A $40-a-month AI coding tool and one motivated BDC manager can now create a customer-facing app before lunch. That sounds great until the app is connected to a CRM export, sending texts from a store number, and living on somebody’s personal laptop with no password rotation, no opt-out logic, and no idea who owns it when that employee quits.
That is the dealership version of the vibe coding problem. Non-technical people are using AI to build scripts, dashboards, follow-up tools, inventory alerts, service reminders, equity-mining widgets, and lead sorters. Some of it is clever. Some of it saves real time. I am not anti-tool. I have seen stores duct-tape together reports that were more useful than six-figure vendor installs.
But there is a security bomb sitting inside this trend, and dealers are not naturally built to defuse it. We move fast, we export everything to CSV, we share logins more than we admit, and we reward the person who fixes the pain point before we ask how they fixed it.
Vibe coding is already in your store
“Vibe coding” is the new nickname for building software by describing what you want to an AI tool, then letting it generate the code. You do not need to know much about software architecture. You can say, “Build me a page that uploads service customers and identifies likely trade targets,” and the tool will spit out something that looks usable.
That matters because dealership employees are drowning in manual work. The service BDC wants a faster recall follow-up list. The used car manager wants first shot at high-equity service customers. The GSM wants a heat map of unsold leads by zip code. The controller wants fewer one-off reporting requests. AI coding tools make all of that feel reachable without waiting six months for a vendor roadmap.
The danger is not that your people are experimenting. The danger is that the experiment touches customer data, system access, and communication rights before anyone has defined the rules.
Dealership data has a bigger blast radius than people think
A rooftop is not a clean software environment. It is a junk drawer of DMS permissions, CRM notes, desking history, service records, online credit leads, phone recordings, website forms, equity tools, marketing platforms, and payment links. One “simple” app can accidentally touch five systems and 80,000 customer records.
Look at the data you routinely move around: names, phone numbers, emails, VINs, payoff estimates, RO history, warranty status, trade appraisals, driver’s licenses, bank stipulations, household clues, text consent, and sometimes enough personal information to create a very bad week for the dealer principal.
I have seen this play out at stores from Phoenix to Pittsburgh in less dramatic ways: a spreadsheet with an API key sitting in a shared drive, a service-lane text script still running after the manager who built it left, customer exports uploaded into consumer AI tools, and “temporary” CRM admin rights that somehow became permanent.
- A salesperson pastes 200 unsold internet leads into an AI tool to write better follow-up emails.
- A service advisor builds a quick app to flag declined repair customers, then stores the export in a personal cloud account.
- A BDC rep creates an SMS workflow that does not check opt-outs before texting.
- A manager connects a homemade dashboard to the CRM with admin credentials because read-only access was annoying.
- Nobody documents the tool, so six months later the store cannot tell whether it is still pulling data.
None of those people are trying to hurt the store. That is what makes it dangerous. This is not the movie version of hacking. It is dealership convenience turning into unmanaged exposure.
Use the blast radius test before you bless any AI-built tool
The question should not be, “Does it work?” A lot of bad code works. It sends the text, builds the report, or updates the spreadsheet. The better question is, “If this thing breaks, leaks, or gets abused, how far does the damage travel?”
I’d argue every store needs a simple scoring model. Nothing fancy. If a tool scores high, it does not mean you kill it. It means it needs adult supervision before it touches production data.
| Risk area | Low score | High score |
|---|---|---|
| Data touched | Inventory-only or anonymized data | Customer PII, credit, payoff, RO history, consent records |
| Systems connected | Manual upload, no live connection | DMS, CRM, texting platform, payment, or service scheduler |
| Message authority | Internal report only | Can email, text, or trigger customer-facing communication |
| Access level | Read-only, limited user | Admin login, shared password, broad export rights |
| Persistence | One-time report | Runs nightly, stores data, or keeps API keys |
Score each row 0, 1, or 2. Anything at 6 or higher gets treated like a real application, not a side project. That means named owner, documented access, retention rules, permission review, and a kill switch. If that sounds heavy, compare it to the cost of explaining to customers why a homemade equity-mining script exposed their service history.
The messiest area is customer communication
The highest-risk AI tools are the ones that can talk to customers. A dashboard that mis-sorts leads is annoying. A tool that texts 1,800 service customers without honoring opt-outs is a different problem. Same goes for AI-generated email follow-up that makes payment claims, service promises, trade values, or financing language nobody approved.
This is where operators need to separate experimentation from execution. Build a prototype if you want. Test it on fake records. Use anonymized data. But the minute it sends a real SMS, writes to the CRM, or pulls live service-lane customer data, it needs the same scrutiny you would apply to any vendor in your stack.
Dealers using platforms like AutoRelay for service-lane acquisition or SMS engagement should still ask hard questions: Who can access the data? How are opt-outs handled? What gets written back to the CRM? How long is data retained? Can the store audit message history and user activity? Buying a platform does not remove your responsibility, but a legitimate platform should be able to answer those questions without tap dancing.
A practical audit you can run without hiring a consultant
Pull a list of every non-standard tool, script, spreadsheet, AI workflow, browser extension, and dashboard your managers use to move customer data or trigger follow-up. Do not start with IT. Start with the people who are getting work done: BDC, service drive, used cars, internet, accounting, and marketing.
- Search shared drives and inboxes for “API key,” “CRM export,” “customer upload,” “GPT,” “webhook,” and “text list.”
- Review DMS and CRM users with admin or export permissions, especially former employees and shared logins.
- Identify any workflow that sends SMS or email outside your approved communication platform.
- Apply the blast radius score to each tool touching customer data.
- Shut off anything with no owner, no documented access, or no clear business purpose.
The goal is not to scare your managers back into manual work. The stores that learn how to use AI safely will be faster than the ones that ban it and pretend nobody is pasting customer lists into random tools. But speed without controls is just another form of floorplan risk — it feels fine until the statement shows up.
Run the blast radius score on one customer-facing workflow this week. Pick the service-lane equity list, the BDC follow-up process, or the unsold lead campaign. If you cannot name the owner, access level, data source, opt-out process, and shutoff procedure in five minutes, the tool is not ready for production.
See how AutoRelay helps dealers acquire inventory from their own service drive → getautorelay.com