"The main issue, Khan said, was that all apps that are vibe-coded on Lovable's platform are shipped with their backends powered by Supabase, which handles authentication, file storage, and real-time updates through a PostgreSQL database connection. However, when the developer - in this case AI - or the human project owner fails to explicitly implement crucial security features like Supabase's row-level security and role-based access, code will be generated that looks functional but in reality is flawed."
"This is backwards. The guard blocks the people it should allow and allows the people it should block. A classic logic inversion that a human security reviewer would catch in seconds - but an AI code generator, optimizing for 'code that works,' produced and deployed to production."
"Taimur Khan, a tech entrepreneur with a background in software engineering, found 16 vulnerabilities - six of which he said were critical - in a single Lovable-hosted app that leaked more than 18,000 people's data."
Lovable, a vibe-coding platform using AI to generate applications, faces accusations of hosting apps with severe security vulnerabilities. Researcher Taimur Khan discovered 16 vulnerabilities, including six critical ones, in a single Lovable-hosted app that exposed over 18,000 people's data. The core problem stems from Lovable's architecture: all apps use Supabase-powered backends for authentication and data management, but when developers or AI fail to implement essential security measures like row-level security and role-based access controls, the generated code appears functional while containing critical flaws. Khan identified a malformed authentication function with inverted access control logic that blocked legitimate users while allowing unauthorized access. Lovable maintains that users are responsible for addressing security issues before publishing.
#ai-generated-code-security #lovable-platform-vulnerabilities #authentication-flaws #data-breach #supabase-security
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]