Shadow AI Apps Expose Corporate Data: The New Attack Surface

Imagine a customer intake form built over a weekend by a product manager using a no-code AI tool, connected to a live database, and deployed on a public URL—all without a single security review. This scenario is no longer hypothetical. New research reveals that thousands of such 'vibe-coded' applications are leaking sensitive corporate information, creating a crisis reminiscent of the infamous S3 bucket exposures of the past decade.

The Scale of Shadow AI Exposure

Israeli cybersecurity firm RedAccess recently conducted a sweeping scan of publicly accessible assets generated by popular vibe-coding platforms, including Lovable, Base44, Replit, and the deployment service Netlify. The firm discovered a staggering 380,000 applications, databases, and related infrastructure openly available on the web. Among these, approximately 5,000 assets—roughly 1.3%—contained sensitive corporate data. Axios and Wired independently verified multiple instances of exposed applications, confirming the findings.

Types of Data at Risk

The exposed information spans industries and jurisdictions, creating potential regulatory headaches. Verified examples include:

• A shipping company app revealing vessel schedules and port arrivals.
• An internal health application listing active clinical trials across the U.K.
• Full, unredacted customer service transcripts for a British cabinet supplier.
• Internal financial records belonging to a Brazilian bank.
• Patient conversations from a children's long-term care facility.
• Hospital doctor-patient summaries and incident response logs from a security company.
• Advertising purchasing strategies.

Depending on the jurisdiction, these exposures could trigger obligations under HIPAA, UK GDPR, or Brazil's LGPD. Additionally, RedAccess identified phishing sites built on Lovable that impersonated Bank of America, FedEx, Trader Joe’s, and McDonald’s. Lovable stated it had begun investigating and removing those sites.

Why Default Settings Matter

A core issue lies in the default privacy configurations of several vibe-coding platforms. Many make applications publicly accessible unless users manually switch them to private. This oversight is compounded by the fact that these apps often get indexed by Google and other search engines, making them discoverable by anyone. Dor Zvi, CEO of RedAccess, highlighted the challenge: “I don’t think it’s feasible to educate the whole world around security. My mother is vibe coding with Lovable, and no offense, but I don’t think she will think about role-based access.”

A Growing Body of Evidence

This is not an isolated finding. In October 2025, security firm Escape.tech scanned 5,600 publicly available vibe-coded applications and uncovered more than 2,000 high-impact vulnerabilities. Among them were over 400 exposed secrets—including API keys and access tokens—and 175 instances of personal data exposure, including medical records and bank account numbers. Crucially, every vulnerability was found in a live production system and could be discovered within hours. Escape.tech later raised an $18 million Series A led by Balderton in March 2026, citing the security gap opened by AI-generated code as a core market thesis.

Conclusion: A New Attack Surface Requires New Defenses

The rapid adoption of vibe-coding tools has democratized software development but also introduced a massive shadow IT risk. Traditional enterprise security programs were designed to protect servers, endpoints, and cloud accounts—not applications born from a weekend coding session. As Gartner’s “Predicts 2026” report notes, organizations must now contend with a sprawling, unmanaged attack surface. The lesson is clear: without proactive discovery and governance, these shadow AI apps will continue to expose sensitive data, much like the S3 buckets of yesteryear.