The hottest new vibe coding startup may be a sitting duck for hackers

Even if AI models write flawless code, vibe-coded software can still have major security flaws because of how it’s implemented.

The models generating code can’t yet see the big picture and scrutinize how it will ultimately be used. They might be able to provide guidance on that topic, but inexperienced users might not even know the right questions to ask.

Lovable, for instance, uses AI models to create websites instantly. But for websites to do much of anything, they need to be connected to databases that store things like user accounts and payment information.

Lovable doesn’t build those databases itself. It offers users an easy way to connect to a database service run by a startup called Supabase.

On March 20, Replit employee Matt Palmer noticed a vulnerability in a Lovable-created website called Linkable, which would automatically turn anyone’s LinkedIn page into a personal website. According to the report, Palmer was able to see the email addresses of the 500 or so users who had engaged with the app.

The reason, he discovered, was that the Supabase database was not configured correctly. Palmer tweeted on X at Lovable co-founder and CEO Anton Osika, notifying him of the problem. Palmer said Lovable told him there was no issue.

The following day, Palmer and his colleague, Kody Low, did the deeper analysis that turned up 170 vulnerable Lovable sites.

On April 14, another software engineer posted on X that he had “hacked” multiple websites on the Lovable recommendation page. In 47 minutes, he said he had turned up personal debt amounts, home addresses, API keys, and “spicy prompts.” He posted a screenshot of a prompt one user had entered into a Lovable-created app that read: “Beautiful girl with big …”

Lovable responded to the scrutiny by announcing it had implemented a new feature that it said “scans your app for security issues before you publish.”

But according to the vulnerability report, the security scan only does one thing: It determines whether Supabase access controls are enabled. It doesn’t surmise whether they are configured properly — something even seasoned software developers can get wrong.

Alex Stamos, chief information security officer at cybersecurity firm SentinelOne, said the best practice for web apps is to avoid letting users access the database at all. Instead, the application determines what information users should be able to access and then fetches that data.

In that sense, it’s sort of like delivering a person’s mail to their house, rather than letting them wander into the post office while trying to keep them from grabbing someone else’s mail.

But that method can be complex. When Stamos was chief security officer at Facebook, he said, the biggest drain on compute resources was access control, determining which data users could see and then serving them the relevant content.

Allowing users to connect directly to a database is risky, he said. “You can do it correctly. The odds of doing it correctly are extremely low.”

In an X thread in April, Lovable told its users that when they build a website with their service, it’s “pretty much guaranteed to be secure.” The company also acknowledged that using Supabase can expose data if it’s not configured properly.

For sensitive data, Lovable suggested a “human security review,” putting some responsibility on its vibe-coding customers to handle the task.

It finished the thread by saying “Lovable will help you keep your app secure, even if you don’t know anything about security. We’re making vibe coding secure.”

When Replit CEO Amjad Masad called out Lovable on X, Mosika fired back. “1. Be Replit founder 2. Have a decade-long head start 3. Watch small EU competitor, Lovable, surpass you in usage and making vibe coding secure 4. Copy it 4 weeks later 5. Bash Lovable for not being secure,” he wrote.

Palmer decided to submit an official vulnerability to report to the National Vulnerabilities Database, which gave Lovable 45 days from the time it was notified by Palmer before the report was made public.

“Vibe coding has done wonders to democratize software development,” Masad said in a statement. “We can’t expect novice developers to audit low-level security configs. If a tool makes it easy to deploy an app, it should also make it hard to accidentally expose sensitive data.”

In the mid-1990s, when the consumer web was new, hackers regularly exploited lax security with techniques that today would seem rudimentary.

Over time, basic security became commonplace and hackers had to become more sophisticated. Today, hackers, who are often state-sponsored, use automated tools to scan the internet looking for low-hanging fruit — computers that haven’t patched known vulnerabilities or people who reuse the same passwords on multiple websites.

With vibe coding, apps and websites are being created with security standards reminiscent of the 1990s. Meanwhile, hackers are using more advanced tools.

“In the 90s, attackers were growing up with the defenders,” Stamos said. Today, “you’ve got vibe coders going up against hardened North Koreans.”

On X and Reddit, vibe coders have posted about building apps and promptly getting hacked because of their lack of security knowledge. “Guys, I’m under attack,” one vibe coder posted in March. “As you know, I’m not technical so this is taking me longer than usual to figure out.”

Isaac Evans, CEO of security firm Semgrep, says the problem creates an opening for firms that automate the security layer of vibe-coded apps. Semgrep offers a service that identifies vulnerabilities in software systems. At some point, Evans said, tools like Semgrep may be an important part of the vibe coding process. “It’s a great time to be in security,” he says.

That could be one reason Mosika posted a meme photo on X of two men doing a very bad job of laying bricks. The text overlaid reads: “Just keep vibe coding. We can always fix it later.”

Lovable’s mistake isn’t the security vulnerability itself, but the way it has handled communication with its customers. It promises that apps created with its service are secure and simultaneously puts the onus on its customers to secure their own apps.

It wouldn’t be unreasonable for a vibe coding startup to tell users that it can’t be responsible for securing the apps they create. Since the dawn of the web, it has always been online services that are liable for security, privacy and other issues, not the tools used to create the online services.

Vibe coding should be treated as a new category of software, rather than simply a tool to create it. The apps that facilitate vibe coding should also build sandboxes around those apps, limiting the damage they can do.

That would also limit the functionality of those apps, but it would create clear lines for liability. If you take your app outside the sandbox to turn it into a business, the consequences are on you.

The sandbox approach is part of what Replit is trying to do, and no doubt a big part of its motivation for calling out security issues with different approaches.

In the meantime, vibe coders need to understand that what they create is likely full of security holes that will be exploited as soon as they’re exposed to the web.