You’re probably familiar with this frustration: You have an idea, maybe a better open house check-in or a client portal that actually carries your brand. You take it to your platform vendor, who adds it as a feature ticket and a promise that “we’ll look at getting that on the roadmap.” When the feature finally arrives (if it arrives at all), it’s vaguely like what you asked for, but watered down because the vendor wants it to apply to as many customers as possible: The feature does maybe half of what you had hoped and not in the way you needed.
That’s the challenge of building your business on someone else’s technology: You move at the pace someone else decides and get the customer experience someone else dictates.
Meanwhile, portals have systematically built themselves into a wedge between brokerages and their clients: collecting data, owning the search experience and, increasingly, the relationship that follows it. That’s fundamentally changed how clients engage with a brokerage:
For a brokerage to stand apart, the client experience needs to feel more personal—and personalized—than ever.
Yet many brokerages continue to use the same templates and tools to minimize costs, resulting in client experiences that look the same as the brokerage down the street, differentiated only by a logo and a color palette. In contrast, well-funded brands have invested heavily enough in digital tools that they can provide a unique client experience. As typical brokerages consider how to compete in today’s challenging environment, they’re seeking to close the widening gap and asking a new question: How can they cost-effectively offer a branded, client-first experience that feels personalized and unique?
Changing the model with AI
Until recently that question had no answer, but AI app builders like Replit and Lovable have changed expectations. A brokerage team can now describe what it wants in plain English and see a working app the same day. And even if brokerage leadership isn’t thinking about vibe coding at the brokerage level, its agents are. Whether they’re telling you or not, agents are vibe-coding new listing websites or an open house app or even a personalized client portal.
It’s an exciting moment, but it’s also one filled with risk: These tools are using standard data connections (“APIs”) that were designed (in some cases decades ago) for engineers that understand the rules of app development and security and make judgment calls accordingly. They weren’t designed for a world where an AI agent is deciding in real time what to access and what to surface, with no one in the loop who knows what data is really needed and what isn’t, what “private remarks” on a listing means, or what TCPA requires when you’re collecting a phone number.
AI introduces new problems: security and compliance
Last month, the issue around security was actually quantified by a cybersecurity firm called RedAccess. After scanning thousands of apps built on popular AI development tools, they found more than 5,000 with essentially no security or authentication of any kind — and around 40 percent of those seemed to be actively exposing sensitive data: Financial records, strategy documents, medical information, customer conversations.
The response from the tool vendors: “users can configure privacy settings,” “public apps being accessible is expected behavior.” Which is technically accurate but extremely risky in practice. A marketing person who built their first app last Tuesday isn’t thinking about detailed minutia of access control settings: They’re thinking about whether the form looks right on a phone.
For real estate brokerages, the challenge might look like this: When you connect an AI-built open house app to a listings system the way most people do, you’re typically not giving it access to one listing. You’re giving it access to the database — all of it, including private remarks, commission information, and data that was never meant to be public-facing. The app only uses one listing, sure. But the API doesn’t know that, and someone who wants to probe can get to all of that other information.
How Cloze Forge addresses the problems
The problem is that when AI tools code, they focus on the positive: building exactly what you asked for. They don’t focus on the negative: how to prevent the risks you didn’t specify. Security is all about the negatives – something AI rarely considers. When we thought about the challenge, we concluded that the only approach to closing the security hole is to move security outside the app entirely.
Cloze Forge is an AI-powered app-building platform that lets brokerages create custom, branded applications on top of their own relationship, listing, and transaction data — with security and compliance enforced by the platform.
By removing security from the app’s jurisdiction and putting it in a layer the app can’t touch, we’re able to configure that layer automatically based on what the app actually does rather than what the person building it remembered to specify.
Here’s how it works in practice: Forge Studio, the AI-powered app builder that’s part of Forge, asks what kind of app you’re building, which sets up a certain security profile. It then watches what it’s building as it builds. It maps the app continuously: what data fields it reads, what it submits, which functions it calls, what it needs access to. By the time the app is ready to deploy, Forge Studio has built a precise security profile of exactly what that app is allowed to do. That profile goes to the Forge Engine, which enforces it at the infrastructure level — outside the app’s code, in a form administrators can inspect without reading a line of it, and in a form the app can’t override no matter what it subsequently does. The Forge Engine has been built to enterprise standards so that an app can scale to handle thousands of agents or clients the minute it’s deployed.
In practice, the decision to remove security and scale from the app layer means that the person building the app doesn’t even have to mention security during the entire build (which, let’s be honest, is how any non-engineer will build their apps). That’s the advantage. Since security and access controls have been taken out of the app layer entirely, no one has to worry about whether the AI will configure security settings properly.
Compliance requirements like TCPA disclosures appear in the app automatically, without being asked, because Cloze Forge has built in compliance controls. Brokerages can also load their own compliance requirements and brand standards into the system, and Forge Studio will use them to inform what it builds.
Since the Forge Engine handles security and operates beneath Forge Studio, we can also connect Forge Engine directly to the Cloze Intelligence Engine — and all of the live brokerage data it holds: listings, MLS data, client relationships, transaction history. Every Forge-built app has access to exactly what it needs so that when someone checks in at an open house and answers yes to a financing question, your mortgage team can act on it right away. But, and this is the critical difference, the Forge Engine ensures that the only data exposed through the AI-built app is the data it needs to do its job. And the communication between Forge Engine and the Cloze Intelligence Engine is bidirectional: your app can access relevant, current data from your business (like a client history and the homes they’ve already seen), while data from your new app can set off workflows in other tools and other parts of the business. That visitor checking in at an open house doesn’t become a row on a spreadsheet someone downloads at the end of the day, they become a contact in the relationship data, connected immediately to agent follow-up, marketing workflows, and the rest of the business.
Why now?
We decided to address this problem now because the brokerages we work with are competing in a market that has rapidly changed around them, and the tools most of them depend on were built for a market that’s already gone. What AI has done is create a real alternative — A team with a good idea and a few hours can build something that would have taken months and a six-figure budget two years ago. That’s new. And for an industry that’s spent years waiting on vendor roadmaps, asking for features that arrive late and shaped for someone else’s requirements, the idea that you don’t have to wait anymore is not a small thing.
What we’re doing with Cloze Forge is to make sure that accelerated speed of progress doesn’t introduce risk or get bogged down by enterprise requirements. There are brokerages today that already recognize this problem and are solving it by hiring dozens of engineers to “productize” the AI-built apps that are being created. Cloze Forge makes that investment unnecessary.
Ultimately, our goal is to make sure that when a brokerage builds something and puts it in front of clients, it holds up from every perspective: security, brand, connectivity, scale, compliance. The client experience depends on every single one of those things, and today’s brokerages can now truly own that experience in a way that’s unique and authentic to their brand.
Cloze Forge is available now for Cloze Enterprise customers..
