Thousands of AI-Built Web Apps Expose Sensitive Corporate and Personal Data
While platform providers attribute the risk to user configuration errors, experts warn that the rapid rise of non-technical staff building software without security vetting creates a significant vulnerability for organisations.
Security researchers at RedAccess have identified more than 5,000 web applications constructed using artificial intelligence tools that lack basic security or authentication measures. The investigation focused on platforms including Lovable, Replit, Base44, and Netlify, revealing that approximately 40 per cent of these applications expose sensitive corporate and personal information to the public internet.
The exposed data includes medical records, financial details, and customer chat logs. In specific instances, the unsecured applications allowed unauthorised access to administrative privileges or functioned as phishing sites impersonating major corporations such as Bank of America and McDonald's. Researchers found that some of these apps contained real private information, including a hospital's work assignments with doctors' personally identifiable information and a retailer's full logs of customer conversations.
RedAccess, led by Dor Zvi, located the vulnerable applications by searching the AI companies' own domains using standard search engines. While the firms involved state that public exposure results from user configuration choices rather than platform vulnerabilities, the researchers confirmed that some apps contained genuine private data. Replit, Lovable, and Base44 have responded by noting that their tools allow users to choose whether apps are public or private, though they have not fully disputed the existence of the exposed applications.
The issue mirrors a previous epidemic of data exposure caused by misconfigured Amazon S3 storage buckets, where user error and confusing security settings led to massive leaks. Security experts note that AI coding tools execute exactly what they are asked to do; without explicit instructions to prioritise security, the resulting applications often lack necessary safeguards. This trend is exacerbated by the rise of "vibe coding," which allows non-engineers within organisations to create applications instantly, bypassing traditional software development cycles and security vetting processes.
Verifying the authenticity of the exposed data remains difficult, as some information on unsecured apps may be placeholder or AI-generated content. However, RedAccess contacted the apparent owners of several exposed apps, receiving confirmation that data was leaked and, in some cases, screenshots of users thanking the researchers for alerting them to the issue. The total scale of the problem may also be underreported, as the 5,000 apps identified were only those hosted on the AI companies' own domains.
