We just finished scanning 1,003 vibe-coded apps across Lovable, Bolt, Replit, Vercel, Streamlit, Heroku, and others. The Supabase RLS story is well-documented by now — 7% of Lovable apps and 6% of Bolt apps have tables wide open. But RLS accounted for 183 of our 190 CRITs. The other 7 came from finding classes that are arguably worse.
1. IDOR — health records accessible by incrementing an ID
Two Replit apps had IDOR vulnerabilities:
Why vibe-coded apps are vulnerable: AI code generators create CRUD endpoints with sequential IDs and no authorization middleware
by default.
2. OpenAI keys in public JS bundles
Two Bolt.host apps shipped live sk-proj-* keys in /assets/index-*.js. Anyone can burn their API credits.
Our scanner flagged 38 apps across all platforms with hardcoded API keys — 17 on Bolt.host (1 in 15), 18 on Vercel (1 in 4).
3. Entire APIs with zero authentication
Two apps exposed full OpenAPI specs with components.securitySchemes entirely empty. Every endpoint callable without any token.
4. Private key material in production JS
One Heroku app ships PEM-format private key material inside its static JS bundle. Webpack bundled a .env value into the client code.
5. The hardcoded API key epidemic on Bolt.host
Across 251 Bolt.host apps
The pattern
AI coding tools optimize for "does it work?" not "is it safe?" The developer's prompt doesn't include "add auth middleware" because that's not a functional requirement.
Scan your own app
Enter your URL at securityscanner.dev — quick scan takes 10 seconds, no signup. Full 70-module scan:
one free, no card.
Full report with per-platform data: securityscanner.dev/reports/2026-q2
More...
1. IDOR — health records accessible by incrementing an ID
Two Replit apps had IDOR vulnerabilities:
- GET /api/bookings/{id} returns any user's booking details by iterating the ID. No auth check.
- GET /api/privacy-health/{id} returns health-related records.
Change /bookings/1 to /bookings/2. No tools needed, just a browser.
Why vibe-coded apps are vulnerable: AI code generators create CRUD endpoints with sequential IDs and no authorization middleware
by default.
2. OpenAI keys in public JS bundles
Two Bolt.host apps shipped live sk-proj-* keys in /assets/index-*.js. Anyone can burn their API credits.
Our scanner flagged 38 apps across all platforms with hardcoded API keys — 17 on Bolt.host (1 in 15), 18 on Vercel (1 in 4).
3. Entire APIs with zero authentication
Two apps exposed full OpenAPI specs with components.securitySchemes entirely empty. Every endpoint callable without any token.
4. Private key material in production JS
One Heroku app ships PEM-format private key material inside its static JS bundle. Webpack bundled a .env value into the client code.
5. The hardcoded API key epidemic on Bolt.host
Across 251 Bolt.host apps
- 17 apps (6.8%) had hardcoded API keys in JS
- 18 of 67 Vercel AI apps (26.9%) — highest rate
- Lovable: zero. Their code gen routes calls server-side by default.
The pattern
AI coding tools optimize for "does it work?" not "is it safe?" The developer's prompt doesn't include "add auth middleware" because that's not a functional requirement.
Scan your own app
Enter your URL at securityscanner.dev — quick scan takes 10 seconds, no signup. Full 70-module scan:
one free, no card.
Full report with per-platform data: securityscanner.dev/reports/2026-q2
More...