Researchers Find 5,000 AI-Built Apps Exposed, With Nearly 2,000 Leaking Sensitive Data
Updated
Updated · The Verge · Jun 22
Researchers Find 5,000 AI-Built Apps Exposed, With Nearly 2,000 Leaking Sensitive Data
1 articles · Updated · The Verge · Jun 22
Summary
Red Access found roughly 5,000 publicly accessible apps built with vibe-coding tools that lacked authentication, and nearly 2,000 appeared to expose medical, financial, strategy and chatbot data.
Wiz uncovered a similar flaw in Moltbook, an AI-built social network launched in January, where an open production database exposed tens of thousands of email addresses and private messages before the bug was patched.
Security experts said the main risk is not just buggy code but amateurs pushing local AI-made projects onto the public internet or into business use without understanding cloud settings, access controls or threat models.
Tools from Anthropic, OpenAI, OWASP and security vendors can scan for flaws, but reviewers said they usually require explicit setup or prompts, leaving many casual builders with false confidence and little protection by default.
The broader concern is that AI is accelerating software creation across hobbyists and companies faster than security practices can keep up, raising the prospect of more code shipping without any human review.