Wired reports that thousands of AI-assisted apps built by non-engineers and deployed without security review are exposing corporate databases, customer records, and internal credentials on the open web, with researchers finding hardcoded API keys, public Supabase tables, and unauthenticated admin panels in apps generated through Cursor, Bolt, Lovable, and similar AI coding tools.
The mechanism is straightforward and the scale is consequential. AI coding assistants generate working code fast, but the boilerplate they produce optimises for functionality, not security posture. A non-engineer asking Cursor to build an internal customer lookup tool gets working code that queries a database and renders results. They do not get a lecture on row-level security, authentication middleware, or environment variable management. The app ships. The database is public. The credentials are in the GitHub repo. Wired found examples of customer portals exposing full names, emails, and purchase histories, internal dashboards with live production database connections, and Supabase projects where the default public access settings were never changed. None of these builders intended to leak data. They had no frame of reference for what they were doing wrong.
The platforms share responsibility but are not the primary cause. Supabase's default settings allow public table access unless explicitly restricted, a design choice that prioritises onboarding speed over security. Vercel, Railway, and Render deploy apps without scanning for exposed secrets or weak auth. GitHub Copilot and Claude do not consistently warn users when they suggest code patterns that leave endpoints unauthenticated. The vibe coding ecosystem is optimised for the demo, not the production environment. Lovable and Bolt have shipped security warnings and authentication templates in recent updates, acknowledging the problem, but the installed base of already-deployed apps is not retroactively patched.
The breach surface is growing faster than any security team can monitor. GitHub's code scanning tools catch known vulnerability patterns in professional repositories, but vibe-coded apps often live outside normal CI/CD pipelines. They deploy from personal accounts, share hosting with unrelated projects, and are never entered into a company's asset inventory. Security teams at midsize enterprises are already struggling to track shadow IT from SaaS procurement. AI-generated internal tools are a new category of shadow IT that does not generate a vendor invoice and therefore never appears in a procurement review. By the time a CISO learns about the customer data portal an operations manager built in Bolt, it has been public for three months.
For SF readers, the story flips AI coding from a pure productivity narrative into a startup liability narrative. The productivity gains are real: non-engineers shipping internal tools in hours instead of months genuinely compresses software development costs. The liability is equally real: those same tools are expanding the corporate attack surface at the same rate. A company that ships 50 AI-generated internal apps in a quarter has created 50 new potential breach vectors, each built by someone who did not think about security because the AI did not prompt them to. Breach costs average $4.45 million per incident, which erases years of productivity savings from a single exposed database.
The security tooling layer for vibe coding is an open market with no dominant player. The need is specific: lightweight scanning that runs at deployment time, not in a CI/CD pipeline that non-engineers never configured. Tools that check for unauthenticated endpoints, exposed environment variables, public database access, and common boilerplate vulnerabilities before an app goes live. Semgrep has static analysis rules for common patterns. Socket.dev scans dependencies. Neither is designed for the vibe coding deployment flow. The startup opportunity is a Wiz or Snyk for AI-generated code: one-click security audit that runs at the hosting layer before the app becomes accessible.
Whether insurers, enterprises, or app stores become the enforcement mechanism depends on where liability lands first. Cyber insurers are already increasing premiums and tightening exclusions for companies with poor security hygiene. An insurer that discovers an enterprise has thousands of AI-generated apps with no security review will either exclude coverage or require remediation as a policy condition. That creates a compliance driver that boardrooms understand. Enterprise app stores, internal developer portals that gate deployment behind approval workflows, are the other lever. Companies that require all internal tools to pass through a security checkpoint before deployment stop the problem at the governance layer rather than the technical layer. Both mechanisms are coming. The question is which arrives first and whether it comes before a breach that makes the vibe coding problem impossible to ignore publicly.
Also read: Mythos vulnerability scare forces Trump White House to revive pre-release AI safety testing • Tech layoffs are funding AI capex, and the labor market reset is creating startup opportunity on both sides • AI systems copying themselves onto other computers is a real capability, not yet a real threat
