{"id":8074,"date":"2026-05-07T17:45:37","date_gmt":"2026-05-07T17:45:37","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8074"},"modified":"2026-05-07T17:45:37","modified_gmt":"2026-05-07T17:45:37","slug":"thousands-of-ai-vibe-coding-apps-may-expose-sensitive-medical-business-data","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8074","title":{"rendered":"Thousands of AI \u2018Vibe Coding\u2019 Apps May Expose Sensitive Medical, Business Data"},"content":{"rendered":"<p>The promise of building apps with a few text prompts is turning into a growing cybersecurity headache: Researchers warn that the same AI tools that help people create software in minutes are also exposing sensitive company and personal information to the public internet.<\/p>\n<p>A new investigation by Israeli cybersecurity firm Red Access found thousands of AI-generated web apps leaking data ranging from medical records to internal business documents. The findings add to mounting concerns about vibe coding, a fast-growing trend in which <a href=\"https:\/\/www.eweek.com\/news\/replit-vibe-coding-feature\/\">users rely heavily on AI tools to generate and deploy software<\/a> with little or no traditional coding experience.<\/p>\n<p>A new investigation by Israeli cybersecurity firm Red Access found roughly 380,000 publicly accessible assets created with AI-powered coding tools such as Lovable, Replit, Netlify, and Base44. According to the researchers, about 5,000 of those apps exposed potentially sensitive information.<\/p>\n<p>The findings, reported by Axios, suggest many users are publishing internal tools online without realizing they are publicly accessible. Dor Zvi, CEO of Red Access, said the company uncovered the apps while researching \u201cshadow AI,\u201d where employees use AI tools without formal approval from their organizations.<\/p>\n<p>\u201cThe concept of people just creating something that simply, and using it in production \u2026 on behalf of their company without getting any permission \u2014 there is no limit,\u201d <a href=\"https:\/\/www.axios.com\/2026\/05\/07\/loveable-replit-vibe-coding-privacy\" target=\"_blank\" rel=\"noopener\">Zvi told Axios<\/a>.<\/p>\n<p>He also warned that many non-technical users may not even think about security settings before launching apps online. \u201cI don\u2019t think it\u2019s feasible to educate the whole world around security,\u201d Zvi said in comments published by Axios. \u201cMy mother is [vibe coding] with Lovable, and no offense, but I don\u2019t think she will think about role-based access.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Medical, financial, and corporate data reportedly exposed<\/h2>\n<p>The exposed information reportedly included medical records, financial documents, chatbot conversations, schedules, and internal business materials.<\/p>\n<p>Axios said it independently verified several exposed applications, including a shipping company app displaying vessel schedules, a healthcare platform detailing clinical trials in the UK, and customer support conversations from a cabinet supplier.<\/p>\n<p><a href=\"https:\/\/www.wired.com\/story\/thousands-of-vibe-coded-apps-expose-corporate-and-personal-data-on-the-open-web\/\" target=\"_blank\" rel=\"noopener\">WIRED reported<\/a> that some exposed apps appeared to contain hospital work assignments, sales records, marketing strategy presentations, financial information, and chatbot logs with customer names and contact details.<\/p>\n<p>Researchers also claimed they found apps leaking patient conversations, school lesson recordings, and internal staff schedules. According to WIRED, around 40% of the <a href=\"https:\/\/www.eweek.com\/news\/langchain-ai-vulnerability-exposes-apps-to-hack\/\">exposed apps appeared to contain sensitive data<\/a>.<\/p>\n<p>\u201cThe end result is that organizations are actually leaking private data through vibe-coding applications,\u201d Zvi told WIRED. \u201cThis is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Platforms push back on claims<\/h2>\n<p>The companies behind the <a href=\"https:\/\/www.eweek.com\/news\/news-ai-tools-for-coding\/\">AI coding tools<\/a> disputed parts of the researchers\u2019 findings, arguing that the visibility of public apps online does not automatically mean there was a security breach. Replit CEO Amjad Masad said users can decide whether apps are public or private.<\/p>\n<p>\u201cReplit allows users to choose whether apps are public or private,\u201d Masad wrote in a statement cited by WIRED. \u201cPublic apps being accessible on the internet is expected behavior. Privacy settings can be changed at any time with a single click.\u201d<\/p>\n<p>A spokesperson for Lovable said the company was investigating the claims and emphasized that developers are responsible for how their apps are configured.<\/p>\n<p>\u201cLovable takes reports of exposed data and phishing sites seriously, and we\u2019re actively working to obtain what we need to investigate,\u201d the company said in a statement published by WIRED. Base44 also defended its platform, saying users are given tools to configure security settings themselves.<\/p>\n<p>The scale of this issue is expected to grow. Industry forecasts suggest that 60% of all new code will be AI-generated by the end of this year. While these tools democratize creation, they also bypass the traditional security checks used by professional engineering teams.<\/p>\n<p><strong>Related reading: As AI coding tools reshape how software gets built, OpenAI is also expanding Codex into a <\/strong><a href=\"https:\/\/www.eweek.com\/news\/openai-codex-ai-super-app-developers\/\"><strong>broader developer \u201csuper app\u201d<\/strong><\/a><strong> aimed at streamlining more of the app-building process.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/www.eweek.com\/news\/ai-vibe-coding-apps-data-leaks\/\">Thousands of AI \u2018Vibe Coding\u2019 Apps May Expose Sensitive Medical, Business Data<\/a> appeared first on <a href=\"https:\/\/www.eweek.com\/\">eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>The promise of building apps with a few text prompts is turning into a growing cybersecurity headache: Researchers warn that the same AI tools that help people create software in minutes are also exposing sensitive company and personal information to the public internet. A new investigation by Israeli cybersecurity firm Red Access found thousands of [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-8074","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8074"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8074"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8074\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8074"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8074"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8074"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}