three AI reads at a time
WIRED 2026-05-07-3

5,000 Vibe-Coded Apps Are Leaking on the Open Web — and the S3 Analogy Misses the Legal Novelty

RedAccess found 5,000-plus exposed apps on the four leading vibe-coding platforms with around 2,000 leaking real PHI, customer chat logs, and strategy decks. The S3 analogy is reaching for the right pattern but missing the legal twist: AWS could credibly say it didn't write your bucket policy. Lovable, Replit, and Base44 wrote the auth logic that doesn't exist. The first court that holds a code-generation platform partially liable for a generated vulnerability resets the entire industry's product roadmap overnight.

# tags
vibe-codingai-coding-toolsai-cybersecurityai-vendor-governanceshadow-itdata-privacyliability-ambiguityenterprise-ai-adoptionreplitlovableai-securitypilot-to-scaleai-1.0-defensibilitywiredresponsible-disclosure
◆ entities
LovableReplitBase44NetlifyRedAccessDor ZviAmjad MasadWixWIREDAndy GreenbergJoel MargolisBank of AmericaCostcoFedExTrader Joe'sMcDonald'sAmazon S3
→ threads
vibe-coding-governanceai-1.0-defensibilitypilot-to-scaleai-vendor-liability
⟷ links
2026-04-04-22026-04-01-12026-03-08-22026-03-09-32026-04-01-32026-05-01-w12026-03-13-w12026-04-17-22026-05-01-12026-05-01-22026-05-01-32026-05-04-22026-05-05-12026-05-06-3
permalink