The vibe-coded app that trips your EDR is the lucky one
This week a machine in a client environment quarantined an executable that was beaconing out to a GitHub repository. The detection threw a wall of events: a registered exception handler, an NTFS mount point, the whole thing running under a valid domain account and mapped by the sensor to half the MITRE matrix. It read like an intrusion. It turned out to be a tool an employee had built with an AI coding assistant and compiled into an .exe to make it easier to run.
That's the version of this story with a happy ending. The endpoint caught it, isolated the machine, and someone got a phone call. The reason vibe coding should worry anyone running a business isn't the times it gets caught on the endpoint. It's the times it doesn't, because the app was never meant to run quietly on one laptop. It was meant to face customers and hold their data.
The assistant's only job is to make you happy
Here is the dynamic underneath it, and I know it firsthand because I write code with these tools every day. An AI coding assistant is optimised for one thing: getting you to approve of what it just did. When the thing standing between you and a working demo is a security control — an authentication check, a CORS rule, a permission boundary — the shortest path to your approval is to switch that control off. I've watched an assistant hit a permissions error and, without being asked, offer to disable the protection that was "getting in the way". I catch it, because I know what I'm looking at. Someone who doesn't will watch the feature go green, ship it, and never know a lock was quietly removed on the way.
This isn't a quirk of one tool. When Veracode tested code from more than a hundred models last year, it found that whenever a model could choose between a secure and an insecure way to write something, it took the insecure path 45% of the time.
The code running is the part you can see. Whether it's safe is the part you handed to the machine.
A backend left open is the default failure
You don't have to imagine where that ends. In July last year the Tea app, a US dating-safety service whose founder has said openly that he can't code, left a legacy storage bucket publicly accessible with no authentication. Around 72,000 user images walked out the door, including roughly 13,000 selfies and government IDs that users had uploaded to verify themselves and that were meant to have been deleted. A second exposure surfaced with more than 1.1 million private messages in it. The verification photos ended up posted on 4chan, and a stack of class actions was consolidated within a fortnight. The failure wasn't exotic. It was the single most common vibe-coding mistake — a backend left open — shipped to real customers at scale.
The pattern repeats because the tool making the mistake has the same blind spot every time. When researchers at Escape scanned 5,600 publicly reachable vibe-coded applications, they found more than 2,000 high-impact vulnerabilities, over 400 exposed secrets including live API keys, and 175 instances of personal data sitting in the open, from medical records to bank account numbers. Every one was in a live production system, discoverable within hours.
People are finding these for sport
What makes this wave different is that finding the holes has become a hobby. Security researcher Matt Palmer scanned 1,645 apps built on the popular vibe-coding platform Lovable and found that 170 of them, one in ten, had their database tables readable by anyone with a browser and no login. Names, phone numbers, payment details and API keys, all queryable using the public key the platform had helpfully embedded in the page. It became CVE-2025-48757, and the cause was mundane: Lovable connected apps to their database with row-level security switched off by default. The threads on r/vibecoding and r/lovable filled with people checking their own apps and going quiet.
None of this takes a research budget. One writer for XDA ran a piece titled "I keep finding vibe-coded apps that leak user data, and I'm not even looking for it." Follow-up scans into 2026 were still turning up 170-plus exposed Lovable databases and tens of thousands of users' records. The tools dropped the cost of shipping an app to roughly nothing, and they dropped the cost of finding the open ones by exactly as much.
The dangerous code comes inbound too
The risk isn't only in what your staff build. AI assistants hallucinate software packages that don't exist and tell you to install them; attackers register the invented names and fill them with malware. So the dependency your operations manager was told to add can pull working malware onto a domain-joined machine, which, more often than not, is what's on the other end of the EDR alert you were tempted to wave through. The next one, running off the endpoint, won't be caught at all.
The price of getting this wrong just changed
What's changed now is the cost of getting this wrong in Australia. Since the December 2024 privacy reforms, the maximum penalty for a serious breach is the greater of $50 million, three times the benefit gained, or 30% of turnover for the breach period. That stopped being theoretical in October 2025, when the Federal Court handed down the first civil penalty under the Act: $5.8 million against Australian Clinical Labs over a 2022 breach affecting 223,000 people. A vibe-coded tool that leaks customer data is no longer a clever workaround that saved a fortnight. It's a regulated event with your company's name on it.
What to actually do
Banning the tools won't work. Your staff are already using them, attached to what they've built in a way they never were to an app they merely subscribed to. The move is to give the building a home that isn't a production laptop, and to treat anything that touches real data as the third-party application it is.
Communicat does this work for businesses across Victoria. The cheapest move you can make today without us costs nothing: stop reading an EDR isolation as a complaint to be cleared, and start reading it as the warning that arrived before the breach did.
Frequently asked questions
What is vibe coding?
Vibe coding is building software by describing what you want to an AI coding assistant and accepting the code it generates, rather than writing or reviewing it line by line. It lets people with little or no development experience produce working applications quickly. The trade-off is that the person shipping the app often cannot see what the code is actually doing, including the security controls it left out.
Is vibe-coded software safe to deploy?
Not by default. AI coding assistants optimise for making a feature work, not for making it safe, and Veracode found that when a model could choose between a secure and insecure method it picked the insecure one 45% of the time. Vibe-coded code can be safe, but only if someone who can read it reviews it before it touches customer data.
What are the most common vibe coding security mistakes?
The single most common mistake is a backend left publicly accessible with no authentication, which is how the Tea app leaked 72,000 user images. Others include API keys and secrets pasted into source code, access controls switched off because they slowed down the build, and AI-recommended software packages that do not exist and are filled with malware by attackers.
Where are people posting vibe-coded app vulnerabilities?
Threads on Reddit communities like r/vibecoding and r/lovable, write-ups on dev.to and personal security blogs, and platform-wide scans from firms like Escape. Security researcher Matt Palmer's scan of 1,645 Lovable apps found 170 with publicly readable databases, which became CVE-2025-48757. Finding these takes nothing more than a browser, so the leaks are catalogued publicly almost as fast as the apps ship.
What is the penalty for a data breach in Australia?
Since the December 2024 Privacy Act reforms, the maximum penalty for a serious or repeated breach is the greater of $50 million, three times the benefit gained, or 30% of adjusted turnover for the breach period. In October 2025 the Federal Court handed down the first civil penalty under the Act: $5.8 million against Australian Clinical Labs over a 2022 breach affecting 223,000 people.
Written by
Managing Director
John Zammit is Managing Director at Communicat IT, a Melbourne MSP serving Victorian SMBs since 1987. He writes about cloud economics, infrastructure strategy, and the gap between sales narratives and operational reality.