{"id":1929,"date":"2025-05-31T14:30:34","date_gmt":"2025-05-31T14:30:34","guid":{"rendered":"https:\/\/musictechohio.online\/site\/problem-vibe-coding\/"},"modified":"2025-05-31T14:30:34","modified_gmt":"2025-05-31T14:30:34","slug":"problem-vibe-coding","status":"publish","type":"post","link":"https:\/\/musictechohio.online\/site\/problem-vibe-coding\/","title":{"rendered":"Companies Are Discovering a Grim Problem With &#8220;Vibe Coding&#8221;"},"content":{"rendered":"<div>\n<div><img loading=\"lazy\" width=\"1200\" height=\"630\" src=\"https:\/\/wordpress-assets.futurism.com\/2025\/05\/problem-vibe-coding.jpg\" class=\"attachment-full size-full wp-post-image\" alt='Lovable, a \"vibe coding\" app that allows anybody to build websites with AI, has a huge cybersecurity problem.' style=\"margin-bottom: 15px;\" decoding=\"async\"><\/div>\n<p>Lovable, a so-called &#8220;vibe coding&#8221; app that allows practically anybody to build websites and apps by using natural language by harnessing the power of artificial intelligence, has a huge cybersecurity problem.<\/p>\n<p>As <a href=\"https:\/\/www.semafor.com\/article\/05\/29\/2025\/the-hottest-new-vibe-coding-startup-lovable-is-a-sitting-duck-for-hackers\"><em>Semafor<\/em> reports<\/a>, a critical security flaw has remained unfixed for months, allowing practically anyone to access critical information about the site&#8217;s users, including names, email addresses, and even financial information.<\/p>\n<p>In March, Matt Palmer, a staffer at AI coding assistant company Replit, wrote a report finding that 170 out of 1,645 Lovable-created web apps were suffering from the same glaring security flaw, easily allowing hackers to get away with highly sensitive information.<\/p>\n<p>But the bug seemingly hasn&#8217;t been meaningfully addressed.<\/p>\n<p>&#8220;Lovable later introduced a &#8216;security scanner,&#8217; but it merely checks for the existence of any [row level security] policy, not its correctness or alignment with application logic,&#8221; Palmer <a href=\"https:\/\/x.com\/mattppal\/status\/1928106325613105370?s=46\">tweeted on Thursday<\/a>. &#8220;This provides a false sense of security, failing to detect the misconfigurations that expose data.&#8221;<\/p>\n<p>Row-level security (RLS) is the &#8220;practice of controlling access to data in a database by row, so that users are only able to access the data they are authorized for,&#8221; <a href=\"https:\/\/www.nextlabs.com\/blogs\/what-is-row-level-security\/\">per security firm NextLabs<\/a>.<\/p>\n<p>Palmer and his colleagues discovered the email addresses of roughly 500 users who had engaged with a Lovable-created website that turns a LinkedIn profile into a webpage.<\/p>\n<p>Software engineer Daniel Asaria <a href=\"https:\/\/x.com\/danialasaria\/status\/1911862269996118272\">claimed<\/a> that he was able to infiltrate multiple &#8220;top launched&#8221; Lovable sites, extracting personal debt amounts, home addresses, API keys, and &#8220;spicy prompts&#8221; in a matter of just 47 minutes.<\/p>\n<p>&#8220;This isn&#8217;t a breach story (I reported it), this is a wake-up call,&#8221; Asaria tweeted in April. &#8220;Be cautious which &#8216;vibe coder&#8217; you trust with your personal data.&#8221;<\/p>\n<p>Following <a href=\"https:\/\/x.com\/mattppal\/status\/1928106414020645147\">three months of<\/a> &#8220;no meaningful remediation or user notification from Lovable,&#8221; Palmer and his colleagues <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-48757\">made their discovered bug public<\/a> on the National Vulnerabilities Database.<\/p>\n<p>&#8220;This is the single biggest challenge with vibe coding,&#8221; veteran software developer Simon Willison told <em>Semafor<\/em>. &#8220;The most obvious problem is that they\u2019re going to build stuff insecurely.&#8221;<\/p>\n<p>Lovable founder Anton Osika, however, <a href=\"https:\/\/x.com\/antonosika\/status\/1923277711524442498\">accused Replit&#8217;s CEO Amjad Masad<\/a>, who pointed out that Lovable makes it &#8220;too easy to expose private data,&#8221; of being jealous for having been overtaken in &#8220;usage and making vibe coding secure.&#8221;<\/p>\n<p>It&#8217;s truly a sign of the times, with experts warning for years now that AI coding tools could <a href=\"https:\/\/futurism.com\/the-byte\/ai-programming-assistants-code-error\">easily introduce a litany of errors<\/a> that could easily be overlooked. Researchers have also found that many of the most advanced AI models <a href=\"https:\/\/futurism.com\/openai-researchers-coding-fail\">simply don&#8217;t have what it takes<\/a> to solve the majority of coding tasks.<\/p>\n<p>The trend has some uncomfortable implications for the programming industry as a whole, <a href=\"https:\/\/futurism.com\/young-coders-ai-cant-program\">with young coders starting to heavily rely on AI tools<\/a> \u2014 which could greatly undermine their foundational knowledge, often gleaned from difficult and manual problem-solving.<\/p>\n<p>Lovable has since <a href=\"https:\/\/x.com\/lovable_dev\/status\/1928176264445399440\">pushed back on X-formerly-Twitter<\/a>, claiming that it&#8217;s &#8220;now significantly better at building secure apps than a few months ago and this is improving quickly.&#8221;<\/p>\n<p>&#8220;That being said, we\u2019re not yet where we want to be in terms of security and we\u2019re committed to keep improving the security posture for all Lovable users,&#8221; the company wrote.<\/p>\n<p><strong>More on AI coding:<\/strong> <em><a href=\"https:\/\/futurism.com\/openai-model-sabotage-shutdown-code\">Advanced OpenAI Model Caught Sabotaging Code Intended to Shut It Down<\/a><\/em><\/p>\n<p>The post <a href=\"https:\/\/futurism.com\/problem-vibe-coding\">Companies Are Discovering a Grim Problem With &#8220;Vibe Coding&#8221;<\/a> appeared first on <a href=\"https:\/\/futurism.com\/\">Futurism<\/a>.<\/p>\n<\/div>\n<div style=\"margin-top: 0px; margin-bottom: 0px;\" class=\"sharethis-inline-share-buttons\" ><\/div>","protected":false},"excerpt":{"rendered":"<p>Lovable, a so-called &#8220;vibe coding&#8221; app that allows practically anybody to build websites and apps by using natural language by harnessing the power of artificial intelligence, has a huge cybersecurity&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1176,177,1177,1178],"tags":[],"class_list":["post-1929","post","type-post","status-publish","format-standard","hentry","category-ai-code","category-artificial-intelligence","category-cybersecurity","category-vibe-coding"],"_links":{"self":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts\/1929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/comments?post=1929"}],"version-history":[{"count":0,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts\/1929\/revisions"}],"wp:attachment":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/media?parent=1929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/categories?post=1929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/tags?post=1929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}