AI Coding Tools Expose 380K Apps, Leak Sensitive Data

380,000 Apps Built With AI Coding Tools Found Publicly Exposed

A massive security crisis is unfolding in the world of vibe coding, as researchers have discovered that AI-powered development tools are silently turning private enterprise networks into public-facing data leaks. An Israeli cybersecurity startup has identified approximately 380,000 publicly accessible applications — built using popular AI coding platforms — with over 2,000 confirmed to be exposing sensitive private data including medical records, financial information, and Fortune 500 internal documents.

The findings, reported by RedAccess, come amid growing concern over what security experts call 'shadow AI' — the unauthorized or unmonitored use of AI tools within organizations. The implications stretch far beyond individual developers, threatening to undermine enterprise security architectures that companies have spent millions building.

Key Takeaways

• 380,000 publicly accessible apps and assets were discovered, all built using AI coding tools
• ~5,000 apps contain sensitive enterprise information; ~2,000 confirmed to expose private data
• Affected platforms include Lovable, Base44, Netlify, and Replit
• Exposed data includes medical records, financial data, and Fortune 500 internal files
• The root cause is the 'shadow AI' trend — developers using AI tools without proper security oversight
• Research was conducted by RedAccess, led by CEO Dor Zvi

Vibe Coding Creates a New Attack Surface

The term 'vibe coding' refers to the practice of using AI-powered tools to rapidly generate functional applications with minimal manual coding. Platforms like Lovable, Replit, and Base44 have made it possible for developers — and even non-developers — to spin up working web applications in minutes rather than weeks.

But speed comes at a cost. RedAccess researchers found that these tools frequently deploy applications with default public access settings, inadequate authentication mechanisms, and exposed API keys. The result is a sprawling landscape of unsecured applications that anyone with basic technical knowledge can discover and access.

Unlike traditional software development, where applications go through security reviews, penetration testing, and controlled deployment pipelines, vibe-coded apps often skip every layer of security governance. They go from AI-generated code to live deployment in a single step, bypassing the safeguards that enterprises have spent years establishing.

The Scale of the Problem Is Staggering

RedAccess CEO Dor Zvi described the scope of the findings as alarming. Out of the roughly 380,000 publicly accessible assets discovered, approximately 5,000 contained sensitive corporate information. Upon deeper inspection, nearly 2,000 applications appeared to directly expose private data.

The types of data found in the wild are particularly concerning:

• Medical records — patient health information that falls under HIPAA protections in the United States
• Financial data — including transaction records, account details, and internal financial reports
• Internal corporate documents — proprietary files from Fortune 500 companies
• API keys and credentials — authentication tokens that could grant access to additional systems
• Customer databases — personal information including names, emails, and contact details
• Configuration files — infrastructure details that could enable further exploitation

This is not a theoretical risk. These applications were found live on the open internet, accessible to anyone who knew where to look. The research was independently verified by Axios, adding credibility to RedAccess's claims.

Shadow AI Is the Root Cause

The concept of shadow IT — employees using unauthorized technology within an organization — has been a security concern for over a decade. Shadow AI represents its more dangerous evolution. When developers use AI coding tools outside the purview of their IT and security teams, the resulting applications inherit none of the organization's security controls.

Traditional shadow IT might involve an employee signing up for an unauthorized SaaS tool. Shadow AI, by contrast, enables that same employee to build and deploy an entirely new application — one that might pull data from internal databases, connect to corporate APIs, or process sensitive customer information — all without a single security review.

The problem is compounded by the fact that many vibe coding platforms are designed to minimize friction. They handle hosting, deployment, and infrastructure automatically. This means a developer can go from prompt to production in minutes, creating a live, internet-facing application that the security team does not even know exists.

Why Traditional Security Measures Fall Short

Enterprise security architectures are typically built around a well-defined perimeter. Firewalls, VPNs, network segmentation, and access controls all assume that the organization knows what applications exist and where they are deployed. Vibe coding fundamentally breaks this assumption.

