Most enterprise security programs were created to protect servers, endpoints, and cloud accounts. None of them were made to find the customer signup form that Vibe, a product manager, had coded at Lovable in a weekend, connected to a live SupaBase database, and deployed to a public URL indexed by Google. That difference now has a price tag.
New research from Israeli cybersecurity firm RedAccess measures the scale. The firm discovered 380,000 publicly accessible assets, including applications, databases, and related infrastructure, built with Lovable, Base44, and Replit’s Vibe coding tools, as well as deployment platform Netlify. Of those, about 5,000 properties, about 1.3%, contained sensitive corporate information. CEO Dor Zvi said his team got the exposure while researching Shadow AI for clients. Axios independently verified several of the exposed apps, and Wired separately confirmed the findings.
Among the verified risks: A shipping company app details which ships are scheduled to arrive at which ports. An internal health company application listed active clinical trials across the UK, full, unedited customer service conversations for a British cabinet supplier existed on the open web. The Brazilian bank’s internal financial information was available to anyone who found the URL.
The exposed data also included patient conversations at a children’s long-term care facility, hospital doctor-patient summaries, incident response records at a security company and ad buying strategies. Depending on the jurisdiction and the data involved, healthcare and financial risks may trigger regulatory obligations under HIPAA, the UK GDPR, or the Brazilian LGPD.
RedAccess found phishing sites created on Lovable that mimicked Bank of America, FedEx, Trader Joe’s, and McDonald’s. Lovable said it has started investigating and removing phishing sites.
default problem
Privacy settings on many vibe coding platforms make apps publicly accessible unless users manually switch them to private. Many of these applications are indexed by Google and other search engines. Anyone can collide with them. Zvi said candidly: “I don’t think it’s possible to educate the whole world about security. My mother is [vibe coding] With Lovable, and no offense, but I don’t think she’ll think about role-based access.”
This is not an isolated discovery
In October 2025, Escape.tech scanned 5,600 publicly available Vibe-coded applications and found over 2,000 high-impact vulnerabilities, over 400 exposed secrets including API keys and access tokens, and 175 instances of personal data exposure involving medical records and bank account numbers. Every vulnerability Escape found was in a live production system, which could have been discovered within a few hours. The full report documents the methodology. Escape separately raised an $18 million Series A in March 2026, led by Balderton, citing the security gap opened by AI-generated code as its main market thesis.
Gartner’s “Predicts 2026” report estimates that by 2028, there will be a 2,500% increase in software defects from the prompt-to-app approach adopted by citizen developers. Gartner identifies a new class of defects where AI generates code that is syntactically correct but lacks awareness of the broader system architecture and nuanced business rules. The cost of troubleshooting these deeply relevant bugs will consume the budget already allocated for innovation.
Shadow is an AI multiplier
IBM’s Cost of 2025 Data Breach Report found that 20% of organizations experienced breaches involving shadow AI. Those incidents added $670,000 to the average breach cost, bringing shadow AI breaches to an average of $4.63 million. Of the organizations that reported AI-related breaches, 97% lacked proper access controls. And 63% of breached organizations had no AI governance policy.
Shadow AI breaches exposed customers’ personally identifiable information disproportionately at 65% of the time, compared to 53% of all breaches, and affected data distributed across multiple environments 62% of the time. Only 34% of organizations with AI governance policies conducted regular audits for unapproved AI devices. VentureBeat’s shadow AI research estimates that actively used shadow apps could more than double by mid-2026. CyberHaven data found that 73.8% of ChatGPT workplace accounts in enterprise environments were unauthorized.
what to do first
The audit framework below gives CISOs a starting point for examining vibe-coded app risk across five domains.
