AI vibe-coding apps leak sensitive data

Driving the news: Israeli cybersecurity firm Red Access told Axios it found 380,000 publicly accessible assets built with tools from Lovable, Base44, Replit and Netlify, including about 5,000 containing sensitive corporate data.

• Red Access CEO Dor Zvi said his team found the apps while researching "shadow AI" — unauthorized employee use of AI tools — for customers.
• Researchers said privacy settings on some of the vibe-coding tools were set to make the apps publicly accessible unless users manually changed them to private.
• Many of these applications are also indexed by Google and similar search engines, making it possible for just about anyone to stumble upon them, Zvi added.

Case in point: Axios independently verified multiple exposed apps this week, including:

• An app for a shipping company detailing which vessels are expected at which ports.
• An internal application for a health company that details active clinical trials across the U.K.
• Full, unredacted customer service conversations for a cabinet supplier in the U.K.
• Internal financial information for a Brazilian bank.

Zoom in: Red Access also found exposed applications that leaked customer data and personally identifiable information, including:

• Conversations with patients at a long-term care facility for children.
• A security company that used one of these platforms to triage information about ongoing incidents that its customers were facing.
• A personal app someone created to help plan a couple's vacation in Belgium, including details about their hotel and dinner reservations.
• An app for a hospital that had doctor and patient conversation summaries, patient complaints and staff schedules.
• An app created for a school that includes recordings of lessons, as well as student-related data and the teacher's schedule.

Yes, but: Before publication, some of the exposed applications Axios viewed earlier this week were no longer publicly accessible by Wednesday after the companies were notified.

The big picture: As people quickly adopt AI coding tools, basic security mistakes are being replicated at unprecedented scale and speed.

• "The concept of people just creating something that simply, and using it in production ... on behalf of their company without getting any permission — there is no limit," Zvi told Axios.
• "I don't think it's feasible to educate the whole world around security," Zvi says. "My mother is [vibe coding] with Lovable, and no offense, but I don't think she will think about role-based access."

Red Access shared its findings with Axios on Mondayit CEO Amjad Masad claimed Red Access only gave the company 24 hours before going to the press and did not share a list of impacted users.

• RedAccess shared its findings with Axios on Monday

• Lovable spokesperson Samyutha Reddy told Axios that the company is still investigating some of the reported lists, adding it received a report that did not "include any URLs or technical specifics that would allow us to verify, investigate or act on the findings described."
• Blake Brodie, a spokesperson for Base44, told Axios that Red Access "deliberately withheld the URLs that would have allowed us to identify and examine the applications in question" and that two of the allegedly exposed applications were "deliberately set to public by their owners."
• Netlify did not respond to a request for comment.

Reality check: "Replit allows users to choose whether apps are public or private," Masad said. "Public apps being accessible on the internet is expected behavior. Privacy settings can be changed at any time with a single click."

• "The presence of a publicly accessible app is not, in itself, evidence of a breach or a security flaw in our platform, any more than a public webpage being visible online constitutes a breach," Brodie added.
• Red Access also found phishing sitesata and phishing sites seriously and is actively investigating," Reddy said. "We've also reached out to Red Access to facilitate responsible disclosure so findings can be reported directly to app owners."

RedAccess also found phishing sites built using Lovable that impersonated well-known brands, including Bank of America, FedEx, Trader Joe's and McDonald's.

• Reddy said that Lovable has started to review and remove these phishing sites, which Red Access says were designed to trick people into sharing personal information.

The bottom line: Vibe coding tools are allowing users without proper cyber training to unknowingly expose sensitive corporate and personal data at scale.