Security researchers have identified more than 5,000 publicly accessible web apps created with AI coding tools that reportedly lacked proper security protections or authentication systems.
According to a report from Wired , researcher Dor Zvi and his team at RedAccess analyzed thousands of applications built using AI development platforms, including Lovable, Replit, Base44, and Netlify.
The researchers said many of the applications allowed anyone with the web address to access the app and its data, while others only required basic email sign-in steps.
Zvi said roughly 40% of the identified apps exposed sensitive information.
The report said the exposed data included medical information, financial records, corporate strategy documents, cargo records, sales information, and chatbot conversation logs containing customer names and contact details.
Some of the applications reportedly also allowed administrative access that could enable users to remove other administrators or gain broader control over systems.
According to the report, researchers identified the vulnerable applications through Google and Bing searches because many AI development tools host applications directly on their own domains instead of separate customer domains.
The report also said researchers found phishing websites hosted on Lovable’s domain that appeared to imitate companies including Bank of America, Costco, FedEx, Trader Joe’s, and McDonald’s.
Zvi said the rapid rise of AI-generated applications is allowing employees to create and deploy tools without traditional development reviews or security checks.
He warned that organizations may be unintentionally exposing sensitive information through these applications without realizing the risks involved.
📢 For the latest Tech & Telecom news, videos and analysis join ProPakistani's WhatsApp Group now!
Follow ProPakistani on Google News & scroll through your favourite content faster!
Shares
