"Lovable's most recent security incident involved a broken object-level authorization vulnerability that allowed free account users to access another user's profile and projects with minimal API calls. This flaw was reported on 3 March but remained unaddressed for 48 days, raising concerns about the company's commitment to security."
"The company's response to the security incidents has been criticized for downplaying the severity of the situation. Lovable claimed it did not suffer a data breach and attributed the exposed data to 'intentional behavior,' indicating a lack of accountability for the vulnerabilities present in its platform."
"Research indicates that 40-62% of AI-generated code contains vulnerabilities, and 91.5% of vibe-coded applications had at least one flaw related to AI hallucinations in Q1 2026. This highlights a significant risk in the growing reliance on AI for coding."
Lovable, a $6.6 billion vibe coding platform, has experienced multiple security incidents exposing sensitive user data and source code. A recent vulnerability allowed free account users to access private profiles and projects. Despite reporting the flaw, Lovable failed to address it for existing projects and closed the bug report prematurely. The incidents reflect a broader issue in vibe coding, where a significant percentage of AI-generated code contains vulnerabilities, and the market prioritizes growth over security, with projections indicating that 60% of new code will be AI-generated by year-end.
Read at TNW | Next-Featured
Unable to calculate read time
Collection
[
|
...
]