AI-coded apps leak sensitive corporate and personal data online

Thousands of web applications built using AI-powered platforms like Lovable, Base44, Replit, and Netlify are exposing highly sensitive corporate and personal data on the public internet. These tools allow anyone to create a functional web app in seconds through natural language prompts, a process known as "vibe coding." However, the ease of development often leads to critical security oversights, such as hardcoded API keys, database credentials, and unsecured cloud storage buckets. Researchers have identified over 10,000 such apps with exposed secrets, including access tokens for major services like AWS, Google Cloud, and Stripe. The data leaks range from internal company communications and customer information to proprietary source code. The problem is exacerbated by the lack of security awareness among non-technical users who rely on these AI tools. The findings highlight a growing cybersecurity risk as AI-assisted coding becomes mainstream, with potential consequences for data privacy and corporate security.