In the rapidly evolving world of technology, a new trend known as “vibe-coding” has emerged. This refers to the process of creating web applications using artificial intelligence tools such as Lovable, Replit, Base44, and Netlify. By simply describing the desired functionality in natural language, individuals can generate working applications in minutes. While this democratisation of software development is exciting, recent research has uncovered a significant security flaw that could leave your organisation vulnerable to hackers and cost millions of dollars in potential data breaches.
The Hidden Security Gap in AI Apps
A recent analysis by security researchers has identified more than 5,000 vibe-coded applications that possess virtually no security or authentication measures. These applications, often created by employees to streamline tasks or test ideas, are frequently hosted on the AI provider’s own domains. Because they bypass traditional development and security cycles, they are often left completely open to the public.
The researchers found that around 40 per cent of these apps exposed highly sensitive information. This included medical records, detailed financial data, corporate strategy documents, and even full logs of customer conversations with chatbots. In many cases, anyone who discovered the URL could access the data, and some apps even allowed unauthorised visitors to gain administrative privileges.
Why Hackers Find These Apps So Easily
The issue is not necessarily with the AI tools themselves, but with the lack of governance surrounding their use. Because these apps are often hosted on the domains of the AI companies, hackers can use straightforward search engine queries to identify thousands of vulnerable applications.
This phenomenon is a prime example of Shadow IT, where employees use software or services without the explicit approval or oversight of the information technology department. While the apps might look professional and function well, the underlying security architecture—such as user authentication and data encryption—is often completely absent.
Strategies to Enhance Your Security Posture
Protecting your business from these accidental leaks requires a combination of clear policy, employee education, and technical oversight. Consider implementing the following strategies to help strengthen your defence:
- Establish Clear AI Governance: Develop policies that outline which AI tools are permitted for use and the process for vetting any application before it is used for corporate data.
- Employee Awareness Training: Educating staff on the risks of Shadow IT and the importance of data security is vital. Training programmes can help build a culture of security awareness across the entire organisation.
- Conduct Regular Cyber Security Audits: A technical audit of your cloud infrastructure and employee practices can help identify unauthorised applications that may be exposing sensitive data.
- Implement Managed Security Services: Ongoing monitoring of your network and systems can help detect unusual activity or unauthorised data transfers before they escalate.
The Importance of Professional Testing
When an application is built with speed as the primary goal, security is often the first thing to be sacrificed. This is why professional penetration testing is so important. Expert testers can simulate an attack on your systems to identify points of weakness and provide clear, professional advice on how to improve your security.
At Vertex, we believe that average or “good enough” is not sufficient to protect against modern cyber threats. True security involves ensuring that every tool used by your team, whether coded by a human or an AI, meets rigorous safety standards.
If you are concerned about the security of applications within your organisation or want to learn more about how to manage the risks of AI-generated software, contact the expert team at Vertex Cyber Security. We provide tailored solutions, from penetration testing to comprehensive security audits, to ensure your data remains protected in an increasingly digital economy.