Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The rise of AI takes the jobs of modern programmers, The cyber security world has warned that automatic recording equipment is sure to bring a lot of new and disruptive information into the program. After the same vibe-coding tools invited everyone to create web-based apps with a click, however, it’s clear that security extends beyond bugs to the absence of each one security—even, in some cases, for corporate and personal information.
Security researcher Dor Zvi and his team at the cybersecurity company he founded, RedAccess, analyzed thousands of vibe websites created using the AI tools of software developers Lovable, Replit, Base44, and Netlify and found more than 5,000 of them had no security or authentication of any kind. Most of these apps allow anyone with access to their internet connection to access the apps and their data. Some had only minor barriers to that access, such as requiring a visitor to log in with each email. About 40 percent of the apps exposed data, Zvi said, including medical information, financial information, company descriptions, and process documents, as well as detailed customer records and chatbots.
“The result is that organizations are releasing sensitive information through vibe-coding applications,” says Zvi. “This is one of the largest public disclosures of business or other information to anyone in the world.”
Zvi says RedAccess’s search for vulnerable software was surprisingly easy. The likes of Replit, Base44, and Netlify all allow users to host their own web applications on their company’s AI platforms, instead of users. So the researchers used a direct Google and Bing search for the AI companies’ categories combined with other keywords to identify thousands of apps published by those companies’ tools.
Of the 5,000 AI-code programs that Zvi says were left open to anyone who just typed their URLs into a browser, he found about 2,000 that, upon closer inspection, appeared to reveal privacy: Images of the programs he shared with WIRED — several of which WIRED confirmed were still online and exposed — showed what appeared to be medical information. doctors, purchasing information for a company’s advertising, what appears to be another company’s marketing strategy, all customer records of chatbot conversations with customers, including customers’ full names and contact information, shipping company’s shipping records, and sales and financial records from various other companies. In some cases, Zvi says, he discovered that leaked software would have allowed him to gain positions in the system and remove other managers.
In Lovable’s case, Zvi says he also found numerous examples of websites modeled after major companies, including Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s, which appear to have been created by a crooked AI tool and hosted on Lovable’s site.
When WIRED asked the four AI companies that discovered RedAccess’s findings, Netlify did not respond, but the other three companies pushed back against the researchers’ claims and argued that they did not fully share their findings or give them enough time to respond. (RedAccess said it reached out to the companies on Monday.) But they did not deny that the RedAccess Internet software that was discovered was left open.
“From the limited information they shared, (RedAccess’s) main claim appears to be that some users have published software on the Internet that should be private,” Replit CEO Amjad Masad wrote in a response to X. “Replit allows users to choose whether software is public or private. Public software available on the Internet is expected. Privacy settings can be changed at any time with a single click.”