When a developer uses Lovable or Replit to create an application, that app is hosted on the platform's infrastructure — not within the enterprise network. It exists outside the corporate firewall, beyond the reach of endpoint detection tools, and invisible to network monitoring systems. Yet it may still have access to internal data through API connections, embedded credentials, or data exports.

This creates what security professionals describe as an 'inside-out' threat:

• Corporate data moves outside the perimeter without triggering traditional data loss prevention (DLP) tools
• Applications bypass code review processes because they are generated and deployed externally
• Security teams lack visibility because the apps do not appear in asset inventories
• Incident response is complicated because the organization may not even know the app exists until after a breach

Compared to previous security challenges like cloud misconfigurations — which affected companies like Capital One in 2019 — the vibe coding threat is potentially more diffuse and harder to detect because it is distributed across dozens of third-party platforms.

The Platforms Under Scrutiny

The research specifically identified four platforms whose users generated the bulk of the exposed applications: Lovable, Base44, Netlify, and Replit. Each serves a slightly different segment of the AI-assisted development market.

Lovable positions itself as a tool for building full-stack web applications from natural language prompts. Replit offers an AI-powered cloud development environment that has gained significant traction among both hobbyists and professional developers. Base44 focuses on rapid application prototyping, while Netlify provides deployment and hosting infrastructure that integrates with various AI development workflows.

None of these platforms are inherently malicious. The security failures stem from how developers use them — deploying applications without proper authentication, leaving default settings unchanged, and embedding sensitive credentials directly in code that AI tools generate without security awareness.

It remains unclear whether any of these platforms have issued formal responses to the RedAccess findings. However, the research raises serious questions about the responsibility these platforms bear for the security posture of applications built and hosted on their infrastructure.

What This Means for Enterprises

For CISOs and security leaders, the RedAccess findings represent an urgent wake-up call. The vibe coding trend is not slowing down — if anything, it is accelerating as AI tools become more capable and accessible. Organizations need to adapt their security strategies accordingly.

Practical steps enterprises should consider include:

• Implementing AI usage policies that specifically address vibe coding tools and external deployment platforms
• Deploying shadow AI detection tools that can identify when employees are using unauthorized AI development services
• Conducting external asset discovery to find applications built by employees on third-party platforms
• Requiring security reviews for any application that accesses corporate data, regardless of where it is hosted
• Training developers on the security risks inherent in AI-generated code, including hardcoded credentials and insecure defaults

The challenge is balancing security with the productivity gains that AI coding tools genuinely offer. Outright bans are unlikely to be effective — they simply push shadow AI usage deeper underground. Instead, organizations need governance frameworks that enable safe use of these tools.

Looking Ahead: A Growing Threat With No Easy Fix

The vibe coding security crisis is likely to intensify before it improves. The AI coding market is booming, with tools like Cursor, GitHub Copilot - AI Tool Review" target="_blank" rel="noopener">GitHub Copilot, Windsurf, and dozens of newer entrants competing to make software development faster and more accessible. Each new tool represents another potential vector for data exposure.

Regulatory pressure may eventually force change. In the United States, the exposure of medical records could trigger HIPAA enforcement actions, while in Europe, the GDPR imposes strict penalties for unauthorized data exposure — up to 4% of global annual revenue. If regulators begin connecting data breaches to vibe coding practices, both the platforms and their users could face significant liability.

The security industry is also responding. RedAccess is far from the only company focused on shadow AI risks. Firms like Wiz, Snyk, and Orca Security are expanding their platforms to address AI-related security challenges. The market for AI security tools is projected to grow substantially as enterprises grapple with the new threat landscape.

For now, the 380,000 exposed applications serve as a stark reminder: the same AI tools that make building software effortless can also make exposing sensitive data equally effortless. The industry's challenge is ensuring that speed and security are not treated as mutually exclusive goals.