State of Vibe Coding Security
2026
The most comprehensive collection of vibe coding security data available. Two documented data breaches. NCSC government warning. 11+ security scanners launched. Aggregated from Escape.tech, Tenzai, CodeRabbit, Kaspersky, Veracode, Wiz, Sonar, and independent research.
Last updated: March 25, 2026 | Sources linked below
The Numbers
The Headline
Vibe coding is the fastest way to build software in 2026. It is also producing the largest wave of insecure applications in the history of software development. The data is no longer theoretical.
Most Common Vulnerability Types
Based on aggregated data from all sources. Percentages represent approximate prevalence across scanned apps.
Exposed API Keys & