Most enterprise security programs were built to protect servers, endpoints, and cloud accounts. None of them was built to find a customer intake form that a product manager vibe coded on Lovable over a weekend, connected to a live Supabase database, and deployed on a public URL indexed by Google. That gap now has a price tag. New research from Israeli cybersecurity firm RedAccess quantifies the scale. The firm discovered 380,000 publicly accessible assets — including applications, databases, and related infrastructure — built with vibe coding tools from Lovable, Base44, and Replit, as well as deployment platform Netlify. Roughly 5,000 of those assets, about 1.3%, contained sensitive corporate information. This is the shadow ai crisis unfolding in real time, and it demands immediate attention from every organization that allows citizen development.
The Scale of the Shadow AI Crisis: 5,000 Exposed Apps
RedAccess CEO Dor Zvi explained that his team uncovered the exposure while researching shadow AI for clients. Axios independently verified multiple exposed apps, and Wired confirmed the findings separately. The numbers are staggering: 380,000 publicly accessible assets, of which 5,000 held sensitive corporate data. That 1.3% figure may sound small, but in absolute terms it represents thousands of live breaches waiting to be discovered by anyone who knows where to look.
The shadow ai crisis is not a theoretical risk. These apps are real, they are live, and they are indexed by search engines. A product manager with no security training can spin up a fully functional application in hours using AI coding assistants. The resulting code often lacks authentication, encryption, or any access controls. The platform defaults make matters worse — many vibe coding tools set applications to public by default unless the user manually switches them to private.
What Kind of Data Was Exposed?
Among the verified exposures, the variety is alarming:
- A shipping company app detailed which vessels were expected at which ports.
- An internal health company application listed active clinical trials across the U.K.
- Full, unredacted customer service conversations for a British cabinet supplier sat on the open web.
- Internal financial information for a Brazilian bank was accessible to anyone who found the URL.
- Patient conversations at a children’s long-term care facility were exposed.
- Hospital doctor-patient summaries, incident response records at a security company, and ad purchasing strategies were all publicly available.
Depending on jurisdiction, these exposures may trigger regulatory obligations under HIPAA, UK GDPR, or Brazil’s LGPD. The legal and financial consequences for the organizations involved could be severe.
Why Default Settings Are Fueling the Shadow AI Crisis
Privacy settings on several vibe coding platforms make apps publicly accessible unless users manually switch them to private. Many of these applications get indexed by Google and other search engines. Anyone can stumble across them. Zvi put it plainly: “I don’t think it’s feasible to educate the whole world around security. My mother is vibe coding with Lovable, and no offense, but I don’t think she will think about role-based access.”
The defaults are the problem. When a tool prioritizes ease of deployment over security by default, every non-technical user becomes a potential vector for data exposure. Enterprise security teams cannot rely on citizen developers to understand OWASP Top 10 risks or to configure IAM roles correctly. The platform itself must enforce safe defaults, but currently most do not.
This Is Not an Isolated Finding: Escape.tech Confirms the Trend
In October 2025, Escape.tech scanned 5,600 publicly available vibe-coded applications and found more than 2,000 high-impact vulnerabilities, over 400 exposed secrets including API keys and access tokens, and 175 instances of personal data exposure containing medical records and bank account numbers. Every vulnerability Escape found was in a live production system, discoverable within hours.
Escape separately raised an $18 million Series A led by Balderton in March 2026, citing the security gap opened by AI-generated code as a core market thesis. The venture capital community clearly sees the shadow ai crisis as a major business opportunity — which underscores how serious the problem has become.
Gartner’s Dire Prediction: 2,500% More Defects by 2028
Gartner’s “Predicts 2026” report forecasts that by 2028, prompt-to-app approaches adopted by citizen developers will increase software defects by 2,500%. Gartner identifies a new class of defect where AI generates code that is syntactically correct but lacks awareness of broader system architecture and nuanced business rules. The remediation costs for these deep contextual bugs will consume budgets previously allocated to innovation.
This prediction aligns perfectly with the RedAccess findings. Vibe-coded apps are not just insecure due to missing authentication — they contain fundamental architectural flaws that traditional security scanning may not catch. A developer might write a function that works correctly in isolation but fails catastrophically when connected to a real database with millions of records.
