Researchers found that over 5,000 web applications built with AI coding platforms like Lovable, Base44, and Replit lacked proper authentication controls. Approximately 40% of these apps exposed sensitive data.
A security analysis revealed widespread vulnerabilities in web applications generated by popular AI coding tools, raising concerns about the rapid deployment of untested code.
Researchers examined thousands of applications created using platforms that promise to let anyone build functional web apps in seconds. The study found that more than 5,000 apps had little to no authentication mechanisms in place, leaving user data and application logic exposed to unauthorized access.
Among the surveyed applications, roughly 40% exhibited active data exposure issues. These ranged from unprotected API endpoints to publicly accessible databases and exposed credential information. The vulnerabilities suggest that AI tools, while accelerating development speed, are not adequately guiding users toward security best practices.
The affected platforms—Lovable, Base44, Replit, and Netlify—have democratized web development by automating code generation. However, the security findings indicate a critical gap between ease of use and production-ready security standards.
The research highlights a growing tension in the AI development space: as tools lower barriers to entry for non-technical users, they may inadvertently enable the creation of poorly secured applications at scale. Default configurations often lack authentication, and many users may not understand the security implications of their choices.
Platform developers have been contacted about the findings. The situation underscores the need for stronger default security settings and clearer guidance on implementing authentication and data protection in AI-assisted development tools.
For organizations using these platforms, the research recommends conducting security audits of generated applications and implementing proper authentication before deploying to production.
Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.
Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.
Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.
Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.