Most enterprise security software is built to protect servers, endpoints, and cloud accounts. None of them are built to find a customer intake form that a product manager coded in Lovable over the weekend, connected to a live Supabase database, and hosted on a public URL indexed by Google. This space now has a price tag.
New research from an Israeli cybersecurity firm RedAccess measures the scale. The firm discovered 380,000 publicly available assets, including vibe encoding tools from Lovable, Base44 and Replit, as well as applications, databases and related infrastructure built with the Netlify deployment platform. About 5,000 of these assets, about 1.3%, contained sensitive corporate data. CEO Dor Zvi said his team was exposed while researching shadow AI for clients. Axios is independently audited numerous exposed programs and Wired confirmed findings separately.
Among the confirmed exposures: a shipping company app detailing which ships are expected at which ports. The health company’s internal app listed active clinical trials in the UK, while the full, unedited customer service call for the British cabinet supplier sat on the public web. Internal financial information for a Brazilian bank was available to anyone who found the URL.
The disclosed data also included patient conversations at a children’s long-term care facility, hospital doctor-patient summaries, incident response notes at a security company, and ad buying strategies. Depending on the jurisdiction and the data involved, health and financial risks may trigger regulatory obligations under HIPAA, UK GDPR or Brazil’s LGPD.
RedAccess found phishing sites built on Lovable and impersonating Bank of America, FedEx, Trader Joe’s and McDonald’s. Lovable said it has begun investigating and removing phishing sites.
Defaults are the problem
Privacy settings on several vibe coding platforms make apps available to everyone unless users manually switch them to private mode. Many of these programs are indexed by Google and other search engines. Anyone can come across them. Zvi put it bluntly: “I don’t think it’s possible to educate the whole world about security. My mom (vibe coding) works with Lovable and no offense, but I don’t think she’d think about role-based access.”
This is not an isolated finding
Escape.tech in October 2025 Scanned 5,600 publicly available vibe code apps and discovered more than 2,000 high-impact vulnerabilities, more than 400 exposed secrets, including API keys and access tokens, and 175 personal data exposures involving medical records and bank account numbers. Every Escape vulnerability found was in a live production system that could be discovered within hours. The full report documents the methodology. Escape was raised separately $18 million Series A By Balderton in March 2026, citing the security gap opened by AI-generated code as a key market thesis.
Gartner’s “Predicting 2026” report By 2028, proactive enforcement approaches adopted by citizen developers are predicted to increase software defects by 2,500%. Gartner identifies a new class of defects where artificial intelligence generates syntactically correct code but lacks knowledge of the broader system architecture and nuanced business rules. The costs of addressing these deeply contextual errors will consume budgets previously allocated to innovation.
Shadow AI is a multiplier
IBM’s 2025 Cost of Data Breach Report It found that 20% of organizations have experienced breaches related to shadow AI. These events added an average of $670,000, bringing the shadow AI breach to $4.63 million. Among organizations reporting AI-related violations, 97% lacked appropriate access controls. And 63% of disrupted organizations have no AI governance policy.
Shadow AI compromises 65% of disproportionately exposed customer personally identifiable information, compared to 53% of all breaches, and 62% of affected data is distributed across multiple environments. Only 34% of organizations with an AI governance policy conducted regular audits for unauthorized AI tools. VentureBeat shadow AI research It is estimated that by mid-2026, the number of shadow apps in active use could more than double. Cyberhaven data found that 73.8% of ChatGPT workplace accounts in enterprise environments were unauthorized.
