Thousands of apps built with Agentic AI platforms like Lovable, Replit, Netlify, and Base44 are exposing private data

Reddit r/AI_Agents 05/11/26, 11:14 PM News

cybersecurity ai-safety data-leak agentic-ai vibe-coding privacy

Summary

A Red Access investigation reveals that thousands of AI-generated web apps on platforms like Lovable and Replit are exposing sensitive private data due to misconfigurations. This highlights significant security risks associated with the rising trend of 'vibe coding' and unvetted AI tool usage.

A new investigation by Israeli cybersecurity firm Red Access found thousands of AI-generated web apps leaking data ranging from medical records to internal business documents. The findings add to mounting concerns about vibe coding, a fast-growing trend in which users rely heavily on AI tools to generate and deploy software with little or no traditional coding experience. A new investigation by Israeli cybersecurity firm Red Access found roughly 380,000 publicly accessible assets created with AI-powered coding tools such as Lovable, Replit, Netlify, and Base44. According to the researchers, about 5,000 of those apps exposed potentially sensitive information. The findings, reported by Axios, suggest many users are publishing internal tools online without realizing they are publicly accessible. Dor Zvi, CEO of Red Access, said the company uncovered the apps while researching “shadow AI,” where employees use AI tools without formal approval from their organizations.

Original Article

Similar Articles

Read this before you vibe-code another app

The Verge

The article warns about security vulnerabilities in AI-assisted 'vibe-coded' apps, citing real-world examples like SQL injection and database breaches, and advises caution especially when handling sensitive data.

Millions of AI agents imperiled by critical vulnerability in open source package

Ars Technica

A critical vulnerability (CVE-2026-48710, named BadHost) in the open-source ASGI framework Starlette exposes millions of AI agents and servers to potential data theft and credential compromise, affecting frameworks like FastAPI, vLLM, and LiteLLM. Patched in Starlette 1.0.1, the flaw is trivial to exploit and underscores risks in the AI tooling ecosystem.

@PrajwalTomar_: Vibe coders are getting sued. People are launching apps with real users but skipping the boring stuff that can actually…

X AI KOLs Following

A developer with 20+ years of experience shares a pre-launch security and privacy checklist that AI app builders often skip, warning that launching without these checks creates liability.

The market is currently being flooded with software that nobody wants

Reddit r/ArtificialInteligence

Discusses how AI agents enable rapid app creation but produce alien codebases lacking developer understanding, leading to a flood of apps with minimal user traction.

feels like people are giving AI agents production access way too casually.

Reddit r/AI_Agents

A tweet expressing concern that developers are granting AI agents overly permissive access to production environments, internal tools, and APIs without proper security understanding, highlighting a growing risk as these systems become more autonomous.