Thousands of Vibe-Coded Apps Expose Corporate and Personal Data On the Open Web

An anonymous reader quotes a report from Wired: Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no security or authentication of any kind. Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data. Others had only trivial barriers to that access, such as requiring that a visitor sign in with any email address. Around 40 percent of the apps exposed sensitive data, Zvi says, including medical information, financial data, corporate presentations, and strategy documents, as well as detailed logs of customer conversations with chatbots.

"The end result is that organizations are actually leaking private data through vibe-coding applications," says Zvi. "This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world." Zvi says RedAccess' scouring for vulnerable web apps was surprisingly easy. Lovable, Replit, Base44, and Netlify all allow users to host their web apps on those AI companies' own domains, rather than the users'. So the researchers used straightforward Google and Bing searches for those AI companies' domains combined with other search terms to identify thousands of apps that had been vibe coded with the companies' tools.

Of the 5,000 AI-coded apps that Zvi says were left publicly accessible to anyone who simply typed their URLs into a browser, he found close to 2,000 that, upon closer inspection, seemed to reveal private data: Screenshots of web apps he shared with WIRED -- several of which WIRED verified were still online and exposed -- showed what appeared to be a hospital's work assignments with the personally identifiable information of doctors, a company's detailed ad purchasing information, what appeared to be another firm's go-to-market strategy presentation, a retailer's full logs of its chatbot's conversations with customers, including the customers' full names and contact information, a shipping firm's cargo records, and assorted sales and financial records from a variety of other companies. In some cases, Zvi says, he found that the exposed apps would have allowed him to gain administrative privileges over systems and even remove other administrators. In the case of Lovable, Zvi says he also found numerous examples of phishing sites that impersonated major corporations, including Bank of America, Costco, FedEx, Trader Joe's, and McDonald's, that appeared to have been created with the AI coding tool and hosted on Lovable's domain. "Anyone from your company at any moment can generate an app, and this is not going through any development cycle or any security check," Zvi says. "People can just start using it in production without asking anyone. And they do."

not really surpising.

[wyHunter]

If someone says "I want an app that does X" I doubt if they specify security and similar. They discuss application functionality. This is totally understandable, and whilst one can say 'but a developer should know this' a bunch of these vibe coded apps are done by someone says 'I want an app that does X so I can start a company selling Y'

Re:

[gweihir]

Indeed, same as general survival. Getting-rich-quick is far more important. Tomorrow? Who cares!

Re:not really surpising.

[Junta]

Now there will be a bunch of vibe coders that think adding "but make it secure" to the prompt fixes the issues...

Re:

[allo]

Better than not having it there. Every token in the prompt is attended to by every other token. Even a single word like "Security" will lead the overall process to "think" more of security. That's one of the open secrets: Be aware how attention works and you can better steer AI toward something or away from something.

Re:not really surpising.

[Junta]

Problem is that these things may have a whiff of influence, but they manifest as superstitions that GenAI users *swear* by.

I remember someone swearing up and down that he solved the 'hallucination' problem by putting. "Be sure not to halluncinate" in his prompts.

Similar here, you say "secure" to a human and they'll have all sort of potentially weird ideas and can't count on it being implemented correctly. Let alone an LLM.

Re:

[allo]

There is a lot of bullshit advice an even more people who refuse to even try a LLM mocking people with half-truths.

What does (of course) not work:
- Do not hallucinate
- Do not make mistakes

Let's laugh about these people together. If they LLM could know it does, it could avoid doing it first place.

What does have effect:
- Avoid code that allows SQL-Injections
- Avoid OWASP Top 10 Vulnerabilities
- ...

While these seem to be silly at first, you will notice for example in reasoning traces that the model actively do

Re:

[sjames]

That's right up there with the genius mode instruction "make no mistakes".

IIRC, that was done by one of the companies that had an AI agent delete the database.

Re:

[arglebargle_xiv]

Also given that the stochastic parrots were trained on data that.. ahh, lemme see now, "allowed anyone who merely finds their web URL to access the apps and their data or had only trivial barriers to that access, such as requiring that a visitor sign in with any email address", it's not surprising that they're extruding code that does the same as the training data.

Re:

[allo]

Exactly. And good AI coding is usually incremental. An AI knows good how to start with an MVP (and that does not have authentication) before adding LDAP, OAuth and MS Domain logins. But once the app has its core functions, the novice coder stops extending it and deploys it without asking for at least a minimal authentication feature.

Not a vibe-coding problem

[Local ID10T]

This problem is not from vibe-coding. It is from a lack of design.

Real developers spend more time designing their programs than they spend coding them. For a reason.

Re:

[davidwr]

Old way for a small task an entry-level person could do in 2 weeks solo: a week to design, a few days to code, a few days to unit test

New way - "official/what you tell your boss": a few hours to design/decide what you want the output to look like and rough-draft your prompts a hours to "code"/prompt the AI, including iterations, and a few hours to test the results.

New way - "reality/what you actually do": design? what's that? a few hours to iteratively create prompts until you get output that "feels good,

sarcasm aside

[davidwr]

There IS a place for AI as a coding assistant. If used right by someone who COULD write good code from scratch AND who is well-versed in using his AI tools, it could actually save time.

In very limited problem domains, non-AI program-generators and LLM-"AI" program-generators can actually produce usable, correct, reasonably efficient code almost all of the time. But so could a reasonably competent programmer who was an expert in the problem domain.

In any case, using AI is likely to use a lot of electricity

Re:

[gweihir]

There is a LOT of conditionals in your statement. You may want to revise it.

Re:sarcasm aside

[justMichael]

The way we are using it, and it can type way faster than I can

1. The main agent, it doesn't do anything other than determine where the artifacts live, and coordinate sub-agents
2. The research agent, it does the research and passes that back up
3. The planning agent, it gets the research from the previous step and planes out the changes
4. There is a hard stop here to review the plan, there may be some back and forth on the plan
5. Once approved it goes to the implementation agent, which writes the code.
6. The test agent writes tests, does Playwright QA if UI is involved.
7. Conditional agent depending on blast radius, it will run an adversarial code review with 1-3 different models. (this does actually catch bugs)

Some of these agents use different models depending on what they do.

Re:

[Tom]

Yes, but now you have it too complicated for 95% of the vibe coders. So they simply won't do it. Because skipping all of those steps still results in something that compiles.

Re:

[justMichael]

This flow isn't for vibe coding, it's for people with decades of experience to get a lot more done.

Re:

[gweihir]

Which is also why "AI" coding assistants are worth far less than generally claimed.

Vibe coding isn't done by real developers

[rsilvergun]

It's done by whatever schlub worked for the cheapest on weekends in between other work.

The goal of vibe coating, or realistically letting generative AI build software for you out of stolen assets, is to not have to pay somebody who can actually write applications properly.

So it's going to be slap dash. As the saying goes, fast, cheap, good pick two. Or in the case of genai I guess you get cheap at least. For now anyway.

Re:

[Tony Isaac]

Well, it is from vibe coding in one way. Vibe coding allows people who shouldn't be programming, to write software that kind of works. They just don't have a clue how broken the software is. Without vibe coding, these people wouldn't have been able to even get to the point of a website that does something. They *should* be going back to managing their work flow with spreadsheets, like they used to.

Re:

[Tom]

They *should* be going back to managing their work flow with spreadsheets, like they used to.

They fuck up spreadsheets as well. A truckload of business-critical spreadsheets have errors in them that often go undetected for years.

Re:

[Tony Isaac]

Sure, they do make crappy spreadsheets. But at least they don't leak confidential data to the world!

Re:

[sjames]

But that *IS* a vibe coding problem.

The problem is bypassing the developer or trying to get the developer to not "waste time and effort" dealing with trivialities that "the AI can take care of".

Vibe coding was never for production code

[drnb]

According to the person who coined the phrase, vibe coding was never for production code. It was for disposable code.

Re:Vibe coding was never for production code

[Junta]

Problem for everyone is that mindset does not save cost/produce value.

Even when part of the AI companies try to show utility honestly, they get drowned out by their own executives bulldozing the nuance aside and pretending it is just a magical replacement for software developers.

