AI coding tools were supposed to make building software easier.
Unfortunately, they also seem to be making accidental data exposure easier.
A new investigation from cybersecurity firm RedAccess found thousands of publicly accessible web apps created using AI-powered development platforms like Lovable, Replit, Base44, and Netlify exposing potentially sensitive corporate and personal information online.
Researchers say many of these apps had weak or nonexistent authentication systems, meaning anyone who discovered the URL could potentially access the app and its contents.
TL;DR
- Researchers found thousands of publicly exposed AI-generated web apps.
- Apps created with tools like Lovable, Replit, Base44, and Netlify reportedly exposed sensitive data.
- Many apps lacked strong authentication or access controls.
- The rise of “vibe coding” is enabling faster deployment without traditional security checks.
- AI-assisted development may be creating a new wave of accidental data leaks.
The Problem With AI-Built Apps
The rise of AI coding platforms has changed who can build software.
Users no longer need deep programming experience to launch web apps. Instead, many platforms allow people to generate functional applications using prompts, chat interfaces, and AI-assisted workflows.
That speed has created a new category of risk:
people deploying production-style apps without understanding security basics.
According to the investigation, exposed apps reportedly included:
- customer chat logs
- financial records
- medical scheduling information
- internal company documents
- shipping and sales data
Some applications also appeared to expose administrative controls and backend access.
The “Vibe Coding” Tradeoff
AI-generated development dramatically reduces friction.
But security researchers argue that many users treat these tools more like creative playgrounds than production infrastructure.
The result is a growing number of “vibe-coded” apps — quickly assembled AI-generated projects that may never go through:
- security reviews
- authentication testing
- or proper deployment workflows
In traditional software teams, multiple layers usually exist before an app reaches production.
AI tools are compressing that entire process into a few prompts and a deploy button.
The Platforms Say Security Controls Exist
The companies involved largely pushed back on the idea that the platforms themselves were vulnerable.
Representatives from Replit, Lovable, and Base44 stated that users are given tools to configure privacy and access settings, and that public exposure is often the result of user decisions rather than platform flaws.
Researchers, however, argue that the scale of exposed apps points to a broader usability and awareness problem; especially when non-technical users are deploying real systems connected to company data.
This Looks Familiar
The situation resembles earlier cloud security problems where companies accidentally exposed public storage buckets online.
Back then, cloud infrastructure became easier to use faster than organizations learned how to secure it properly.
Now the same pattern may be repeating with AI-generated software.
The difference is that AI dramatically speeds up deployment cycles, allowing apps to move from idea to public launch in minutes.
And security processes usually don’t move that fast.
Why This Matters
AI-assisted coding is lowering the barrier to software creation.
But it’s also lowering the barrier to launching insecure applications.
The bigger shift isn’t just technical — it’s cultural.
Software development is no longer limited to engineering teams. Marketing teams, operations staff, founders, and non-technical users can now build and deploy functional apps using AI tools.
That democratization is powerful.
It’s also creating a future where companies may not even know how many internal AI-generated apps are already connected to sensitive workflows and customer data.