Home / Technology / Vibe Coded Apps Expose Sensitive Data
Vibe Coded Apps Expose Sensitive Data
9 May
Summary
- 380,000 publicly accessible assets found with vibe coding tools.
- Roughly 5,000 of these assets contained sensitive corporate information.
- Shadow AI breaches added $670,000 to the average breach cost.
A recent analysis revealed that approximately 380,000 assets created using vibe coding tools are publicly accessible. Of these, about 5,000, or 1.3%, contained sensitive corporate information. This widespread exposure stems from platforms that often default to public accessibility, leaving data vulnerable if users do not manually secure it. The implications are severe, with exposed data including confidential customer service conversations, financial information, and clinical trial details.
These vulnerabilities are not new, with previous scans uncovering thousands of high-impact vulnerabilities and instances of personal data exposure. Gartner forecasts a significant increase in software defects due to prompt-to-app development. IBM's research indicates that breaches linked to shadow AI can add an average of $670,000 to breach costs, with many organizations lacking proper access controls and governance policies. The trend of actively used shadow apps is expected to double by mid-2026.
Addressing this challenge requires security teams to move beyond traditional asset discovery methods. Organizations must implement comprehensive auditing and discovery scanning across major vibe coding platforms. Failure to do so risks significant data exposure and reputational damage, as these applications often bypass conventional security inventories. The responsibility for securing these applications is increasingly falling on users who may lack security expertise, creating a critical gap that requires immediate attention from security leaders.
