Skip to main content
  1. Home
  2. Computing
  3. News

Your coworker’s AI-built app might be leaking company secrets

Thousands of AI-built apps are spilling secrets online

By
Add as a preferred source on Google
girl coding on computer
Christina Morillo / Pexels

AI coding tools have made it ridiculously easy to build a web app, and it only takes a few minutes to set up now. This ease has lowered the barrier to app development, which is causing a new set of issues. So what happens when these AI-made apps go live without anyone checking the locks? You get secrets spilling out all over the internet.

A WIRED report highlights a major security problem around so-called “vibe-coded” apps, which are built using AI development platforms such as Lovable, Replit, Base44, and Netlify.

Why this is a bigger issue than you think

Security researcher Dor Zvi and his team at RedAccess analyzed thousands of these apps and found more than 5,000 that had little to no security or authentication. Most of these apps could practically be accessed by anyone who found the ‘right’ URL. A few of these had only minimal barriers, allowing visitors to sign in with any email address. Nearly half of these exposed apps appeared to contain sensitive data like medical information, financial records, corporate presentations, strategy documents, and customer chatbot logs, said Zvi.

Coding on a Mac using virtual machines via VMWare Fusion Pro.
Lee Campbell / Unsplash

The investigation reportedly also revealed hospital work assignments with personally identifiable information, ad purchasing data, market presentation strategies, sales information, and even customer conversations with their names and contact details. Several of these apps were still online, although WIRED couldn’t verify whether all the data it reviewed was real or sensitive.

How vibe coding has become dangerous in IT

This story isn’t just limited to one batch of sloppy AI apps. These tools allow people who may not have software engineering or security experience to build and publish apps quickly, which are often outside normal IT approval processes. So a member of the marketing team, operations worker, or founder can create a tool for internal use, connect it to real data, and accidentally leave it open to the web.

Recommended Videos

Zvi compared it to the old wave of exposed Amazon S3 buckets, where misconfigurations led companies to leak sensitive data at a massive scale. Security researcher Joel Margolis told WIRED that AI coding tools only do what’s asked of them. So if a user does not ask for security explicitly, the app may not be secure by default.

school coding
wavebreakmedia/Shutterstock

What did the companies say?

Replit CEO Amjad Masad wrote on X that some users had published apps on the open web that should have been private, adding that public apps being accessible online is expected behavior. Meanwhile, Lovable said it takes exposed data and phishing reports seriously and is investigating. Base44 parent company Wix stated that its platform provides security and visibility controls, arguing that public access reflects user configuration choices rather than a platform vulnerability.

This is a reality check for anyone treating vibe coding like a fast track to startup success. AI-generated apps can move quickly, but that speed comes with real trade-offs. From weak oversight to hidden vulnerabilities, AI-built apps can become a serious problem once a product is in users’ hands.

Vikhyaat Vivek
Vikhyaat Vivek
Vikhyaat Vivek is a tech journalist and reviewer with seven years of experience covering consumer hardware, with a focus on…
Topics
A YouTuber 3D printed an entire outfit, but the comfort and cost are more complicated than you’d think
The 3D-printed outfit is real. Whether it's practical is a different conversation entirely.
Adult, Male, Man

YouTuber Matthew Trahan has made a career out of 3D printing increasingly unusual things. He has printed musical instruments, bedroom furniture, and, in one particularly memorable video, himself.

His latest project is a full outfit, from shirt to shoes, belt to glasses, because apparently nobody told him 3D printers are for creating engineering prototypes or structures that aren’t otherwise feasible, not for fashion week.

Read more
The memory crisis isn’t going to ease, and you will pay the price for it, says a research firm
Forty to 50% higher this quarter, 30 to 40% more next quarter, and no real relief until 2028. Plan accordingly.
RAM memory chips

If you were hoping the memory crisis was about to ease up, I have some bad news for you. It comes directly from Wall Street.

Your next smartphone, laptop, or tablet could cost even more, regardless of whether it has recently been subject to a price hike.

Read more
Apple’s next Mac Studio could get a new M5 Ultra chip and a cooler upgrade
The desktop workstation is tipped to receive an M5 Ultra this year, an M7 Ultra later, and a redesigned heat sink.
Apple Mac Studio Featured

Apple's Mac Studio may not be getting a fresh new look anytime soon, but it could be getting a meaningful upgrade where it matters most. According to Mark Gurman in the latest edition of his Power On newsletter, Apple is preparing an M5 Ultra-powered Mac Studio as early as this year, while an even more powerful M7 Ultra version is already on the company's roadmap for 2028. Interestingly, the report also claims Apple is redesigning one component most users will never see: the heat sink.

More power is coming, and Apple wants to keep it cool

Read more