AI-built app on Lovable exposed 18K users, researcher claims • The Register

A researcher found 16 vulnerabilities in a Lovable-hosted AI-generated app, exposing 18,000 users' data including UC Berkeley and K-12 students. The AI botched Supabase security setup badly enough to invert the authentication logic: legitimate users got blocked while unauthenticated requests sailed through. Attackers could modify grades, delete accounts, and read personal information. Veracode says 45 percent of AI-generated code ships with security flaws. Vibe-coding platforms make it worse by optimizing for "looks like it works" over "actually secure."

Visit Original Article →