Dev.to VibeCoding · May 5, 2026 2:00 PM

7% of vibe-coded apps ship with wide-open databases

A team audited 1,764 apps built with AI coding tools like Lovable and Bolt. The numbers are bad.

7% had publicly accessible Supabase databases. Anyone with the URL could read the data.

15% of Bolt-generated apps shipped with hardcoded API keys in source.

Source: r/netsec post summarizing the audit.

If you've shipped a vibe-coded side project in the last six months, there is a real chance you are one of those apps.

Why this happens

AI coding tools optimize for the demo. Make it

Read at Dev.to VibeCoding

Was this helpful?

Amazon’s OpenAI gambit signals a new phase in the cloud wars — one where exclusivity no longer applies 2026-05-05
IBM launches Bob with multi-model routing and human checkpoints to turn AI coding into a secure production system 2026-05-05
AWS Quick's personal knowledge graph is making orchestration decisions most control planes can't see 2026-05-05
5 Mistakes Beginners Make When Vibe Coding (And How to Avoid Them) 2026-05-05

← Back to edition

7% of vibe-coded apps ship with wide-open databases

Was this helpful?

Related