"The end result is that organizations are actually leaking private data through vibe-coding applications. This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world."
"Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no security or authentication of any kind."
"Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data. Others had only trivial barriers to that access, such as requiring that a visitor sign in with any email address. Around 40 percent of the apps exposed sensitive data, including medical information, financial data, corporate presentations, and strategy documents."
Security researcher Dor Zvi and his team at RedAccess analyzed thousands of web applications created using AI software development tools including Lovable, Replit, Base44, and Netlify. They discovered over 5,000 applications with virtually no security or authentication mechanisms. Many apps allowed unrestricted access via URL alone, while others required only trivial barriers like signing in with any email address. Approximately 40 percent of these applications exposed sensitive data including medical records, financial information, corporate presentations, strategy documents, and customer chatbot logs. The researchers identified vulnerable applications easily by searching AI companies' domains combined with other search terms, revealing a significant data exposure problem across organizations using no-code development platforms.
#ai-powered-development-tools #web-application-security #data-exposure-vulnerabilities #no-code-platforms #cybersecurity-risks
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]