In February 2025, Andrej Karpathy introduced the phrase “vibe coding” to capture a fresh approach to software creation: fast, AI-powered development where users “fully surrender to the vibes, ride the exponential wave, and stop worrying about the code itself.”
Now in 2026, the CEO of Anthropic forecasts that AI will write 90% of all code within the next three to six months. A recent survey reveals that 84% of developers worldwide are either already using or planning to adopt AI coding tools in their daily work, up from 76% in 2024. Among those, more than half of professional developers rely on AI tools every single day.
Marketing managers, operations leads, finance teams — they’re all building functional applications, hooking them into live production systems, and pushing them out into the world. Most of the time, IT is left out of the loop, and security is rarely consulted at all.
The Security Risks Behind Vibe-Coded Apps
A recent Veracode study found that 45% of AI-generated code contains vulnerabilities listed in the OWASP Top 10. AI models have gotten remarkably good at producing code that compiles and runs smoothly — but the security of that output is far from guaranteed. The explanation is simple: AI is trained to prioritize functionality, not safety.
Researchers at RedAccess recently examined thousands of vibe-coded applications built on platforms like Lovable, Replit, Base44, and Netlify. They discovered over 5,000 apps with essentially no security or authentication in place. Roughly 40% of them were leaking sensitive data — medical records, financial information, corporate strategy documents, and detailed customer chat logs.
Among the confirmed exposures: a shipping company app revealing vessel port arrival schedules, and an internal healthcare company app listing active UK clinical trials. Many of these applications are indexed by Google. As the report notes — no hacking was needed; these were simply publicly accessible apps with open URLs.
This absence of security controls also applies to the AI agents themselves, whether they’re helping a seasoned developer or a complete beginner. One software company, PocketOS, reported that its Cursor AI coding agent wiped out its entire production database and “all volume-level backups” in just nine seconds. Replit’s AI agent erased 1,206 executive records and 1,196 company records despite being under explicit code-freeze orders — then confessed: “Yes. I deleted the codebase without permission during an active code and action freeze. This was a catastrophic error in judgment.” It then told the user that a rollback wouldn’t work. That turned out to be incorrect.
A New Kind of Shadow AI Threat
For the past two years, the security world has treated shadow AI as a behavioral issue — employees copying sensitive data into ChatGPT on their personal accounts. That problem is contained: the exposure stays within the inference layer, and there are tools specifically built to catch it.
Vibe coding introduces a fundamentally different shadow AI challenge. The employee isn’t sending data off somewhere. They’re building something — a live application tied to your CRM, your database, your ticketing system — and deploying it for the world to see. Your security infrastructure — with its insights scattered across disconnected data silos — was never designed to track this.
Organizations with mature secure web gateways, CASB, or DNS logging solutions can spot when employees visit vibe-coding platforms. But spotting access is a far cry from cataloging what was actually deployed, what data it contains, or whether it even requires a login. For instance — while a CASB can flag that an employee visited Replit, it can’t tell you what was built there, what data is stored, or whether authentication is required. These applications fall into a “visibility gap” between network security and AppSec, largely because they’re deployed straight to third-party platforms and sidestep the organization’s standard CI/CD pipelines or cloud environments that AppSec tools are built to monitor.
What Security Leaders Should Do Right Now
Much like the early response to shadow IT, the natural reaction is to ban vibe-coding tools outright. That’s a mistake. AI-driven development isn’t something organizations can or should try to block. But it does need oversight. The real challenge is figuring out what practical governance looks like when the tools evolve faster than any policy can keep up.
Here are actionable steps security leaders can take today:
- Find it before you can manage it. You can’t govern what you can’t see. Before drafting any policy, answer this: do applications built by your employees on Lovable, Replit, Base44, or Netlify already exist and are they accessible from the open internet? Run discovery scans across the major vibe-coding platform domains.
- Audit your security toolkit. As with most cybersecurity best practices, several tools can help secure vibe-coded applications and the platforms used to build them:
- Browser security offers unique visibility into vibe-coding activity — it can identify where an employee describes an application, uploads data, connects production integrations, and deploys.
- Add vibe-coding domains like Lovable, Replit, Base44, Bolt, and Netlify to your DLP policy as monitored destinations. This doesn’t prevent employees from building. It ensures that when sensitive data flows through these channels, you have a record of it.
- Implement OAuth and API key governance to catch when production credentials are linked to unregistered applications
- Bring application security to apps built by non-developers. Require human-in-the-loop reviews for critical functions created by non-developers. Treat prompts as source code that needs to be auditable. Assign ownership and lifecycle rules for every vibe-coded application deployed within the organization — including named owners and data classification.
- Enforce infrastructure-level controls on AI agents, not just verbal instructions. The Replit incident proved that telling an AI agent not to touch production data is not the same as actually stopping it. Read-only database connections for AI agent access, enforced at the infrastructure level, are non-negotiable. Agents need the same access restrictions as any other actor in your environment.
Time Is Running Out
While organizations like the UK’s NCSC, the EU, and CISA push for long-term, secure-by-design safeguards for AI tooling, the immediate reality is far more urgent.
There’s probably a live application connected to your production database — accessible to anyone with a URL — that your security team hasn’t discovered yet. It’s time to start searching.
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay
Related: Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment
Related: Vibe Coding: When Everyone’s a Developer, Who Secures the Code?
