It's just after 11 p.m. on a Saturday night, and I'm at my desk with a laptop I wiped clean just for this test, staring at a security warning I basically asked for.
Lovable has just finished building my app, a small event RSVP page, and before it lets me publish, it pops up its own scanner with two flags marked "critical." Any stranger on the internet, it tells me, can read every guest's name and email the moment this thing goes live.
New RSVPs would be broadcasted live as well, allowing anyone who had the page open to see the names and emails of those signing up. But then I clicked Publish anyway.
I did this even though I understood the risks because that's what many vibe coders would do after hours of prompting. Once you have an app that works and a URL to share, it’s hard to stop and think about security issues.
And this is a growing concern. In a recent scan conducted by cybersecurity company RedAccess, more than 5,000 publicly accessible AI-built apps had little or no security, and about 40% exposed sensitive data.
This made me wonder if Lovable was just an exception or if every single AI coding tool is still going to allow me to deploy insecure code if I’m not careful.
Subscribe for free to continue reading this article
Subscribe SubscribeAlready Have an Account? Log In