What to do first
The following audit framework gives CISOs a starting point for auditing vibe-coded application risk across five domains.
|
Domain |
Current Status (Most Organizations) |
Target State |
First Action |
|
Discovery |
No visibility in apps with Vibe code |
Automated scanning of Vibe coding platform domains |
Run DNS + certificate transparency scan for Lovable, Replit, Base44 and Netlify subdomains associated with corporate assets |
|
Verification |
Platform Defaults (public by default) |
SSO/SAML integration is required before deployment |
Block unauthenticated applications from accessing internal data sources |
|
Code scanning |
Zero coverage for citizen built apps |
Mandatory SAST/DAST before production |
Extend your existing AppSec pipeline to include Vibe-coded deployments |
|
Data loss prevention |
There is no DLP coverage for Vibe encoding domains |
DLP policies covering Lovable, Replit, Base44, Netlify |
Add vibe coding platform domains to existing DLP rules |
|
Management |
No AI usage policy or shadow AI detection |
AI management policy with regular audits for unauthorized tools |
Publish an acceptable use policy for AI coding tools with a pre-deployment review gateway |
A CISO who recognizes this as a policy issue will write a memo. Recognizing this as an architectural challenge, the CISO will implement discovery scanning on the four largest vibe coding domains, require pre-deployment security reviews, expand the existing AppSec pipeline to citizen-built applications, and add these domains to DLP rules before the next board meeting. One of those CISOs avoids the next headline.
RedAccess’s documented vibe coding exposure is not a separate issue from shadow AI. This shadow is the production layer of the AI. Employees build internal tools on platforms that are open by default, bypass authentication, and never appear in asset inventory, meaning applications remain invisible to security teams until a breach is discovered or a reporter finds them first. Traditional asset discovery tools are designed to discover servers, containers, and cloud instances. They have no way of finding a marketing configurator that a product manager built on Lovable over the weekend, connected to the Supabase database that stores live customer records, and shared with three external contractors via a public URL that Google indexed within hours.
The detection problem is deeper than most security teams realize. Vibe-encoded apps are often hosted on platform subdomains that sit behind CDN layers that rotate and often mask the originating infrastructure. Organizations with mature, secure web gateways, CASB or DNS record management can detect employee access to these domains. But detecting access is not the same as inventorying what is hosted, what data it stores, or whether it requires authentication. Without the open monitoring of major vibe coding platforms, the apps themselves generate a limited signal in conventional SIEM or endpoint telemetry. They exist in the gap between network visibility and application inventory that most security stacks were never designed to cover.
The platform’s responses tell the story
Replit CEO Amjad Masad said RedAccess gave his company just 24 hours before going to press. Base44 (via Wix) and Lovable both said RedAccess doesn’t include the URLs or specifications needed to verify findings. None of the platforms denied the existence of open applications.
Research Wiz In July 2025, it was separately discovered that Base44 contained a platform-wide authentication switch. Exposed API endpoints allowed anyone to create an authenticated account in private apps using nothing more than a publicly visible app_id. The flaw meant that walking into a locked building and shouting the room number was enough to open the doors. Wix patched the vulnerability within 24 hours of Wiz reporting it, but the incident exposed how thin the layer of authentication is on platforms where millions of apps are built by users who assume the platform handles security for them.
The sample vibe is consistent across the coding ecosystem. CVE-2025-48757 Documented insufficient or missing Level Security policies in Supabase projects created by Lovable. Some requests bypassed access checks altogether, exposing data in more than 170 production applications. Artificial intelligence created the database layer. It did not create security policies that should limit who can read the data. Lovable disputes the CVE classification, stating that individual customers are responsible for protecting their application data. This debate itself demonstrates an underlying tension: platforms that market to non-technical builders are shifting the responsibility for security to users who don’t even know it exists.
What this means for security teams
RedAccess findings complete the picture. Professional agents face credential theft at one level. Citizen platforms, on the other hand, face data exposure. The same goes for structural failure. Security review happens after deployment or not at all. Identity and access management systems track human users and service accounts. They don’t follow the sales operations analytics app Lovable, which was deployed last Tuesday, connected to a live CRM database and shared with three external contractors via a public URL.
No one asks if database policies limit who can read data, or if API endpoints require authentication. When these questions go unanswered at the speed of AI creation, exposure scales faster than any human review process can match. The question for security leaders is not whether apps with vibe code are within their perimeter. The question is how much, what data it captures, and to whom it is visible. RedAccess findings suggest that for most organizations, the answer is worse than anyone in the C-suite knows. Organizations that start scanning this week will find them. Those who wait will read about themselves next.
