The promise of AI coding tools is intoxicating: describe what you want in plain English, and minutes later you have a working app. No engineers, no tickets, no waiting. It’s why platforms like Lovable, Replit, Base44 and Netlify have exploded in popularity, and why employees across every industry are quietly using them to build internal tools without ever telling IT.
The problem? A lot of those apps are sitting on the public internet, wide open.
Israeli cybersecurity firm RedAccess recently catalogued around 380,000 publicly accessible assets built on these “vibe coding” platforms. Roughly 5,000 of them contained genuinely sensitive material, and almost half of that subset held data you really wouldn’t want indexed by Google. Axios independently verified examples including a shipping company’s vessel-and-port schedules, an internal tracker of active UK clinical trials at a healthcare firm, unredacted customer service chats from a British cabinet supplier, and internal financial information from a Brazilian bank. Conversations with patients at a long-term care facility for children were also exposed.
The root cause is rarely a sophisticated breach. It’s defaults. Several of these platforms publish apps publicly unless the user actively switches them to private, and Google happily indexes the result. Separate research from Wiz found a recurring pattern of misconfigurations in vibe-coded apps: hardcoded API keys in client-side JavaScript, missing or overly permissive database access rules, and internal-only tools deployed to public URLs without authentication.
The platform vendors have pushed back to varying degrees. Replit’s CEO noted that public apps being public is expected behaviour. Wix, which owns Base44, made a similar point about user configuration. Lovable said it’s investigating. All of which is technically fair, and entirely beside the point if your finance team has just built a “quick dashboard” that anyone with the URL can read.
What this means for you
Shadow IT used to mean someone using Dropbox without permission, as experts in cybersecurity we’ve witnessed this countless times, and the consequences. Shadow AI is a different beast: non-technical employees can now ship functional applications in an afternoon, often touching real corporate data, with no review and no security baseline. The fix isn’t to ban the tools, that ship has sailed. It’s to assume staff are already using them, find out which ones, and put guardrails around access, authentication and what data is allowed to leave your systems in the first place.
If you’d like a hand auditing where this might already be happening in your business, get in touch.