Re:

[gweihir]

Obviously. But never underestimate the incompetence of stupid people that on top lack a technological education when they think they can do tech and who needs engineers anyways. The Darvin Awards, for example, document quite a few impressive respective fails.

vibe coding

[gary s]

Well if you let the robots code and dont have people with enough smarts to review, test, validate the code then your going to get this... AI needs oversight, controls and discipline just like your Human coders.

AI Governance

[GeekWithAKnife]

If a company allows staff to code/vibe code etc without proper governance and controls then it's on them.

Is there a policy? Are there controls? Is there governance?

Imagine every staff with access to AI has become a junior coder. They know nothing about SSDLC, SCA, SAST, DAST, MAST etc.

Dear non-technical exec, tell us what are the guard rails in place right now to prevent me from using AI to create a shitty app that's a security nightmare?

It's OK. I didn't think you knew. It's fine. No need to worry.

Visual basic 6 all over

[Bad Ad]

History is repeating, it's like vb6 all over again, but even worse/easier.

Such a surprise

[gweihir]

Non-coders with crappy tools produce insecure code. News at 11:00....

Seriously, what the hell? Are people really this dumb? Well, I guess they are.

Re:

[allo]

It's "low code" all over again. This time not using drag and drop building blocks but English language.

Re:

[gweihir]

Indeed. And before that several other attempts, all failed. When I studied CS about 35 years ago, the 5GL (5th Generation Language Project) had just completely failed. It was about coders just specifying the software in constraint logic and then the machine writes it. Sounds good, doesn't it? Turns out that writing good enough specifications for that is a lot harder than writing the software directly and, on top of that, that not many people can even do it.

I have a suspicion that once you leave trivial boil

Re:

[noshellswill]

You have nicely pointed out why IT  people cannot be historians. IT people are famous for using OR logic, while history ( and thus people immersed in it ) totally assumes XOR logic. Reminds me of the ol' saw that people who do plumbing eventually become plumbers.

Re:

[sjames]

They're stupid enough to have an AI agent delete their entire production database from the also vibe coded storage service that keeps the "backups" in the backed up volume (so no restore possible), AND has no concept of limiting auth tokens (all tokens are god mode) AND then deciding to continue vibe coding with the very same storage service.

It really is as bad as Bart Simpson repeatedly shocking himself on the electrified cupcake Lisa left out.

They thought instructing the AI to "make no mistakes" would pre

Do we need programmers?

[oldgraybeard]

Since anyone can be a coder! But not everyone can be a good coder.

Re:

[allo]

You need developers and architects. AI can code authentication very well. But you need someone who instructs it to do.

It's a double edged sword. What do you prefer?
- You wish for a simple thing and get an overengineered program with all features the AI thinks that may belong to it (i.e. authentication with OAuth instead of a MVP with IP whitelist)
- The LLM creates exactly what you tell it, but you need to know yourself if you want authentication

Option 1 leads to more bloat, possibly overengineering architec

ah yes... secure software development...

[Tom]

It's hard enough to get actual developers to properly consider security. Not surprised at all that vibe coders don't.

Plus, of course, most of the training data is insecure to begin with.

But let them learn by fire that there's a reason actual programmers take time to ship a product, and it's not that the AI can type faster.

Rise of the tech shamans

[HnT]

This is excellent news for all experienced tech people, our time to become tech shamans has come!
We will be the only ones who actually still understand the whole mess and how things work.
Unfortunately it will be increasingly difficult for juniors to ever get a chance to work and learn, which means they will almost not become senior, which pushes experienced people even higher.
Hail the Omnissiah and evoke the rite of the power cycle!

Again, it's a tool

[cascadingstylesheet]

Yes, you can shoot yourself in the foot with a gun.

You can also use a gun as an excellent tool for security.

I'd recommend the latter, lol

More important then vibe coding

[sarren1901]

Vibe coding aside, why are these applications even allowed to run on the local systems, let alone gain LAN access let alone Internet access? Seems like the IT department needs to be locking down these computers so random applications can't be installed without first being approved by IT.

Even without vibe coding, users shouldn't be able to just install whatever they want whenever they want and these applications most certainly shouldn't be allowed Internet access. This sounds like multiple layers of security