Engineers grab AI coding assistants. They bang out apps in hours. Deploy straight to production. No pipelines. No scans. No reviews. Boom—exposed keys, open routes, leaked patient data. This isn’t hype. It’s happening now, at scale, across thousands of live systems.
A weekend project kicks it off. One engineer uses an AI tool to spit out backend code for an internal tool. Simple API calls. Quick frontend. Straight to a server, skipping CI/CD entirely. It runs fine at first. Then cracks appear. An API key sits plain in a config file. A pulled-in dependency packs a known vuln. A sensitive route stays wide open. Attackers sniff it out later. Costs spike. Data flows out. As DevOps.com details, ‘AI-generated apps do not fail loudly. They fail quietly and often too late.’
Scale that to shadow fleets. RedAccess scanned 380,000 public assets from vibe-coding platforms like Lovable, Base44, Replit, and Netlify. About 5,000 held sensitive corporate data—financial records from a Brazilian bank, UK clinical trials, unredacted customer chats, hospital patient summaries, even incident response logs from a security firm. Platforms default to public access. Google indexes them fast. No auth required. VentureBeat reports these exposures hit healthcare and finance, tripping HIPAA, GDPR, and LGPD alarms.
Escape.tech dug deeper into 1,400 vibe-coded apps. They uncovered 2,038 critical vulnerabilities. Over 400 leaked secrets like API keys and tokens. 175 PII exposures, including bank accounts and medical records. All live. All findable in hours. Platforms push ‘prompt-to-deploy’ speed. Security? An afterthought. Base44 suffered a platform-wide auth bypass (patched quick after Wiz flagged it). Lovable’s Supabase integrations skipped row-level security in over 170 apps, per CVE-2025-48757.
AI code looks clean. Passes linters. Aces unit tests. But hides traps. Veracode tested over 100 LLMs. 45% of outputs failed OWASP Top 10 checks. 86% botched XSS defenses. Checkmarx pegs AI code at 1.7 times more issues than human work, with half carrying flaws. One dev.to scan of 100 AI apps? 67 had critical holes. 45% hardcoded secrets. 38% missing auth on APIs. 31% SQL injection or XSS risks. Cursor apps showed IDOR flaws. Lovable ones lacked Supabase policies. As dev.to puts it, these aren’t zero-days. They’re OWASP classics, regenerated fresh.
Why pipelines miss this entirely.
Vibe coding dodges gates by design. No commits to scan. No PRs for review. Apps spin up on rotating subdomains behind CDNs. SIEM logs barely register. Traditional SAST/DAST? Useless on untracked deploys. Shadow AI multiplies it—20% of firms hit breaches from unsanctioned tools, hiking costs by $670k per incident to $4.63 million total, per reports cited in VentureBeat. Gartner warns prompt-to-app will spike defects 2,500% by 2028, eating remediation budgets.
DevSecOps built for repos and merges. Not this. AI assistants like Cursor, Claude Code, VS Code Copilot, AWS Kiro churn code lacking context—no threat models, no infra specifics. Prompts skip validation. Outputs hallucinate deps (20% bogus packages, ripe for supply chain hits). Agents grab elevated perms, execute commands, hit external tools. Prompt injection flips them malicious. As Checkmarx notes, every AI session risks MCP servers exfiltrating creds or injecting payloads.
But fixes exist. Teams bolt on discovery first—scan DNS and cert transparency logs for Lovable/Replit subdomains tied to your domains. Block unauth apps from internal sources. Extend DLP to cover these platforms. Mandate SAST/DAST pre-deploy, even for ‘quick’ tools. Publish AI policies: acceptable use, review gates, audits. RedAccess CEO Dor Zvi admits, ‘I don’t think it’s feasible to educate the whole world around security.’ So automate the gates. Treat AI output as untrusted. Pipe it through existing flows.
GitHub’s pushing MCP scanners for agents. Firms like OX Security liken LLMs to junior devs—spot path traversal, SSRF, but need oversight. Veracode urges IDE-time checks. Velocity without controls? Not innovation. Catastrophic failure. One-third of code is AI now. Fix the pipelines, or watch breaches stack.
WebProNews is an iEntry Publication