Companies Are Discovering a Grim Problem With "Vibe Coding"

Lovable, a so-called "vibe coding" app that allows practically anybody to build websites and apps by using natural language by harnessing the power of artificial intelligence, has a huge cybersecurity problem. As Semafor reports, a critical security flaw has remained unfixed for months, allowing practically anyone to access critical information about the site's users, including names, email addresses, and even financial information. In March, Matt Palmer, a staffer at AI coding assistant company Replit, wrote a report finding that 170 out of 1,645 Lovable-created web apps were suffering from the same glaring security flaw, easily allowing hackers to get away with highly sensitive information. But the bug seemingly hasn't been meaningfully addressed. "Lovable later introduced a 'security scanner,' but it merely checks for the existence of any [row level security] policy, not its correctness or alignment with application logic," Palmer tweeted on Thursday. "This provides a false sens ... Read full article.