当 AI 协助的「vibe-coding」让任何人都能快速上线网页应用时，安全研究人员 Dor Zvi 领导的 RedAccess 发现重大外泄趋势：在 Lovable、Replit、Base44 与 Netlify 之中，超过 5,000 个 AI 生成应用缺乏几乎任何验证或其他安全控制。这些应用中约有 40% 似乎泄露敏感资讯。许多应用只要输入 URL 即可直接存取，另一些虽要求输入任意 email 等弱式检查。风险已由传统代码漏洞，转向没有安全基线的预设公开发布行为，尤其出现在非工程背景使用者与团队。

RedAccess 透过对各工具自有主机网域的简单搜寻，找出数千个应用；在可公开存取的约 5,000 个中，接近 2,000 个似乎泄露私密内容。WIRED 验证的范例包含可见医师姓名等个资的医院工作板、广告采购资料、go-to-market 简报、含完整姓名与联络资讯的客服聊天纪录、货运纪录，以及各种销售与财务纪录。有些案例还可取得管理权限，可能进一步接管其他管理者帐号；另有应用还仿冒 Bank of America、Costco、FedEx、Trader Joe’s、McDonald’s 等企业，疑似钓鱼网站。

供应商并未完全否认，但普遍归因为使用者端设定，Replit 指出公开/私有由建立者决定，Base44 与 Lovable 也提到需要妥善设定且相关案件仍在调查。Joel Margolis 与 Dor Zvi 都提醒，部分页面可能使用模拟资料，验证真实性不易，但此现象与早期 Amazon S3 误设置外泄相似，而且只统计了在供应商网域的应用，实际规模可能更大。更根本的趋势是：vibe-coding 使任何公司成员都能不经正式开发流程与安全审查便上线生产系统，将误配置资料外泄转为组织级持续性风险。

As AI-assisted “vibe-coding” lets anyone publish web apps quickly, RedAccess researchers led by Dor Zvi reported a major exposure pattern: across Lovable, Replit, Base44 and Netlify, more than 5,000 AI-generated apps had little or no authentication or other security controls. About 40% of these apps appeared to expose sensitive information. Many were openly reachable at their URLs, while some only blocked access with weak checks such as arbitrary email sign-in. The risk has shifted from coding bugs to default-public deployment behavior, especially among non-engineering users and teams.

Using simple search over the providers’ own host domains, RedAccess identified thousands of apps; close to 2,000 of the publicly reachable approximately 5,000 seemed to leak private material. WIRED-verified examples included hospital work boards with doctor-identifiable details, ad-buying data, go-to-market decks, chatbot logs containing full names and contact details, cargo records, and various sales and financial records. In some cases administrative rights were exposed, potentially allowing takeover of other administrator accounts, and some apps were hosted as phishing replicas of Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s.

Vendors did not fully deny the issue but generally attributed it to user-side settings; Replit said public or private is decided by the creator, while Base44 and Lovable said security depends on configuration and related cases were still being investigated. Joel Margolis and Dor Zvi both noted that some pages may use synthetic data, making real verification difficult, yet the pattern resembles earlier Amazon S3 misconfiguration exposures and likely extends beyond the approximately 5,000 scanned apps because only applications on provider domains were counted. The deeper trend is that vibe-coding enables any employee to launch production systems without formal development and security review, turning misconfigured data exposure into a structural, ongoing organizational risk.