Experts warn vibe-coded apps can expose sensitive data

In short: More people are using AI tools to quickly build apps, and security researchers say many of those apps are being put online with serious holes.

What's going on

So-called “vibe coding” is becoming popular, which means using an AI helper to create an app by describing what you want, then shipping it quickly. The appeal is that you do not need deep programming experience to get something working.

But several real examples show how easy it is to miss safety basics. Bob Starr launched a site called “Boomberg,” then later found it had an SQL injection risk, which is a common trick that can let an attacker read or change data in a database (like slipping a fake instruction into a form field). Starr said it was a blind spot while learning the new approach.

Other incidents were more severe. Security firm Wiz said a viral AI-built social network called Moltbook left its main database open, exposing tens of thousands of email addresses and private messages, until it was patched. Wired also reported research suggesting thousands of publicly accessible apps built with popular AI app builders had no login protection, and some appeared to leak medical and financial information.

What to watch

Security experts quoted by The Verge say the risk rises sharply when a personal project becomes something public, shared, or connected to sensitive information. They suggest treating an online app like leaving a box of secrets on the sidewalk if it has no lock. Watch for more tools that run automatic security checks by default, and for clearer guidance on basics like logins and data storage before people publish AI-built apps.

Source: The Verge AI