380,000 Apps Exposed, 2,000+ Apps Leaked Secrets: AI Programming Turns 'Intranet' into Public Internet
Israeli cybersecurity firm RedAccess uncovered a severe data exposure trend linked to "vibe coding" or AI-powered software development tools. Their research found approximately 38,000 publicly accessible web applications built with platforms like Lovable, Base44, Netlify, and Replit. Of these, an estimated 2,000 apps exposed sensitive corporate and personal data, including medical records, financial information, internal strategic documents, and customer chat logs. In some cases, access even granted administrative privileges.
The core issue stems from default privacy settings that make applications public by default, combined with a lack of built-in security controls (like authentication) in the AI-generated code. This allows employees without security expertise—"citizen developers"—to easily create and deploy applications that bypass standard corporate security reviews. The exposed apps, often indexed by search engines, are trivially discoverable.
While some platform providers (Replit, Lovable, Wix/Base44) argue that security configuration is the user's responsibility and question the validity of some findings, security researchers confirm the widespread reality of such exposures. This pattern, also noted in prior studies, highlights a critical security gap as AI democratizes app creation, potentially leading to massive, unintentional data leaks.
marsbit05/11 04:19
