Thousands of Vibe-Coded Apps Leak Corporate and Personal Data Online

As artificial intelligence reshapes the landscape of software development, cybersecurity experts have long warned that automated coding tools would inevitably introduce a new wave of exploitable vulnerabilities. But when those same vibe-coding platforms enable anyone to deploy a web application with a single click, the security risks extend far beyond mere bugs. The result, in many cases, is a complete absence of any security whatsoever, often exposing highly sensitive corporate and personal data to the open internet.

Security researcher Dor Zvi, along with his team at the cybersecurity firm RedAccess, conducted a sweeping analysis of thousands of vibe-coded web applications built using popular AI development tools including Lovable, Replit, Base44, and Netlify. Their findings were alarming: more than 5,000 of these apps had virtually no authentication or security protections. Many allowed anyone who simply discovered the app’s URL to access its data directly. Others offered only trivial barriers, such as requiring a visitor to sign in with any email address. According to Zvi, roughly 40 percent of these vulnerable apps exposed sensitive data, including medical records, financial information, corporate strategy documents, and detailed logs of customer conversations with chatbots.

“The end result is that organizations are actually leaking private data through vibe-coding applications,” Zvi says. “This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world.”

Zvi notes that locating these exposed apps was surprisingly straightforward. Lovable, Replit, Base44, and Netlify all allow users to host their applications on the AI companies’ own domains rather than requiring custom domains. The RedAccess team simply used standard Google and Bing searches, combining those domain names with other search terms, to identify thousands of apps that had been vibe-coded with these tools and left publicly accessible.

Among the 5,000 AI-coded apps that Zvi found completely open to anyone who typed their URL into a browser, close to 2,000 appeared to reveal private data upon closer inspection. Screenshots shared with WIRED, several of which were verified as still online and exposed, showed what appeared to be a hospital’s work assignments containing doctors’ personally identifiable information, a company’s detailed ad purchasing records, another firm’s go-to-market strategy presentation, a retailer’s full logs of chatbot conversations with customers (including full names and contact information), a shipping company’s cargo records, and various sales and financial documents from multiple other organizations. In some cases, Zvi says the exposed apps would have allowed him to gain administrative privileges over systems and even remove other administrators.

In the case of Lovable, Zvi also discovered numerous phishing sites impersonating major corporations, including Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s. These appeared to have been created using the AI coding tool and hosted on Lovable’s own domain.

When WIRED contacted the four AI coding companies about RedAccess’ findings, Netlify did not respond. The other three pushed back, arguing that the researchers had not shared enough detail or provided sufficient time for a response. (RedAccess says it reached out to the companies on Monday.) However, none of them denied that the web apps RedAccess identified were left exposed.

“From the limited information they shared, [RedAccess’s] core claim appears to be that some users have published apps on the open web that should’ve been private,” Replit CEO Amjad Masad wrote in a response post on X. “Replit allows users to choose whether apps are public or private. Public apps being accessible on the internet is expected behavior. Privacy settings can be changed at any time with a single click.”