The AI coding tools letting anyone “build” software without engineering skills are also letting medical records, financial data and Fortune 500 internal docs leak onto the open web, security researchers say. AI coding tools are enabling employees without engineering or cybersecurity training to publish internal tools publicly, often without company oversight or basic access controls. Israeli cybersecurity firm RedAccess told Axios it found 380,000 publicly accessible assets built with tools from Lovable, Base44, Replit and Netlify, including about 5,000 containing sensitive corporate data. RedAccess CEO Dor Zvi said his team found the apps while researching “shadow AI” — unauthorized employee use of AI tools — for customers. Researchers said privacy settings on some of the vibe-coding tools were set to make the apps publicly accessible unless users manually changed them to private.

Full report : Researchers found that thousands of AI-built apps are exposing sensitive corporate and personal data.