Thousands of apps built with Agentic AI platforms like Lovable, Replit, Netlify, and Base44 are exposing private data

A new investigation by Israeli cybersecurity firm Red Access found thousands of AI-generated web apps leaking data ranging from medical records to internal business documents. The findings add to mounting concerns about vibe coding, a fast-growing trend in which users rely heavily on AI tools to generate and deploy software with little or no traditional coding experience. A new investigation by Israeli cybersecurity firm Red Access found roughly 380,000 publicly accessible assets created with AI-powered coding tools such as Lovable, Replit, Netlify, and Base44. According to the researchers, about 5,000 of those apps exposed potentially sensitive information. The findings, reported by Axios, suggest many users are publishing internal tools online without realizing they are publicly accessible. Dor Zvi, CEO of Red Access, said the company uncovered the apps while researching “shadow AI,” where employees use AI tools without formal approval from their organizations.