380K Apps Built. Your Data Might Be In One.
FrequencyMay 25, 202600:04:48

380K Apps Built. Your Data Might Be In One.

Security researchers scanned apps built with vibe-coding platforms — Lovable, Replit, Base44, Netlify — and found 380,000 publicly accessible assets. About 5,000 contained sensitive corporate data. Most of the people who built them had no idea their privacy settings defaulted to public and that Google had already indexed them.

Lovable had a rough quarter. A researcher found 16 vulnerabilities in a single app, exposing nearly 18,700 user records. Another found that any free-tier account holder could access a different tenant's source code, database credentials, and customer data. A Q1 2026 assessment of 200+ vibe-coded apps found 91.5% had at least one vulnerability linked to AI hallucination.

Chuck and Jenni debate whether this is a genuinely good capability with a security problem attached — or whether shadow IT is shadow IT, no matter how AI-powered it gets.

https://www.axios.com/2026/05/07/loveable-replit-vibe-coding-privacy