Thousands of Vibe-Coded Applications Reveal Corporate and Personal Information on the Public Web

As AI becomes more prevalent in the realm of modern programming, cybersecurity experts caution that automated coding tools could lead to a surge of vulnerabilities in software. Furthermore, when these intuitive coding platforms make it easy for anyone to develop web applications with just a click, the security risks expand beyond mere bugs, often resulting in a complete lack of any security—sometimes even affecting highly sensitive corporate and personal data.

Security researcher Dor Zvi, along with his team at RedAccess, a cybersecurity firm he co-founded, examined thousands of web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify. They discovered over 5,000 applications with almost no security measures or authentication. Many of these applications were accessible to anyone who knew their web URL, while others had only minimal barriers, such as requiring a visitor to sign in with any email address. According to Zvi, approximately 40 percent of these apps disclosed sensitive information, including medical records, financial details, corporate presentations, strategic plans, and comprehensive logs of customer interactions with chatbots.

“The outcome is that organizations are inadvertently leaking private information through vibe-coded applications,” Zvi states. “This represents one of the most significant breaches where sensitive corporate or personal data is exposed to anyone globally.”

Zvi notes that RedAccess’ search for vulnerable web applications was surprisingly straightforward. Lovable, Replit, Base44, and Netlify permit users to host their web apps on the companies’ own domains instead of the users’. Consequently, the researchers employed simple Google and Bing searches combining the AI firms’ domains with relevant terms, enabling them to pinpoint thousands of vibe-coded apps.

From the 5,000 AI-coded applications identified as publicly accessible by anyone entering their URLs into a browser, Zvi found nearly 2,000 that, upon further examination, seemingly exposed private data. Screenshots of these web apps shared with WIRED—many of which WIRED confirmed were still live and vulnerable—revealed sensitive information, such as a hospital’s staff assignments with identifiable information of physicians, detailed advertising purchase data of a company, what appeared to be a go-to-market strategy presentation from another firm, comprehensive logs of a retailer’s chatbot conversations with customers, including their full names and contact details, cargo records from a shipping company, and various financial and sales records from other firms. In certain instances, Zvi noted that the exposed applications could have granted him administrative access to systems, allowing him to remove other administrators.

Regarding Lovable, Zvi found multiple instances of phishing sites that mimicked major corporations, including Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s, which appeared to have been created with the AI coding tool and hosted on Lovable’s domain.

When WIRED approached the four AI coding companies regarding RedAccess’ findings, Netlify did not respond, while the other three companies contested the researchers’ assertions, claiming they had not been given sufficient information or time to respond. (RedAccess states they reached out to the companies on Monday.) However, they did not refute that the web apps identified by RedAccess were left exposed.

“Based on the limited information they shared, [RedAccess’s] main assertion seems to be that some users have published apps on the open web that should have remained private,” wrote Replit’s CEO Amjad Masad in a response post on X. “Replit allows users to select whether their apps are public or private. Public apps being available on the internet is expected behavior. Privacy settings can be altered at any time with a single click.”