Here's a number that should make any CTO put down their coffee: researchers found more than 5,000 AI-generated web apps sitting wide open on the internet, and roughly 2,000 of them were actively exposing private data to anyone who typed in the right URL.
The culprit is vibe coding — the increasingly popular practice of using AI tools to build and deploy web applications without writing traditional code yourself. Platforms like Lovable, Replit, Base44, and Netlify have made it almost comically easy to spin up a functional web app in minutes. The problem is that "functional" and "secure" are not the same thing, and a lot of vibe coders are finding that out the hard way.
Security researcher Dor Zvi and his team at RedAccess didn't need sophisticated hacking tools to uncover this mess. They ran basic Google and Bing searches targeting the domains these AI platforms use to host user-built apps, combined with a few relevant search terms. That's it. That was the entire attack surface. The apps weren't buried behind obscure infrastructure — they were indexed by search engines and sitting in plain sight.
What they found inside those apps is genuinely alarming. We're not talking about test data or dummy content. The exposed information included hospital work schedules with doctors' personal details, detailed advertising spend records, internal go-to-market strategy decks, full chatbot conversation logs with customer names and contact information, cargo shipping records, and a range of sales and financial documents from multiple companies. In some cases, Zvi says the vulnerabilities would have allowed an outsider to seize administrative control over entire systems.
Some apps had almost laughably thin protections — requiring only that a visitor sign in with any email address, no verification needed. Others had nothing at all. About 40 percent of the publicly accessible apps exposed what Zvi describes as genuinely sensitive data.
The deeper issue here isn't a bug in any one platform. It's a structural problem with how vibe coding is being marketed and adopted. These tools are explicitly designed to lower the barrier to building software, and they've succeeded. But security knowledge doesn't come bundled with the AI assistant. When a first-time app builder doesn't know to configure authentication or restrict data access, the AI isn't going to stop them — it's just going to build exactly what they asked for.
Lovable, for its part, was also found hosting phishing sites impersonating major financial institutions, which adds a whole other dimension to the platform's liability questions.
This isn't an argument against AI coding tools. They're genuinely useful and they're not going away. But right now there's a massive gap between how easy these platforms make deployment and how much security education they provide to the people using them. Someone is going to have to close that gap — and based on what RedAccess found, the clock is already running.
Enjoyed this?
Get stories like this delivered every Tuesday — free.