Analysis of Lovable AI data exposure reports and Vibe Coding security risks (21.4.2026)

[Eyal Estrin]

I keep finding vibe coded apps that leak user data, and I'm not even looking for it
https://www.xda-developers.com/keep-finding-vibe-coded-apps-leak-user-data/

Lovable AI App Builder Reportedly Exposes Thousands of Projects Data via API Flaw
https://cybersecuritynews.com/lovable-ai-app-builder-customer-data/

Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
https://www.theregister.com/2026/04/20/lovable_denies_data_leak/

Lovable denies data breach, says public settings are ‘intentional’
https://economictimes.indiatimes.com/tech/startups/lovable-denies-data-breach-says-public-settings-are-intentional/articleshow/130399295.cms

Lovable denies mass data breach
https://sifted.eu/articles/lovable-denies-data-breach

Eyal Estrin
Author | Cloud Architect | AWS • Azure • GCP Insights
Social: @eyalestrin
Connect: https://linktr.ee/eyalestrin Blog: https://security-24-7.com