Traditional enterprise security strategies were designed to safeguard servers, endpoints, and cloud accounts. However, they are not equipped to detect a customer intake form that a product manager created using vibe coding on Lovable over the weekend, linked to a live Supabase database, and launched on a public URL that Google indexed. This oversight now has tangible consequences.
New insights from the Israeli cybersecurity firm RedAccess shed light on the extent of the issue. Their research uncovered 380,000 publicly accessible assets, such as applications, databases, and infrastructure, developed with vibe coding tools from Lovable, Base44, and Replit, as well as the deployment platform Netlify. Approximately 5,000 of these assets, representing 1.3%, contained sensitive corporate data. CEO Dor Zvi revealed that his team discovered this vulnerability while investigating shadow AI for clients. Axios independently confirmed several exposed apps, and Wired corroborated the findings through separate verification.
The confirmed exposures include an app from a shipping company that outlined which vessels were scheduled to arrive at specific ports, a health company application listing active clinical trials in the U.K., and unredacted customer service interactions for a British cabinet supplier available on the web. Additionally, internal financial details for a Brazilian bank were accessible to anyone with the URL.
The compromised data also covered patient communications at a children’s long-term care facility, doctor-patient summaries in hospitals, incident response records at a security company, and advertising purchasing strategies. Depending on the jurisdiction and the nature of the data, these healthcare and financial exposures may lead to regulatory requirements under HIPAA, UK GDPR, or Brazil’s LGPD.
RedAccess also identified phishing sites built on Lovable that mimicked Bank of America, FedEx, Trader Joe’s, and McDonald’s. Lovable has initiated investigations and is working to remove these phishing sites.
The defaults are the problem
Privacy settings on several vibe coding platforms allow apps to be publicly accessible unless users manually change them to private. Many of these apps get indexed by Google and other search engines, making them easily discoverable. Zvi remarked: “I don’t think it’s feasible to educate the whole world around security. My mother is [vibe coding] with Lovable, and no offense, but I don’t think she will think about role-based access.”
This is not an isolated finding
In October 2025, Escape.tech examined 5,600 publicly available vibe-coded applications and found over 2,000 significant vulnerabilities, more than 400 exposed secrets like API keys and access tokens, and 175 instances of personal data exposure involving medical records and bank account numbers. All vulnerabilities identified by Escape were found in live production systems and were discoverable within hours. The detailed report outlines their methodology. Escape also secured an $18 million Series A funding round led by Balderton in March 2026, emphasizing the security gap created by AI-generated code as a central market thesis.
Gartner’s “Predicts 2026” report projects that by 2028, prompt-to-app approaches adopted by citizen developers will boost software defects by 2,500%. Gartner highlights a new defect class where AI generates code that is syntactically correct but lacks comprehension of the broader system architecture and intricate business rules. The costs to address these deep contextual bugs will consume resources previously designated for innovation.
Shadow AI is the multiplier
IBM’s 2025 Cost of a Data Breach Report revealed that 20% of organizations encountered breaches linked to shadow AI, adding $670,000 to the average breach cost and increasing the shadow AI breach average to $4.63 million. Of the organizations that reported AI-related breaches, 97% lacked proper access controls, and 63% had no AI governance policy.
Shadow AI breaches predominantly exposed customer personally identifiable information at 65%, compared to 53% across all breaches, and affected data spread across multiple environments 62% of the time. Only 34% of organizations with AI governance policies conducted regular audits for unsanctioned AI tools. VentureBeat’s shadow AI research predicted that active shadow apps could more than double by mid-2026. Cyberhaven data indicated that 73.8% of ChatGPT workplace accounts in enterprise settings were unauthorized.
