AI coding tools are helping teams ship software faster, but thousands of exposed apps show what happens when speed outruns security judgment.
The risk in vibe coding is no longer theoretical. A founder, marketer, operator, or intern can now describe an app in plain English, publish it to the web in minutes, and accidentally leave customer records, financial data, internal plans, or admin panels visible to anyone with the right URL.
That is the uncomfortable lesson from new research by RedAccess, the cybersecurity firm co-founded by Dor Zvi. According to reporting from WIRED and Axios, RedAccess researchers examined apps and assets created with tools and platforms including Lovable, Replit, Base44, and Netlify, finding thousands of public applications with little or no meaningful authentication. WIRED reported more than 5,000 exposed AI-built apps, with close to 2,000 appearing to reveal sensitive data, while Axios cited roughly 380,000 publicly accessible apps and assets in the broader scan.
The details matter because this is not simply a story about sloppy code. It is a story about a new operating model. Vibe coding has moved from a novelty into the daily workflow of startups and nontechnical teams that want dashboards, customer portals, internal tools, landing pages, workflow apps, and prototypes without waiting for engineering bandwidth. That can be useful. It can also turn shadow IT into production software before anyone has asked basic questions about permissions, secrets, databases, or deployment settings.
RedAccess said many of the exposed apps were discoverable through ordinary Google and Bing searches because they were hosted on domains controlled by the AI coding or hosting platforms themselves. That is an important point. These were not obscure vulnerabilities requiring advanced exploitation. In many cases, the reported issue was simpler and more dangerous: public apps, public URLs, weak or absent access controls, and data sitting behind screens that were never meant to be open.
The exposed information reportedly included medical details, financial records, corporate presentations, advertising plans, go-to-market strategy documents, shipping records, customer service logs, chatbot conversations, and personally identifiable information. Some examples appeared to show administrative access that could let an outsider change system settings or remove other administrators. RedAccess also said it found phishing pages impersonating brands such as Bank of America, Costco, FedEx, Trader Joe's, and McDonald's, created with AI coding tools and hosted on platform domains.
The companies named in the reporting pushed back in different ways. Replit CEO Amjad Masad argued that public apps being accessible online is expected behavior and that users can change privacy settings. Lovable said creators are ultimately responsible for configuration, while also saying it takes reports of exposed data and phishing seriously. Wix-owned Base44 said users have tools to configure security and access controls, and questioned whether some examples might contain test or fabricated data. Netlify did not respond to WIRED's request for comment.
Those defenses are not irrelevant. A public app is not automatically a breach, and some AI-generated data can look real even when it is not. Startups also need room to prototype without every experiment being treated like regulated production infrastructure. But the pattern still points to a structural problem: when a product invites non-engineers to build and publish software, the default experience becomes part of the security model.
Startups need speed with guardrails
For early-stage companies, the appeal of vibe coding is obvious. A sales team can build a lead tracker. A founder can test a customer onboarding flow. A support team can create a chatbot interface. A finance lead can spin up a reporting page. The economic argument is strong because every small team has more software needs than engineering hours.
The liability shows up when those tools connect to real customer data, payment systems, CRMs, cloud databases, or internal documents. What began as a quick prototype can become an unofficial production system because it works well enough. No security review. No access policy. No logging. No owner. No plan for what happens when a generated app stores secrets in the wrong place or exposes a database endpoint.
This is where founders need to be practical rather than ideological. AI coding tools should enforce safer defaults, especially around public deployment, authentication, secret handling, database permissions, and search indexing. If an app contains customer data or connects to a backend, private should be the starting point, not a setting users discover after publication. A warning box is not enough when the whole promise of the product is that users do not need to understand the underlying stack.
Companies using these tools also need internal rules that match the new reality. Any AI-built app touching customer, employee, financial, medical, or confidential business data should have a named owner, a private deployment by default, approved authentication, a documented data source, and a quick security review before it leaves prototype status. That sounds heavy, but it is much lighter than explaining to customers why their names, messages, invoices, or internal files appeared on the open web.
The comparison to exposed Amazon S3 buckets is useful because the lesson is familiar. A powerful tool with confusing or permissive defaults can create the same mistake thousands of times across unrelated companies. Vibe coding raises the stakes because the number of people able to publish software has expanded far beyond trained developers.
The next phase of AI software will not be judged only by how quickly it creates apps. It will be judged by whether those apps can be trusted once real data enters the picture. Startups that learn that early can keep the speed advantage. Those that do not may discover that the fastest way to ship is also the fastest way to leak.
Also read: North Korea's laptop farm case should put startups on notice • DeepSeek V4 shows how cheaper AI may come from lower precision • Polymarket losses show prediction markets are built for sharper traders
