Over 5,000 Publicly Accessible AI-Generated Web Apps Expose Sensitive Data

Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using Lovable, Replit, Base44 and Netlify. They found more than 5,000 of them that had virtually no security or authentication of any kind. Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data.

Around 40 percent of the apps exposed sensitive data, Zvi says. The sensitive data exposed included medical information, financial data, corporate presentations, strategy documents, and detailed logs of customer conversations with chatbots. Of the 5,000 AI-coded apps that were left publicly accessible, close to 2,000 seemed to reveal private data.

Exposed apps included a hospital's work assignments with personally identifiable information of doctors, a company's detailed ad purchasing information, a firm's go-to-market strategy presentation, a retailer's full logs of its chatbot's conversations with customers including full names and contact information, a shipping firm's cargo records, and assorted sales and financial records from a variety of companies.

In some cases the exposed apps would have allowed gaining administrative privileges over systems and removing other administrators. RedAccess researchers used Google and Bing searches for the AI companies' domains combined with other search terms to identify thousands of apps.

Lovable, Replit, Base44 and Netlify allow users to host web apps on those AI companies' own domains. Zvi notes that the 5,000 exposed apps found were only those hosted on the AI coding tools' own domains, and that likely thousands more are hosted on users' own purchased domains.

In the case of Lovable, Zvi says he also found numerous phishing sites impersonating Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s that appeared to have been created with the AI coding tool and hosted on Lovable's domain.

RedAccess reached out to the four companies on Monday. Netlify did not respond to WIRED's inquiry about the findings. Replit, Lovable, and Base44 pushed back on RedAccess’s claims and protested that researchers hadn't shared enough findings or provided enough time to respond.

Replit CEO Amjad Masad wrote: “From the limited information they shared, [RedAccess's] core claim appears to be that some users have published apps on the open web that should’ve been private. Replit allows users to choose whether apps are public or private. Public apps being accessible on the internet is expected behavior.

A Lovable spokesperson stated: “Lovable takes reports of exposed data and phishing sites seriously, and we're actively working to obtain what we need to investigate. We're treating this as an ongoing matter. ” Blake Brodie, head of public relations for Base44's parent company Wix, stated that Base44 provides users with robust tools to configure security including access controls and visibility settings, and that disabling those controls is a deliberate user action.

RedAccess contacted owners of a few dozen exposed web apps, which confirmed data had been exposed. Base44 users thanked RedAccess researchers for alerting them to exposed web apps, which were then secured or taken offline.