# AI-Driven Web Apps: A Security Nightmare? As AI continues to permeate modern programming, concerns have been raised about the introduction of hackable bugs through automated coding tools. However, a recent investigation reveals a more alarming issue: AI-powered web application development tools are enabling the creation of applications with virtually no security, potentially exposing sensitive corporate and personal data. Security researcher Dor Zvi and his team at **RedAccess** analyzed thousands of web applications created using AI software development tools like **Lovable**, **Replit**, **Base44**, and **Netlify**. Their findings are stark: over 5,000 of these apps lacked basic security or authentication. Many allowed unrestricted access to anyone who discovered the web URL, while others had minimal barriers like requiring sign-in with any email address. A staggering 40% of these apps exposed sensitive data, including medical records, financial information, corporate strategy documents, and chatbot conversation logs. "The end result is that organizations are actually leaking private data through vibe-coding applications," says Zvi. "This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world." ## Easy Discovery of Vulnerabilities **RedAccess**'s search for vulnerable web apps proved surprisingly straightforward. Because **Lovable**, **Replit**, **Base44**, and **Netlify** allow users to host apps on their domains, researchers utilized simple Google and Bing searches, combining the AI companies' domains with relevant keywords to identify thousands of AI-coded apps. Of the 5,000 publicly accessible AI-coded apps, nearly 2,000 revealed private data upon closer inspection. Examples included hospital work assignments with personally identifiable information, company ad purchasing details, go-to-market strategy presentations, retailer chatbot conversation logs (including customer names and contact details), cargo records, and various sales and financial records. In some instances, the exposed apps even granted administrative privileges, allowing researchers to potentially remove other administrators. **Lovable** also hosted numerous phishing sites impersonating major corporations like **Bank of America**, **Costco**, **FedEx**, **Trader Joe’s**, and **McDonald’s**, created with the AI coding tool. ## Company Responses and Counterarguments When contacted by WIRED, **Netlify** did not respond. **Replit**, **Lovable**, and **Base44** challenged the findings, citing a lack of shared information and insufficient time to respond. However, they did not deny the exposure of the web apps. **Replit** CEO Amjad Masad stated on X, "From the limited information they shared, [RedAccess's] core claim appears to be that some users have published apps on the open web that should’ve been private. Replit allows users to choose whether apps are public or private. Public apps being accessible on the internet is expected behavior. Privacy settings can be changed at any time with a single click." **Lovable** stated that they take reports of exposed data and phishing sites seriously and are actively investigating. They emphasized that **Lovable** provides tools to build securely, but the app's configuration is the creator's responsibility. Blake Brodie, head of public relations for **Base44**'s parent company, **Wix**, stated that **Base44** provides robust tools for configuring application security, including access controls and visibility settings. Disabling these controls is a deliberate action by the user, not a platform vulnerability. **Wix** also raised concerns about the validity of the data, suggesting that exposed data might be fabricated or AI-generated. **RedAccess** refuted claims that they hadn't provided examples to **Base44**, noting that they contacted app owners who confirmed data exposure. They also shared anonymized communications from **Base44** users thanking them for the alerts. ## The Broader Implications Verifying the authenticity of exposed data remains a challenge. Joel Margolis, a security researcher, notes that data in vibe-coded web apps could be placeholders or proofs of concept. However, he affirms that the problem of AI-built web apps exposing data is very real. He emphasizes that marketing teams or other non-engineers creating websites often lack the necessary security knowledge. Zvi highlights that the 5,000 exposed apps are only those hosted on the AI coding tools' domains, with potentially thousands more hosted on user-purchased domains. He draws a parallel to the wave of data exposures caused by misconfigured **Amazon S3** storage buckets, where companies like **Verizon** and **World Wrestling Entertainment** accidentally exposed sensitive data. While user error played a role, many blamed **Amazon** for confusing security settings. AI web-app coding tools are creating a similar wave of data exposures due to user error and a lack of safeguards. More fundamentally, these tools empower individuals with limited security awareness to create applications outside the typical software development processes. "Anyone from your company at any moment can generate an app, and this is not going through any development cycle or any security check," Zvi says. "People can just start using it in production without asking anyone. And they do."