increasingly as AI takes over the work of modern programmers, the cybersecurity world warns that automatic coding tools are sure to introduce new hackable bugs into software. But it turns out that when these same vibecoding tools allow anyone to create web-hosted applications with a single click, the security implications extend beyond bugs to complete absence. Any In some cases, it also protects the security of sensitive corporate and personal data.
Security researcher Dor Zvi and his team at RedAccess, the cybersecurity company he co-founded, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found that more than 5,000 of them had virtually no security or authentication of any kind. Many of these web apps made the app and its data accessible to anyone simply by finding the web URL. Others had only minor barriers to that access, such as requiring visitors to sign in with an email address of their choice. About 40% of the apps leaked sensitive data, including medical information, financial data, company presentations, strategy documents, and detailed logs of customer conversations with chatbots, Zvi said.
“The end result is that organizations are actually leaking personal data through vibecoding applications,” Zvi says. “This is one of the largest events in history where people reveal corporate information and other sensitive information to anyone in the world.”
Zvi says RedAccess’s search for vulnerable web apps was surprisingly easy. Lovable, Replit, Base44, and Netlify all allow users to host their web apps on the AI company’s own domain rather than the user’s domain. So researchers used simple Google and Bing searches for these AI companies’ domains, combined with other search terms, to identify thousands of apps that were vibe-coded with the companies’ tools.
Zvi said there were 5,000 AI-encoded apps that anyone could access by typing a URL into a browser, and nearly 2,000 of those apps would reveal personal data upon closer inspection. Screenshots of the web app he shared with WIRED (some of which WIRED has reviewed are still publicly available online) showed what appeared to be hospital work assignments, including doctors’ personal information and detailed ad buys for companies. information, including what appears to be another company’s go-to-market strategy presentation, a complete log of a retailer’s chatbot and customer conversation, including the customer’s name and contact information, freight records from a shipping company, and various sales and financial records from various other companies. According to Zvi, in some cases, published apps have been found to be able to gain administrative privileges on the system and even remove other administrators.
In the case of Lovable, Zvi said he has also discovered numerous examples of phishing sites impersonating major companies such as Bank of America, Costco, FedEx, Trader Joe’s and McDonald’s. These sites appeared to be created with AI coding tools and hosted on Lovable’s domain.
When WIRED contacted four AI coding companies about the RedAccess findings, Netlify did not respond, but the other three companies pushed back on the researchers’ claims, complaining that they were not sharing their findings enough or giving them enough time to respond. (RedAccess said it contacted both companies on Monday.) But they did not deny that the web apps discovered by RedAccess remain publicly available.
“From the limited information they shared, [RedAccess’s] “The central allegation appears to be that some users published apps on the open web that should have been private,” Replit CEO Amjad Massad wrote in a reply post to X. “Replit allows users to choose whether their apps are public or private. It is expected behavior that public apps are accessible on the internet. Privacy settings can be changed at any time with one click.”
