Summary: Lovable, a $6.6 billion vibe coding platform with eight million users, has experienced three significant security incidents. These incidents exposed source code, database credentials, and thousands of user records. The most recent BOLA vulnerability was left open for 48 days following the closure of a bug bounty report without escalation. The events highlight a broader issue in vibe coding: 40-62% of AI-generated code contains vulnerabilities, 91.5% of vibe-coded apps had at least one AI hallucination-related flaw in Q1 2026, and market incentives prioritize growth over security as AI is projected to generate 60% of all new code by year-end.
Lovable, valued at $6.6 billion with eight million users, has dealt with recent security incidents exposing source code, database credentials, AI chat histories, and personal data of thousands on its platform. The latest issue, disclosed on April 20 by a security researcher, involved a broken object-level authorization vulnerability in Lovable’s API. This flaw allowed users with free accounts to access another’s profile, public projects, source code, and database credentials in a few API calls. Reported to Lovable’s bug bounty on March 3, the flaw was patched for new projects but remained for existing ones, with a follow-up report closed as a duplicate. It remained unfixed for 48 days.
Lovable’s response was more revealing to researchers than the vulnerability itself. Initially, they claimed no data breach occurred, calling the data exposure “intentional behavior” and blamed unclear documentation about what “public” means. They further blamed their bug bounty partner HackerOne for closing reports without escalation. A partial apology followed, acknowledging that documentation alone was insufficient. Cybernews criticized their response as an ego trip denying vulnerability and blaming others.
What was exposed
Projects created before November 2025 were affected in the April incident. The researcher showed that extracting a user’s source code via Lovable’s API also exposed hardcoded Supabase database credentials. Affected projects included one from Connected Women in AI, revealing user records with names, job titles, LinkedIn profiles, and Stripe customer IDs. Involved organizations included Accenture Denmark and Copenhagen Business School, with Lovable accounts linked to employees at Nvidia, Microsoft, Uber, and Spotify exposed.
The third recorded security incident on the platform occurred in February when tech entrepreneur Taimur Khan identified 16 vulnerabilities, six critical, in a prominent app on Lovable’s Discover page. The most severe was reversed authentication logic allowing anonymous access while blocking authenticated users. The app exposed 18,697 records, including 4,538 student accounts, likely involving minors from UC Berkeley and UC Davis. Khan reported this through Lovable’s support channel, but his ticket was closed without a response.
A May 2025 study found that 170 out of 1,645 sampled Lovable-created apps had issues permitting access to personal information. About 70% of Lovable apps had fully disabled row-level security.
The structural problem
Lovable’s insecurity is not unique but rather representative. It generates full-stack applications using React, Tailwind, and Supabase through natural language prompts, an approach termed vibe coding by Andrej Karpathy in February 2025. This method allows app creation by AI without manual coding. Vibe coding was named Word of the Year for 2025 by Collins English Dictionary, with Gartner projecting 60% of new code from AI by year-end.
Security data across vibe coding is consistent: 40-62% of AI-generated code contains vulnerabilities. AI-written code has flaws 2.74 times more frequently than human-written code, with a first-quarter 2026 assessment finding 91.5% of vibe-coded applications containing AI hallucination vulnerabilities. Over 60% exposed API keys or database credentials publicly. Vulnerability classes common across major vibe coding platforms include disabled row-level security, hardcoded secrets, missing webhook verification, injection flaws, and broken access controls.
Bolt.new defaults to row-level security being off. Cursor has patched multiple CVEs, including a case-sensitivity bypass for remote code execution. Pillar Security researchers demonstrated a “rules file backdoor” attack, with hackers injecting malicious instructions into configuration files used by Cursor and GitHub Copilot. A separate “Agent Commander” attack in March converted autonomous coding tools into remotely controlled malware platforms. In January, a breach within days of launching vibe-coded social network Moltbook exposed 1.5 million API tokens and 35,000 email addresses due to misconfigured Supabase database protections.
The economic incentive problem
<a href="