Apps Built with AI Leaked Sensitive User Data, Security Report Reveals

Rapid Growth of AI-Generated Software Exposes Sensitive Data on the Open Internet

Thousands of web applications created using AI coding tools have reportedly exposed sensitive corporate and personal data on the open internet, highlighting the security risks linked to the rapid growth of AI-generated software. Israeli cybersecurity firm RedAccess discovered nearly 380,000 publicly accessible assets linked to these platforms, with around 5,000 applications lacking proper security protections.

Researchers found that nearly 40% of the exposed apps contained sensitive information, including medical records, financial documents, and internal business files. The findings, first reported by Axios and later detailed by Wired, showed that many of the apps were created by users with little or no cybersecurity training. This lack of training and understanding of security controls is a major concern, as several applications reportedly allowed anyone with a web link to access stored information without authentication.

The problem reflects the growing popularity of "vibe coding", a trend in which users build software through simple text prompts rather than traditional programming. This ease of use has made app development faster and easier, but experts warn that many users may not fully understand privacy settings or security controls before publishing apps online.

Read also: Treasury Yields Experience Largest Increase in Two Weeks Following Release of Labor Market Data

According to the report, some exposed applications contained chatbot logs with customer names and contact details, shipping records, hospital schedules, and company strategy documents. The companies named in the report, including Replit, Lovable, Base44, and Netlify, pushed back against claims that their platforms were directly responsible for the leaks.

However, experts say the incident highlights a wider challenge as AI tools become more common in workplaces. Analysts warn that poorly secured AI-built applications could create risks for businesses, especially when employees develop internal tools without formal oversight. Researchers are now urging companies to introduce stricter checks, stronger access controls, and regular audits for AI-generated applications before they are deployed online.

Note: The above table shows the number of exposed assets and the percentage of sensitive data for each company mentioned in the report.

Read also: US-Iran Tensions Spark Uptick in Oil Prices Amid Global Market Decline