, generates production apps from natural language. Business teams build, deploy, iterate, and maintain without engineering. IT sets the guardrails once. Every app stays within them.
One dashboard for IT visibility. Every app, every user, every data connection, every deployment. When you have 200 internal apps, you see all of them in one place.
This is how enterprises go from 10 internal apps to 500 without losing governance and without drowning engineering in productionization work.
The question worth asking
Most enterprises have invested heavily in governing the data layer. Far fewer have made the same investment in governing the app layer.
That works when there are five apps. It breaks when there are fifty. It gets dangerous when there are five hundred.
The enterprises that solve this early will have a real advantage. They will let teams build at AI speed without losing governance at the application layer.
If you're thinking about this for your organization, I'm happy to walk through what we're seeing and how it maps to your stack. Reach out at tom@superblockshq.com or book a conversation at superblocks.com.
FAQ
Can I use Superblocks if my data stays in my VPC?
Yes. Superblocks supports Cloud Prem deployment. Your data never leaves your network. The platform runs inside your infrastructure. This is the deployment model most regulated enterprises and financial institutions use.
Does Superblocks replace my data platform?
No. Superblocks is the app layer on top of your data platform. Your data stays where it lives today. Superblocks connects to it and gives you the infrastructure to build governed production apps on that data.
What if we already use a low-code tool like Retool or Appsmith?Many of our customers migrated from platforms that couldn't meet their governance, performance, or scalability requirements. Superblocks is built for enterprise scale: SSO, RBAC, audit logging, Cloud Prem, and platform-managed infrastructure that most low-code tools don't offer.
Do our builders need to know how to code?
No. Clark generates production apps from natural language. Business users describe what they want and Clark builds it, connected to your data sources and integrations. Builders can also edit code directly. Both paths produce the same governed, deployable app.
How does pricing work?
Superblocks charges based on builders and deployed apps. End users are unlimited. You don't pay per viewer, per transaction, or per query. The pricing model doesn't penalize you for scale.
How long does it take to get started?
Most teams connect their data platform and deploy their first app within a day. IT configuration (SSO, RBAC, integrations) takes a few hours. Builders start creating apps immediately after that.
Stay tuned for updates
Get the latest Superblocks news and internal tooling market insights.
Request early access
Step 1 of 2
Request early access
Step 2 of 2
You’ve been added to the waitlist!
Book a demo to skip the waitlist
Thank you for your interest!
A member of our team will be in touch soon to schedule a demo.
production apps built
days to build them
semi-technical builders
traditional developers
high-impact solutions shipped
training to get builders productive
SQL experience required
See the full Virgin Voyages customer story, including the apps they built and how their teams use them.
"Those tools are great for proof of concept. But they don't connect well to existing enterprise data sources, and they don't have the governance guardrails that IT requires for production use."
Table of Contents
Multiple authors
The AI-Native Enterprise Tooling Stack: How Claude Code, Cowork, and Superblocks Work Together
Your engineers are faster than they've ever been. Claude Code, Cursor, Copilot — they're genuinely useful.
.avif)