| work area |
Current Status (Most Organizations) |
target state |
first action |
|
Search |
No visibility in vibe-coded apps |
Vibe Coding Platform Automatic Scanning of Domains |
Run DNS + Certificate Transparency scans for Lovable, Replit, Base44 and Netlify subdomains associated with corporate assets |
|
authentication |
Platform Default (Public by default) |
SSO/SAML integration required before deployment |
Prevent unauthenticated apps from accessing internal data sources |
|
code scanning |
Zero coverage for citizen-built apps |
Mandatory SAST/DAST before production |
Extend existing AppSec pipeline to cover vibe-coded deployments |
|
Data loss prevention |
No DLP coverage for Vibe coding domain |
DLP policies cover Lovable, Replit, Base44, Netlify |
Add Vibe Coding Platform domain to existing DLP rules |
|
Government |
No AI usage policy or shadow AI detection |
AI governance policy with regular audits for unapproved devices |
Publish an acceptable-use policy for AI coding tools with a pre-deployment review gate |
The CISO who considers this a policy issue will write a memo. The CISO who treats this as an architecture problem would deploy discovery scanning in the four largest Vibe coding domains, require pre-deployment security reviews, extend the existing AppSec pipeline to citizen-built apps, and add those domains to the DLP rules before the next board meeting. One of those CISOs survives the next headline.
Vibe coding exposure is not a separate issue from the RedAccess documented Shadow AI. This is the production layer of Shadow AI. Employees create internal tools on the platform that default to public, skip authentication, and never appear on any asset list, meaning applications remain invisible to security teams until a breach comes to light or a reporter finds them first. Traditional asset discovery tools were designed to find servers, containers, and cloud instances. They have no way of finding the Marketing Configurator, which a product manager built at Lovable in a weekend, connected to a SupaBase database holding live customer records, and shared with three outside contractors via a public URL that Google indexed within a few hours.
The challenge of detection runs deeper than most security teams realize. Vibe-coded apps are deployed on platform subdomains that rotate frequently and often sit behind CDN layers that hide the core infrastructure. Organizations that run mature, secure web gateways, CASB, or DNS logging can trace employee access to these domains. But tracing access is not the same as cataloging what was deployed, what data it contains, or whether it requires authentication. Without the explicit monitoring of major vibe coding platforms, the apps themselves generate a limited signal in traditional SIEM or endpoint telemetry. They exist in a gap between network visibility and application inventory that most security stacks were never designed to cover.
Forum reactions tell the story
Replit CEO Amjad Massad said that RedAccess had informed his company only 24 hours before going to press. Base44 (via Wix) and Lovable both said that RedAccess did not include the URLs or technical specifications necessary to verify the findings. Neither platform denied that the exposed applications existed.
Viz Research separately discovered in July 2025 that Base44 contained a platform-wide authentication bypass. Exposed API endpoints allowed anyone to create a verified account on private apps using nothing more than a publicly visible app_ID. The flaw meant that showing up to a closed building and shouting the room number was enough to get the doors opened. Wix fixed the vulnerability within 24 hours of it being reported, but the incident revealed how thin the authentication layer is on platforms where millions of apps are being created by users who believe the platform handles security for them.
The pattern is consistent across the vibe coding ecosystem. CVE-2025-48757 documented inadequate or missing row-level security policies in Lovable-generated SupaBase projects. Some queries skipped access checks altogether, exposing data in more than 170 production applications. AI created database layer. It did not create security policies that should have restricted who could read the data. Lovable disputes the CVE classification, stating that individual customers accept responsibility for the security of their application data. The controversy itself reflects the core tension: Platforms marketed to non-tech builders are shifting security responsibility onto users who don’t know it exists.
What does this mean for security teams
RedAccess’s findings complete the picture. Professional agents face credential theft on one layer. Citizen platforms, on the other hand, face data exposure. That is structural failure. Security review may or may not occur after deployment. Identity and access management systems track human users and service accounts. They do not track the sales operations analyst Lovable app deployed last Tuesday, which is connected to a live CRM database, and shared with three outside contractors via a public URL.
No one asks whether database policies restrict who can read data or whether API endpoints require authentication. When those questions go unasked at AI-generation speed, the exposure scale can be faster than any human review process. The question for security leaders is not whether Vibe-coded apps are within their perimeter. The question is how many people, who has what data, and to whom it is visible. RedAccess’s findings reveal that the answer, for most organizations, is worse than anyone in the C-suite currently knows. Organizations that start scanning this week will find them. Those who wait will read about themselves further.
<a href