Jul 9, 2026 · 2:15 AM
Subscribe
Home Ai

Lovable is in talks to double its valuation to $13.2 billion in six months

Lovable is reportedly in talks to raise $300 million at a $13.2 billion valuation, less than seven months after its last round, on the strength of $500 million in annualized revenue and roughly 146 employees. The news comes just weeks after a researcher disclosed a bug that exposed user data for 48 days.

Dave Barr
· 5 min read · 110 views
Lovable is in talks to double its valuation to $13.2 billion in six months

Lovable is reportedly in talks to raise $300 million at a $13.2 billion valuation, doubling its price tag in just six months, while a security bug it left unpatched for 48 days is still fresh in people's minds.

Six months. That's how long it took the Swedish vibe-coding startup to go from a $6.6 billion Series B to reported talks over a $13.2 billion valuation, according to Sifted, which first reported that the new round is under discussion. Lovable hasn't confirmed the figure, and the terms could still move before anyone signs anything. But the trajectory is the story on its own. Lovable priced at $1.8 billion last July, $6.6 billion in December, and now, if this round closes, more than $13 billion by the middle of 2026.

You don't usually see a valuation double this fast without a real step change underneath it. Lovable has one. TechCrunch reported on June 9 that the company had crossed $500 million in annualized revenue, up from the $400 million it disclosed in February, with users generating a million new projects a week. Lovable lets people describe an app in plain English and get working software back. No code required. That pitch has pulled millions of non-technical builders onto the platform since it opened to the public in late 2024.

What's harder to explain away is the headcount behind those numbers. Lovable is reportedly running on around 146 employees. Divide the revenue by the staff count and you get something like $3.4 million in annualized revenue per person, a ratio that would have read like a typo five years ago and now barely raises an eyebrow among AI-native startups built on top of foundation models rather than around them.

Lovable isn't raising in a vacuum. It's chasing the same investor dollars as Cursor, the AI coding tool built by Anysphere, which closed a $2.3 billion Series D at a $29.3 billion valuation in November led by Accel and Coatue, with Nvidia and Google joining the round. TechCrunch reported in April that Cursor was already back in talks for another $2 billion at roughly $50 billion. Replit has leaned into a similar natural-language pitch aimed at a less technical crowd. Vibe coding, the term for building software by describing what you want instead of writing it, has become one of the most crowded, best-funded corners of the AI market, and Lovable's numbers suggest it's holding its ground rather than losing share to better-capitalized rivals.

Frankly, the number that should worry investors as much as the revenue excites them showed up in April. A security researcher disclosed a broken object-level authorization flaw that let anyone with a free Lovable account pull another user's profile, public projects, source code, and database credentials in as few as five API calls, according to reporting cited by TheNextWeb. The researcher had flagged the issue through Lovable's own bug bounty program on March 3. Lovable patched it for new projects, marked the follow-up report as a duplicate, and closed it, leaving existing projects exposed for 48 days.

One of the projects caught in that exposure belonged to Connected Women in AI, a Danish nonprofit. Its leaked records included names, job titles, LinkedIn profiles, and Stripe customer IDs tied to people at Accenture Denmark and Copenhagen Business School. Anton Osika, Lovable's CEO, apologized publicly on LinkedIn afterward, saying the company first learned the scope of the problem from social media because its own disclosure process had broken down.

It wasn't a one-off. Sifted and other outlets have now tied three separate security incidents to Lovable-built projects. That points at something structural, not accidental. A platform built to let anyone ship software in minutes doesn't automatically teach that person, or the platform itself, to lock down who can see what data. Most of Lovable's users have no coding background at all, which means the person least equipped to spot an authorization bug is usually the one shipping it.

None of that appears to be slowing the fundraising. If $13.2 billion holds, the investors weighing in, on the heels of a Series B led by CapitalG and Menlo Ventures' Anthology fund with Nvidia's NVentures, Salesforce Ventures, and Databricks Ventures among the backers, are betting that revenue growth matters more to enterprise buyers than a slow bug bounty response. That's a defensible bet if Lovable actually fixes the pattern behind these incidents. It's a much riskier one if the next vulnerability lands on a customer with more on the line than a nonprofit's LinkedIn list.

Lovable declined to comment on the reported talks, and nothing is signed yet. But a valuation compounding faster than almost anything else in software, and a security record that's now drawn scrutiny three times over, are no longer separate storylines. They're the same company.

Also read: Apple Commits $30 Billion to Broadcom for Chips Made in ColoradoSingapore telcos are now selling AI chatbot access cheaper than a data planAnthropic Says China Was Never Authorized to Use Claude Code Anyway

TOPICS
Dave Barr is a professional Marketing Strategist With Over 6 Years Of Experience in PR. His primary area of expertise is public relations and social branding. Dave has been associated with various content projects from across the world on a regular basis. He has also had associations with big and reputed news networks. Dave contributes to Startup Fortune in the Business, Marketing and Technology sections.
Related Articles
More posts →
Loading next article…
You're all caught up