Security firm RedAccess scanned thousands of web apps built with AI “vibe‑coding” tools and found over 5,000 with little or no access controls; roughly 2,000 of those publicly reachable apps appeared to expose private or sensitive information.
RedAccess, the cybersecurity firm co‑founded by researcher Dor Zvi, reported that it found more than 5,000 web applications created with AI “vibe‑coding” tools that lacked meaningful authentication, with roughly 2,000 of the publicly reachable projects appearing to surface private or sensitive information. That scope matters because it makes medical, financial and customer data-as well as internal administrative controls — broadly discoverable through simple web access.
The affected apps were built using tools from Lovable, Replit, Base44 and Netlify and in many cases required no login or only trivial barriers such as accepting any email address. Zvi’s review, including screenshots shared with reporters, showed exposed materials ranging from hospital staff assignments containing personally identifiable information to corporate ad‑buying spreadsheets, go‑to‑market strategy decks, shipping manifests and full logs of retailer chatbot conversations with customers.
A major enabling factor was that several vendors allow users to host apps on the companies’ own domains rather than forcing custom domains, which made projects indexable by search engines. RedAccess researchers used targeted Google and Bing queries that combined those vendor domains with likely app paths to find large numbers of live, indexable projects. The team also identified phishing pages impersonating brands such as Bank of America, Costco, FedEx, Trader Joe’s and McDonald’s that appeared to have been created and hosted on a single vendor’s domain.
RedAccess warned the exposures are not merely typical software bugs: fully public endpoints produced by automated tooling can leak high‑risk records and, in some instances, allow administrative actions like adding or removing other admins. The firm characterized the findings as one of the largest incidents of inadvertent corporate and personal data exposure tied directly to AI‑assisted app creation.
Vendor responses were mixed. Netlify did not respond to inquiries; Replit CEO Amjad Masad said public apps being accessible on the internet is expected and noted that privacy settings can be toggled by users. Other vendors disputed RedAccess’ methodology or said they were not given sufficient findings or time to respond, while a Lovable spokeswoman said the company takes reports of exposed data and phishing sites seriously. RedAccess says it reached out to the companies prior to publication.
For builders and platform teams the concrete lessons are clear: default publishing and hosting choices matter, short‑lived prototypes can be indexed by search engines, and creating apps without proper access controls can convert quick experiments into public data leaks. Practical mitigations include enforcing authentication by default, preventing search indexing of private projects, scanning hosted apps for exposed endpoints, and treating any prototype that touches PII or corporate strategy as production‑grade from a security posture.
Sources
Replies (0)
No replies in this topic yet.
