Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

Security researchers at RedAccess found thousands of AI-generated web applications hosted on platforms like Lovable, Replit, Base44, and Netlify that were publicly accessible with minimal or no authentication; roughly 40% of those apps exposed sensitive data (medical, financial, PII, corporate documents, chat logs) and some enabled administrative access or hosted phishing sites impersonating major brands.