Security researchers found thousands of web apps produced with AI coding tools that were hosted on vendor domains with little or no authentication; around 5,000 were publicly reachable and about 2,000 appeared to expose private corporate or personal records, including medical and financial files and full chatbot logs. These apps are discoverable via simple search queries because hosting on vendor domains and lax access controls let anyone reach sensitive backends or impersonate trusted brands.
— The ease of producing and hosting AI‑built apps without development governance creates a systemic privacy and security gap that could compel regulatory scrutiny of AI development platforms and change corporate accountability for cloud‑hosted app supply chains.
BeauHD
2026.05.08
100% relevant
RedAccess researcher Dor Zvi’s scan found ~5,000 AI‑coded apps on Lovable, Replit, Base44, and Netlify domains, with ~40% exposing sensitive data and examples of phishing sites impersonating major corporations.
← Back to all ideas