Shadow AI Is the Multiplier: IBM Data Reveals the Cost
IBM’s 2025 Cost of a Data Breach Report found that 20% of organizations experienced breaches linked to shadow AI. Those incidents added $670,000 to the average breach cost, pushing the shadow AI breach average to $4.63 million. Among organizations that reported AI-related breaches, 97% lacked proper access controls. And 63% of breached organizations had no AI governance policy in place.
Shadow AI breaches disproportionately exposed customer personally identifiable information at 65%, compared to 53% across all breaches. Affected data was distributed across multiple environments 62% of the time. Only 34% of organizations with AI governance policies performed regular audits for unsanctioned AI tools.
VentureBeat’s shadow AI research estimated that actively used shadow apps could more than double by mid-2026. Cyberhaven data found 73.8% of ChatGPT workplace accounts in enterprise environments were unauthorized. The trend is accelerating, and the security industry is racing to catch up.
What to Do First: An Audit Framework for CISOs
The shadow ai crisis requires a structured response. CISOs cannot simply ban vibe coding — that would drive development further underground. Instead, they must implement a triage framework across five domains. Below is a starting point adapted from emerging best practices.
You may also enjoy reading: Nebius Acquires Eigen AI for $643M to Boost Inference.
Domain 1: Discovery
Current state: No visibility into citizen-built apps.
Target state: Automated scanning for vibe-coded assets.
First action: Run DNS + certificate transparency scans for Lovable, Replit, Base44, and Netlify subdomains tied to corporate assets. Use tools like Censys or Shodan to identify public endpoints.
Domain 2: Authentication
Current state: Platform defaults are public by default.
Target state: SSO/SAML integration required before deployment.
First action: Block unauthenticated apps from accessing internal data sources. Enforce that any vibe-coded app connecting to a corporate API must use OAuth 2.0 with centralized identity management.
Domain 3: Code Scanning
Current state: Zero coverage for citizen-built apps.
Target state: Mandatory SAST/DAST before production.
First action: Extend existing CI/CD pipelines to include scanning for AI-generated code. Use tools that can detect hardcoded secrets, missing authentication, and SQL injection vectors — the most common vulnerabilities in vibe-coded apps.
Domain 4: Governance
Current state: No policy for shadow AI.
Target state: Clear acceptable use policy with enforcement.
First action: Publish a policy that requires all AI-generated applications to be registered in a central catalog. Include consequences for non-compliance, but also provide approved sandbox environments where citizen developers can experiment safely.
Domain 5: Incident Response
Current state: No plan for vibe-coded app breaches.
Target state: Playbook for rapid takedown and data recovery.
First action: Create a response team that can identify and isolate public vibe-coded assets within hours. Pre-approve legal steps for contacting platform providers like Lovable or Replit to request removal of malicious or exposed apps.
Phishing Sites Add Another Layer to the Crisis
RedAccess also found phishing sites built on Lovable that impersonated Bank of America, FedEx, Trader Joe’s, and McDonald’s. Lovable said it had begun investigating and removing the phishing sites. This demonstrates that vibe coding tools are not just leaking data — they are being weaponized for fraud. The same ease of deployment that empowers citizen developers also enables malicious actors to create convincing fake login pages in minutes.
The shadow ai crisis therefore has two dimensions: accidental exposure and intentional abuse. Both require proactive monitoring and rapid response capabilities that most organizations currently lack.
The Road Ahead: Balancing Innovation and Security
Vibe coding is not going away. The productivity gains are too compelling for businesses to ignore. But the current trajectory is unsustainable. Without platform-level security defaults, without organizational governance, and without automated discovery tools, the number of exposed apps will only grow.
Security teams must shift from a mindset of prevention to one of detection and response. They cannot stop every product manager from building a quick app. They can, however, find those apps quickly, assess their risk, and either secure them or take them down. The 5,000 exposed apps discovered by RedAccess are just the tip of the iceberg. Every day that passes without a dedicated shadow AI monitoring program increases the likelihood of a costly breach.
The shadow ai crisis is here. The only question is whether your organization will be prepared when the next vulnerability scan reveals your internal data on the open web.
