"The firm examined thousands of web apps created with the vibe coding platforms Lovable, Replit, Base44, and Netlify. What it found was, to put it lightly, not good: 5,000 of them had "virtually no security or authentication of any kind," and a full 40 percent exposed users' sensitive data, from medical and financial info to corporate documents and logs of ostensibly private chatbot conversations."
""The end result is that organizations are actually leaking private data through vibe-coding applications," RedAccess cofounder Dor Zvi told Wired. "This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world.""
"The vibe coding platforms' response to the embarrassing revelations left something to be desired. Netlify ignored it completely, while the other platforms basically deflected blame onto users, saying they should have better secured their work before putting it out into the world."
AI tools like chatbots and specialized platforms let programmers generate code from natural-language prompts, enabling “vibe coding” where apps can be produced quickly with limited technical skill. Rapid development has been accompanied by serious security problems. Research by RedAccess examined thousands of web apps built with Lovable, Replit, Base44, and Netlify and found widespread privacy and security failures. About 5,000 apps had virtually no security or authentication, and 40% exposed sensitive data including medical and financial information, corporate documents, and private chatbot conversation logs. The result is organizations leaking private data through vibe-coding applications. Platform responses ranged from ignoring findings to shifting responsibility to users to secure deployments before release.
#ai-in-software-development #vibe-coding #application-security #privacy-and-data-exposure #cybersecurity-research
Read at Futurism
Unable to calculate read time
Collection
[
|
...
]