More than 380,000 publicly accessible applications built with AI-powered 'vibe coding' tools have been discovered online—and roughly 5,000 of them contain sensitive corporate data, according to a new report from Israeli cybersecurity firm RedAccess. The findings underscore a rapidly growing shadow AI crisis that security experts say mirrors the early days of exposed S3 buckets.
'This is a blind spot for most enterprises,' said Dor Zvi, CEO of RedAccess, in an interview with Axios. 'None of their security tools were built to find a customer intake form that a product manager built over a weekend with Lovable and deployed on a public URL.'
Zvi's team identified the vulnerable assets while conducting shadow AI research for clients. The exposed applications span platforms including Lovable, Base44, Replit, and Netlify. Around 1.3% of the discovered assets—approximately 5,000—leaked sensitive corporate information. Axios independently verified multiple cases, and Wired confirmed the findings separately.
Key Exposures Discovered
- Shipping company app: Displayed vessel schedules and port arrivals.
- Internal health application: Listed active clinical trials across the U.K.
- Customer service logs: Full, unredacted conversations for a British cabinet supplier were publicly accessible.
- Bank financial data: Internal financial records for a Brazilian bank were exposed.
- Healthcare records: Patient conversations from a children’s long-term care facility, plus doctor-patient summaries.
- Security incident reports: Incident response records from a security company.
- Ad purchasing strategies: Detailed marketing budgets and tactics were openly available.
The healthcare and financial exposures may trigger regulatory obligations under HIPAA, UK GDPR, or Brazil’s LGPD, depending on jurisdiction. RedAccess also found phishing sites built with Lovable that impersonated Bank of America, FedEx, Trader Joe’s, and McDonald’s. Lovable stated it has begun investigating and removing those phishing sites.
Background: The Rise of Shadow AI and Vibe Coding
Vibe coding refers to using AI-assisted platforms like Lovable, Base44, and Replit to generate fully functional applications with minimal coding knowledge. Many users are product managers, marketers, or other non-technical employees who turn ideas into live apps over a weekend. The problem: privacy defaults on these platforms often make apps publicly accessible unless users manually switch them to private. Search engines index many of these URLs, making them discoverable by anyone.
Zvi emphasized the difficulty of addressing this at scale: 'I don’t think it’s feasible to educate the whole world around security. My mother is vibe coding with Lovable, and no offense, but I don’t think she will think about role-based access.'
This is not an isolated incident. In October 2025, security firm Escape.tech scanned 5,600 publicly available vibe-coded apps and found more than 2,000 high-impact vulnerabilities, over 400 exposed secrets (including API keys and access tokens), and 175 instances of personal data exposure containing medical records and bank account numbers. Every vulnerability was in a live production system and discoverable within hours. Escape raised an $18 million Series A in March 2026, citing the security gap opened by AI-generated code as a core market thesis.
What This Means for Enterprises
The scale of exposures signals that shadow AI has become a systemic risk. Traditional enterprise security—focused on servers, endpoints, and cloud accounts—cannot detect apps built outside approved IT channels. These vibe-coded applications often connect directly to live databases (like Supabase) and are deployed on public URLs, bypassing all security controls.
Organizations now face regulatory, financial, and reputational exposure. The healthcare and financial leaks alone could lead to fines and lawsuits under data protection laws. Security teams must adopt new discovery tools and governance frameworks to identify and secure AI-generated applications. As Escape’s funding indicates, the market is responding—but for many companies, the damage may already be done.