The Shadow AI Security Crisis: How Vibe-Coded Apps Are Leaking Corporate Data

Most enterprise security programs were designed for servers, endpoints, and cloud accounts—not for a product manager who quickly builds a customer intake form over a weekend using a vibe coding tool, connects it to a live database, and deploys it on a public URL that Google indexes. That gap is now quantified. Recent research from Israeli cybersecurity firm RedAccess uncovered 380,000 publicly accessible assets—apps, databases, and infrastructure—created with vibe coding platforms like Lovable, Base44, Replit, and Netlify. About 5,000 of these (1.3%) contained sensitive corporate information, verified by Axios and Wired. This crisis mirrors the infamous S3 bucket exposures of the past, but with the speed and scale of AI-generated code. Below, we answer key questions about this emerging threat.

What is the scale of the exposure discovered by RedAccess?

RedAccess identified a staggering 380,000 publicly accessible assets built with vibe coding tools. Among these, roughly 5,000 applications—about 1.3%—contained sensitive corporate data. These assets included databases, full applications, and supporting infrastructure. CEO Dor Zvi noted that the team found these exposures while investigating shadow AI for clients. The scale is unprecedented because anyone with an internet connection can stumble upon these apps, many of which are indexed by Google. To put it in perspective, that's roughly equivalent to finding a small city's worth of unsecured front doors, all built by developers who may have no formal security training.

What kinds of sensitive data were found in exposed apps?

The exposed data spans industries and geographies. A shipping company app revealed which vessels were expected at which ports. A health company's internal application listed active clinical trials across the U.K. Full unredacted customer service conversations for a British cabinet supplier sat openly on the web. Internal financial information for a Brazilian bank was accessible to anyone who found the URL—no login required. Even more alarming: patient conversations from a children’s long-term care facility, hospital doctor-patient summaries, incident response records from a security company, and ad purchasing strategies. These aren't obscure test databases; they're live production systems handling sensitive personal and corporate data.

Why are default privacy settings a core part of the problem?

Many vibe coding platforms, including Lovable and Replit, default applications to public visibility. Users must manually toggle settings to private, but few think to do so—especially non-technical builders. As Dor Zvi put it: “I don’t think it’s feasible to educate the whole world around security. My mother is vibe coding with Lovable, and no offense, but I don’t think she will think about role-based access.” These defaults mean apps are automatically indexed by search engines, making them easy to discover. This design choice shifts the security burden onto users who may not even know what an S3 bucket is, let alone how to lock it down. The result: a massive, invisible attack surface.

How does this shadow AI issue compare to the S3 bucket crisis?

Remember the era of exposed S3 buckets? Thousands of companies accidentally left cloud storage open to the internet, leaking terabytes of data. This vibe coding crisis is its spiritual successor, but faster and broader. Vibe coding tools enable rapid, widespread app creation by individuals with little security awareness. While S3 buckets required some technical know-how to misconfigure, vibe coding defaults make exposure simple. The volume is also higher: in just one scan, RedAccess found 380,000 assets, and Escape.tech's smaller sample uncovered similarly alarming rates of vulnerabilities. Both crises share a common root: default public access and lack of oversight. The difference is the speed at which these AI-generated apps multiply.

What regulatory obligations might these exposures trigger?

Depending on the data and jurisdiction, many of these leaks could trigger serious regulatory penalties. Health-related exposures (like patient conversations and doctor summaries) may violate HIPAA in the U.S. or UK GDPR if they involve identifiable data. Financial information from the Brazilian bank falls under Brazil’s LGPD. Even non-health data, such as customer service transcripts, could breach GDPR's requirement for confidentiality. Regulators are increasingly vigilant about shadow IT. Companies whose employees or contractors create these apps without proper security reviews face not only regulatory fines but also reputational damage and potential lawsuits from affected individuals.

What phishing sites were built using these tools?

RedAccess uncovered phishing sites built on Lovable that impersonated major brands: Bank of America, FedEx, Trader Joe’s, and McDonald’s. These pages were designed to harvest login credentials and personal information. Lovable stated it had begun investigating and removing the phishing sites, but the incident shows how easily vibe coding tools can be weaponized. The same platforms that empower product managers to build internal tools also allow attackers to create convincing fake login pages in hours. This dual-use risk is a growing concern for cybersecurity teams, as traditional phishing detection may not catch sites hosted on legitimate app-building domains.

What did Escape.tech find when scanning vibe-coded apps?

In October 2025, security firm Escape.tech scanned 5,600 publicly available vibe-coded applications. The results were stark: over 2,000 high-impact vulnerabilities, more than 400 exposed secrets (API keys, access tokens), and 175 instances of personal data exposure containing medical records and bank account numbers. Every vulnerability was in a live production system discoverable within hours of scanning. Escape.tech's full report details the methodology. The company later raised an $18 million Series A led by Balderton in March 2026, citing the security gap opened by AI-generated code as a core market thesis. These findings corroborate RedAccess’s research and show this is not a one-off issue—it's an industry-wide vulnerability.