Security teams woke up this week to a fresh headache. Over 5,000 hastily built web applications sit exposed on the public internet. They contain hospital schedules with doctors’ names, detailed financial records, customer chatbot logs revealing personal contact information, and internal strategy documents from real businesses. All created in minutes using AI tools that promise anyone can build software by describing what they want.
The findings come from researchers at Israeli cybersecurity firm RedAccess. They scanned apps built on platforms including Lovable, Replit, Base44 and Netlify. The result? More than 380,000 publicly accessible assets turned up in searches. Roughly 5,000 held sensitive information. About 40% of the no-protection apps leaked private data. (WIRED, May 7, 2026)
RedAccess CEO Dor Zvi didn’t mince words. “The end result is that organizations are actually leaking private data through vibe-coding applications,” he told reporters. “This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world.”
Short. Simple. And already causing real damage.
Examples paint a stark picture. One exposed app listed hospital work assignments complete with personally identifiable doctor information. Another held a company’s full ad purchasing details. A retailer’s chatbot conversation logs showed customer names and contacts. Shipping firms had cargo records online. Sales figures and financial spreadsheets from various businesses appeared unprotected. Researchers verified several remained live during checks. They reached out to owners of dozens. Many confirmed the exposures and quickly locked them down. (Axios, May 7, 2026)
Additional cases surfaced in the Axios report. A shipping company app revealed vessel schedules at ports. A health firm listed active U.K. clinical trials. Customer service chats for a cabinet maker appeared in full. Brazilian bank financials. Patient conversations at a children’s long-term care facility. Even a personal vacation planner with hotel and dinner bookings for a couple in Belgium. Schools had lesson recordings alongside student and teacher data. Hospitals showed doctor-patient summaries, complaints and staff schedules. One security company used such a tool to triage live customer incidents. The data flowed freely because basic authentication never existed.
But how did this scale so fast? Vibe coding lets non-technical staff describe an app in plain language. The AI generates code, connects databases, and deploys. No review. No security gates. Marketing teams build internal tools. Operations staff create dashboards. They publish them. Often to the company’s own subdomain or the platform’s hosted domain where search engines index them immediately.
Zvi explained the process. “Anyone from your company at any moment can generate an app, and this is not going through any development cycle or any security check. People can just start using it in production without asking anyone. And they do.” He added that educating everyone on security isn’t realistic. “I don’t think it’s feasible to educate the whole world around security. My mother is [vibe coding] with Lovable, and no offense, but I don’t think she will think about role-based access.”
The platforms push back. They stress user responsibility. Replit CEO Amjad Masad noted users choose public or private settings. Public apps behave as expected, and privacy toggles take one click. A Lovable spokesperson said the company takes reports seriously, investigates, and gives builders tools for secure apps. Configuration remains the creator’s job. Base44, owned by Wix, echoed that its tools include access controls and visibility options. Disabling them requires deliberate action. They questioned some claims, noting test data or fabricated examples can look real. Netlify offered no comment.
Researchers countered that defaults often favor public access. Many apps use services like Supabase without enabling row-level security policies. Client-side code exposes API keys. Authentication checks get skipped. Earlier scans of Lovable apps found one in ten leaking user data through the same flaw. Independent tests pulled debt balances, home addresses and keys in minutes. A CVE was assigned, though Lovable disputes its framing.
Pattern Matches Past Cloud Missteps
This isn’t entirely new. It echoes the wave of exposed Amazon S3 buckets years ago. Verizon, World Wrestling Entertainment and countless others left data open through simple configuration errors. Yet the speed and volume here feel different. AI removes the friction. What once took a developer hours now takes prompts. Shadow AI spreads inside companies without oversight. Employees bypass procurement, security reviews and approved tooling.
Security researcher Joel Margolis described the typical user. Somebody from marketing wants a website. They’re not an engineer. They possess little security background. The AI does exactly what asked. Unless security gets specified, it won’t add it.
Earlier studies back the trend. Scans of over 1,000 Supabase-backed apps found 98% had issues. Thirty-nine sites allowed anyone with the public key to read all tables. Sensitive columns with emails, passwords and tokens sat queryable. Other reports flagged injection flaws, authorization bypasses and exposed secrets in AI-generated code at rates 1.5 to 2 times higher than human-written software. One dating app leaked 72,000 images, including government IDs, due to an open Firebase bucket. The pattern repeats.
Phishing sites add another layer. RedAccess discovered numerous Lovable-built fakes impersonating Bank of America, Costco, FedEx, Trader Joe’s and McDonald’s. They sit on the same infrastructure. The barrier to creating convincing replicas dropped to near zero.
Companies started acting after notifications. Some exposed apps disappeared by midweek. Others received takedown requests. Yet the researchers only examined apps on the platforms’ own domains. Thousands more likely run on custom domains. The true number exceeds the published figures. Google and Bing indexing makes discovery trivial for anyone hunting.
So what now? Security leaders face pressure to scan for these assets. Tools already emerge to detect missing row-level security, exposed keys and open endpoints in vibe-coded projects. Teams debate blocking certain platforms or mandating reviews for any AI-generated deployment. But enforcement proves tough when business units move faster than policy.
The incident highlights a core tension. AI coding accelerates innovation. It also multiplies mistakes. Non-experts ship production systems without grasping authentication, encryption or least-privilege principles. Platforms profit from ease of use. They shift liability to users. The data ends up public. Attackers don’t need sophisticated exploits. They need search engines and patience.
Zvi compared the situation to the S3 era but noted the human element feels more widespread. Entire organizations leak through apps created on a whim. The fix requires more than patches. It demands culture shifts around visibility, default settings and training that actually sticks. Until then, expect more headlines. More exposed records. More quiet scrambles to take apps offline after the fact.
And the apps keep getting built. Every day.
WebProNews is an iEntry Publication