As artificial intelligence increasingly takes over the jobs of current programmers, the cybersecurity world is warning that auto-coding tools will surely introduce a modern mass of hackable bugs into software. However, when these same vibration encoding tools invite anyone to create web-hosted applications with a single click, it turns out that the security implications go beyond bugs to include a complete lack of everyone security – sometimes even for highly sensitive corporate and personal data.
Security researcher Dor Zvi and his team at the cybersecurity company he co-founded, RedAccess, analyzed thousands of vibration-coded web applications created using AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no type of security or authentication. Many of these web applications allowed anyone who merely found the URL to access the applications and their data. Others had only negligible barriers to this access, such as requiring the visitor to log in using any email address. Zvi says about 40 percent of the apps exposed sensitive data, including medical information, financial data, corporate presentations and strategic documents, as well as detailed logs of customer conversations with chatbots.
“The end result is that organizations are actually leaking private data through vibration coding apps,” Zvi says. “This is one of the largest events in history where people reveal corporate or other sensitive information to anyone in the world.”
Zvi says RedAccess found finding vulnerable web applications surprisingly basic. Lovable, Replit, Base44, and Netlify allow users to host their web applications on the domains of the AI companies’ own domains, rather than the users themselves. So the researchers used plain Google and Bing searches for the domains of these AI companies, combined with other search terms, to identify thousands of apps that were encoded in the form of vibrations using these companies’ tools.
Of the 5,000 AI-coded apps that Zvi said were publicly available to anyone who simply typed their URL into a browser, nearly 2,000, on closer inspection, appeared to reveal private data: screenshots of web apps that WIRED shared – several of which WIRED had verified were still online and exposed – showed what appeared to be hospital job assignments with doctors’ personal information, a detailed description of the company’s advertising purchases, information that appeared to be a presentation of the third-party go-to-market strategy, the retailer’s complete customer call logs, including customer names and contact information, freight records from the shipping company, and various sales and financial data from various third-party companies. Zvi claims that in some cases, exposed applications allowed it to gain administrative privileges on systems and even remove other administrators.
In the case of Lovable, Zvi says it also found numerous examples of phishing sites impersonating vast corporations, including Bank of America, Costco, FedEx, Trader Joe’s and McDonald’s, which were likely created using an AI coding tool and hosted on the Lovable domain.
When WIRED asked the four AI coding companies about RedAccess’s findings, Netlify did not respond, but the three other companies rejected the researchers’ claims and protested that they had not shared their findings sufficiently or given them enough time to respond. (RedAccess says it contacted the companies on Monday). However, the companies did not deny that the web applications found by RedAccess remained exposed.
“From the restricted information they shared, it appears that [RedAccess’s] The basic claim appears to be that some users have published applications on the open web that should be private,” wrote Replit CEO Amjad Masad in a post responding to X. “Replit allows users to choose whether applications are public or private. Public applications are expected to be available on the Internet. Privacy settings can be changed at any time with a single click.”