What to do first
The audit framework below provides CISOs with a roadmap for assessing vibe-coded app risks across five domains.
|
Domain |
Current State (Most Orgs) |
Target State |
First Action |
|
Discovery |
No visibility into vibe-coded apps |
Automated scanning of vibe coding platform domains |
Run DNS + certificate transparency scan for Lovable, Replit, Base44, and Netlify subdomains tied to corporate assets |
|
Authentication |
Platform defaults (public by default) |
SSO/SAML integration required before deployment |
Block unauthenticated apps from accessing internal data sources |
|
Code scanning |
Zero coverage for citizen-built apps |
Mandatory SAST/DAST before production |
Extend the existing AppSec pipeline to cover vibe-coded deployments |
|
Data loss prevention |
No DLP coverage for vibe coding domains |
DLP policies covering Lovable, Replit, Base44, Netlify |
Add vibe coding platform domains to existing DLP rules |
|
Governance |
No AI usage policy or shadow AI detection |
AI governance policy with regular audits for unsanctioned tools |
Publish an acceptable-use policy for AI coding tools with a pre-deployment review gate |
The CISO who views this as a policy issue might draft a memo. The CISO who sees it as an architectural challenge will launch discovery scans across the four major vibe coding domains, enforce pre-deployment security reviews, extend the AppSec pipeline to include citizen-built apps, and incorporate these domains into DLP rules before the next board meeting. One of these CISOs will steer clear of future headlines.
The vibe coding exposure that RedAccess documented is intricately linked to shadow AI. It represents shadow AI’s production layer, where employees create internal tools on platforms that default to public, bypass authentication, and remain absent from asset inventories. Consequently, these applications remain invisible to security teams until a breach occurs or a reporter uncovers them. Conventional asset discovery tools are designed to identify servers, containers, and cloud instances, not a marketing configurator a product manager crafted on Lovable over a weekend, connected to a Supabase database containing live customer records, and shared via a public URL that Google quickly indexed.
The detection challenge runs deeper than most security teams realize. Vibe-coded apps deploy on platform subdomains that rotate frequently and often sit behind CDN layers that mask origin infrastructure. Organizations running mature, secure web gateways, CASB, or DNS logging can detect employee access to these domains. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. Without explicit monitoring of the major vibe coding platforms, the apps themselves generate a limited signal in conventional SIEM or endpoint telemetry. They exist in a gap between network visibility and application inventory that most security stacks were never architected to cover.
The platform responses tell the story
Replit CEO Amjad Masad reported that RedAccess informed his company only 24 hours before going public with the findings. Base44 (via Wix) and Lovable stated that RedAccess did not provide the URLs or technical specifics required to verify the findings. None of the platforms denied the existence of the exposed applications.
Wiz Research independently discovered in July 2025 that Base44 had a platform-wide authentication bypass. Exposed API endpoints allowed anyone to create a verified account on private apps using nothing more than a publicly visible app_id. The flaw meant that showing up to a locked building and shouting a room number was enough to get the doors open. Wix fixed the vulnerability within 24 hours after Wiz reported it, but the incident exposed how thin the authentication layer is on platforms where millions of apps are being built by users who assume the platform handles security for them.
The pattern is consistent across the vibe coding ecosystem. CVE-2025-48757 documented insufficient or missing Row-Level Security policies in Lovable-generated Supabase projects. Certain queries skipped access checks entirely, exposing data across more than 170 production applications. The AI generated the database layer. It did not generate the security policies that should have restricted who could read the data. Lovable disputes the CVE classification, stating that individual customers accept responsibility for protecting their application data. That dispute itself illustrates the core tension: platforms that market to nontechnical builders are shifting security responsibility to users who do not know it exists.
What this means for security teams
The RedAccess findings complete the picture. Professional agents face credential theft on one layer, while citizen platforms encounter data exposure on another. The structural failure is consistent: security reviews occur post-deployment or not at all. Identity and access management systems monitor human users and service accounts but overlook the Lovable app a sales operations analyst deployed last Tuesday, linked to a live CRM database, and shared via a public URL with three external contractors.
Crucial questions often go unasked at AI-generation speed, such as whether database policies limit data access or if API endpoints require authentication. This oversight leads to exposure scaling faster than any human review process can manage. For security leaders, the pressing concern is not whether vibe-coded apps are present within their perimeter, but how many there are, what data they hold, and who can access them. The RedAccess findings suggest that for most organizations, the situation is more severe than anyone in the C-suite currently realizes. The organizations that initiate scanning this week will identify these vulnerabilities. Those that delay will likely see themselves in future news headlines.
