Lovable’s 48-day security lapse exposes the growing crisis in AI-generated code

Lovable, a fast-growing $6.6 billion vibe coding platform, left thousands of user projects exposed for 48 days due to an unpatched BOLA vulnerability that allowed unauthorized access to source code, database credentials, and personal data. This was the company’s third major security incident in a year, highlighting a broader crisis across AI-generated software, where up to 62% of code contains vulnerabilities and over 90% of vibe-coded apps show hallucination-related flaws. The platform’s handling of the issue involved denial, shifting blame, and delayed remediation, reflecting an industry-wide incentive problem that prioritizes rapid growth over security.

Read the full story on The Next Web →