A new report by a security researcher reveals that over 5000+ vibe-coded apps built using platforms like Lovable, Cursor leak sensitive user data such as financial, medical data of the users.
The era of “vibe-coding“—where anyone can generate functional applications using AI with just a few natural language prompts—has arrived. But this rapid democratization of software development is masking a severe cybersecurity threat.
As AI takes over programming tasks, experts are warning that these automated tools are leading to a total absence of security, putting highly sensitive corporate and personal data at serious risk.
Key Takeaways
- Over 5,000 vibe-coded applications were identified with virtually no security or authentication measures.
- Approximately 40 percent of exposed apps leaked sensitive information, including hospital records, financial data, and corporate strategies.
- AI coding platforms often default to public visibility, shifting the responsibility of security configuration to non-technical users.
- Mitigation requires a transition to “Secure by Default” architectures and automated platform-level guardrails.
The Massive Scale of the Vulnerability
Security researcher Dor Zvi and his team at RedAccess recently analyzed thousands of web apps created with popular AI development tools like Lovable, Replit, Base44, and Netlify. Their shocking discovery: over 5,000 of these vibe-coded applications had virtually no security or authentication measures in place.
The researchers found these vulnerable apps easily by conducting straightforward Google and Bing searches for the domains of the AI coding platforms. In many cases, simply knowing the web URL was enough to access the app and its backend data, while others had laughable barriers, such as accepting any email address for sign-in.
A Treasure Trove of Exposed Private Data
What exactly is bleeding out onto the open web? According to Zvi, around 40 percent of these exposed apps leaked sensitive information. Upon closer inspection of the 5,000 publicly accessible apps, close to 2,000 revealed alarming and deep private data.
The exposed information included hospital work assignments with the personally identifiable information of doctors, corporate go-to-market strategies, financial data, and shipping cargo records. Retailers were also found leaking full logs of customer chatbot conversations, complete with the customers’ full names and contact details.
Shockingly, some poorly generated apps even allowed visitors to gain administrative privileges over the system and lock out actual administrators.
In addition to data leaks, researchers uncovered numerous phishing sites mimicking major brands like Bank of America, Costco, Trader Joe’s, and McDonald’s, all of which appeared to have been built with AI and hosted directly on Lovable’s domain.
The AI Platforms Push Back
When confronted with these findings, the AI coding companies largely deflected the blame onto their users. Replit’s CEO Amjad Masad stated that public accessibility is “expected behavior” for apps set to public, noting that privacy settings can be changed with a single click. A spokesperson for Lovable emphasized that how an app is configured is ultimately the creator’s responsibility.
Similarly, Wix’s Base44 argued that disabling security controls is a deliberate choice by the user, and a spokesperson suggested that it is easy to fabricate test applications that merely appear to contain real user data. Netlify did not respond to the researchers’ claims.
The Root Cause: Convenience Bypassing Security
Despite the platforms’ defenses, security researcher Joel Margolis confirms that the problem of AI-built apps leaking data is incredibly real. The core issue is that AI tools are empowering marketing teams and other non-engineers—people with little to no security background—to build and deploy live software.
As Margolis explains, AI tools “do what you ask them to do,” but they won’t proactively secure an application unless explicitly instructed to do so.
Zvi compares this current epidemic of data exposure to the infamous wave of enterprise data leaks caused by misconfigured Amazon S3 cloud storage buckets in previous years.
Ultimately, these vibe-coding tools allow anyone in an organization to launch live applications instantly, entirely bypassing the vital development cycles, access controls, and security checks that traditional enterprise software goes through before release.
How to ensure Security in Vibe-coded apps?
Since thousands of vibe-coded applications are actively leaking highly sensitive corporate databases, patient logs, and financial records, resolving this security risk requires a shift away from manual code audits, moving toward automated, platform-level guardrails that protect data by default.
To effectively mitigate this vulnerability, development platforms and enterprise IT environments must enforce three core technical layers:
- “Secure by Default” Access Rules: AI hosting platforms (such as Replit, Lovable, or Netlify) must mandate that all newly generated applications initialize in a strict “Private” deployment state. Public hosting should require a multi-step verification process, forcing users to explicitly review permissions before their application goes live.
- Systemic Prompt Injections: Enterprise security teams must feed prescriptive security baselines directly into the AI agent’s context. By utilizing systemic configuration files (such as .coderules), the model can be forcefully instructed to isolate variables, avoid hardcoding API keys, and automatically build robust authentication walls into every generated user table.
- Continuous Shadow-IT Discovery: Security operations centers must utilize continuous automated scanning to monitor network endpoints for unapproved browser-based development environments. Web scrapers should also actively target search engine indexing strings to detect and flags any misconfigured AI-hosted subdomains exposing proprietary database frameworks.
Ultimately, while the era of vibe-coding offers unprecedented speed and accessibility in software development, it cannot come at the expense of fundamental security. Transitioning to a secure-by-default architecture, embedding hardcoded guardrails into AI environments, and maintaining strict visibility over shadow IT ensures that anyone can build apps safely.
By prioritizing these automated defense mechanisms, organizations can fully embrace the velocity of AI-driven innovation without exposing their most sensitive data to the open web.
Join our community by subscribing to our Weekly Newsletter to stay updated on the latest AI updates and technologies, including the tips and how-to guides. (Also, follow us on Instagram (@tid_technology) for more updates in your feed and our WhatsApp Channel to get daily news straight to your Messaging App).
