Shadow AI: Uncovering the S3 Bucket Crisis in 5,000 Vibe-Coded Apps

Most enterprise security programs were built to protect servers, endpoints, and cloud accounts. None of them was built to find a customer intake form that a product manager vibe coded on Lovable over a weekend, connected to a live Supabase database, and deployed on a public URL indexed by Google. That gap now has a price tag.

New research from Israeli cybersecurity firm RedAccess quantifies the scale. The firm discovered 380,000 publicly accessible assets, including applications, databases, and related infrastructure, built with vibe coding tools from Lovable, Base44, and Replit, as well as deployment platform Netlify. Roughly 5,000 of those assets, about 1.3%, contained sensitive corporate information. CEO Dor Zvi said his team found the exposure while researching shadow AI for customers. Axios independently verified multiple exposed apps, and Wired confirmed the findings separately.

Among the verified exposures: a shipping company app detailed which vessels were expected at which ports. An internal health company application listed active clinical trials across the U.K. Full, unredacted customer service conversations for a British cabinet supplier sat on the open web. Internal financial information for a Brazilian bank was accessible to anyone who found the URL.

The exposed data also included patient conversations at a children’s long-term care facility, hospital doctor-patient summaries, incident response records at a security company, and ad purchasing strategies. Depending on jurisdiction and the data involved, the healthcare and financial exposures may trigger regulatory obligations under HIPAA, UK GDPR, or Brazil’s LGPD.

RedAccess found phishing sites built on Lovable that impersonated Bank of America, FedEx, Trader Joe’s, and McDonald’s. Lovable said it had begun investigating and removing the phishing sites.

The defaults are the problem

Privacy settings on several vibe coding platforms make apps publicly accessible unless users manually switch them to private. Many of these applications get indexed by Google and other search engines. Anyone can stumble across them. Zvi put it plainly: “I don’t think it’s feasible to educate the whole world around security. My mother is [vibe coding] with Lovable, and no offense, but I don’t think she will think about role-based access.”

This is not an isolated finding

In October 2025, Escape.tech scanned 5,600 publicly available vibe-coded applications and found more than 2,000 high-impact vulnerabilities, over 400 exposed secrets including API keys and access tokens, and 175 instances of personal data exposure containing medical records and bank account numbers. Every vulnerability Escape found was in a live production system, discoverable within hours. The full report documents the methodology. Escape separately raised an $18 million Series A led by Balderton in March 2026, citing the security gap opened by AI-generated code as a core market thesis.

Gartner’s “Predicts 2026” report forecasts that by 2028, prompt-to-app approaches adopted by citizen developers will increase software defects by 2,500%. Gartner identifies a new class of defect where AI generates code that is syntactically correct but lacks awareness of broader system architecture and nuanced business rules. The remediation costs for these deep contextual bugs will consume budgets previously allocated to innovation.

Shadow AI is the multiplier

IBM’s 2025 Cost of a Data Breach Report found that 20% of organizations experienced breaches linked to shadow AI. Those incidents added $670,000 to the average breach cost, pushing the shadow AI breach average to $4.63 million. Among organizations that reported AI-related breaches, 97% lacked proper access controls. And 63% of breached organizations had no AI governance policy in place.

Shadow AI breaches disproportionately exposed customer personally identifiable information at 65%, compared to 53% across all breaches, and affected data distributed across multiple environments 62% of the time. Only 34% of organizations with AI governance policies performed regular audits for unsanctioned AI tools. VentureBeat’s shadow AI research estimated that actively used shadow apps could more than double by mid-2026. Cyberhaven data found 73.8% of ChatGPT workplace accounts in enterprise environments were unauthorized.

What to do first

The audit framework below gives CISOs a starting point for triaging vibe-coded app risk across five domains.

The CISO who treats this as a policy problem will write a memo. The CISO who treats this as an architecture problem will deploy discovery scanning across the four largest vibe coding domains, require pre-deployment security review, extend the existing AppSec pipeline to citizen-built apps, and add those domains to DLP rules before the next board meeting. One of those CISOs avoids the next headline.

The vibe coding exposure RedAccess documented is not a separate problem from shadow AI. It is shadow AI’s production layer. Employees build internal tools on platforms that default to public, skip authentication, and never appear on any asset inventory, which means the applications stay invisible to security teams until a breach surfaces or a reporter finds them first. Traditional asset discovery tools were designed to find servers, containers, and cloud instances. They have no way to find a marketing configurator that a product manager built on Lovable over a weekend, connected to a Supabase database holding live customer records, and shared with three external contractors through a public URL that Google indexed within hours.

The detection challenge runs deeper than most security teams realize. Vibe-coded apps deploy on platform subdomains that rotate frequently and often sit behind CDN layers that mask origin infrastructure. Organizations running mature, secure web gateways, CASB, or DNS logging can detect employee access to these domains. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. In the realm of cybersecurity, the monitoring of major vibe coding platforms is crucial as these apps often generate a limited signal in traditional security systems. They exist in a gap between network visibility and application inventory, posing a challenge for security stacks designed without these platforms in mind.

Recently, Replit CEO Amjad Masad revealed that RedAccess provided only a 24-hour notice before going public with findings. Base44 and Lovable also confirmed that RedAccess did not provide the necessary technical details to verify the exposed applications. While none of the platforms denied the existence of the exposed apps, the lack of transparency raised concerns.

Wiz Research discovered a platform-wide authentication bypass in Base44 in July 2025. This flaw allowed anyone to create a verified account on private apps using a publicly visible app_id, highlighting the vulnerability of platforms where security is often assumed by users. While Wix promptly addressed the issue, it shed light on the insufficient authentication layers present in such platforms.

Similarly, a vulnerability documented as CVE-2025-48757 exposed data across multiple production applications generated by Lovable’s Supabase projects. The AI-generated database layer lacked essential security policies, leaving data vulnerable to unauthorized access. Lovable’s response, shifting responsibility to individual customers, underscores the security challenges faced by non-technical users building applications.

For security teams, the RedAccess findings underscore the need to address credential theft and data exposure across various platforms. The lack of security review before deployment poses a significant risk, particularly in environments where user-generated apps may lack proper authentication and access control measures.

The rapid pace of AI-generated applications further complicates security efforts, as vulnerabilities can scale faster than manual review processes can keep up. Security leaders must consider not just whether vibe-coded apps are present within their perimeter, but also the extent of data exposure and access permissions associated with these apps.

Organizations that proactively scan for security vulnerabilities are better equipped to mitigate risks, while those that delay may find themselves in the headlines for the wrong reasons. By staying vigilant and prioritizing security measures, organizations can safeguard their data and systems from potential threats.

In conclusion, the evolving landscape of vibe coding platforms demands a proactive approach to cybersecurity to address vulnerabilities and protect sensitive data effectively. By staying informed and implementing robust security measures, organizations can mitigate risks and safeguard their digital assets in an increasingly complex threat landscape.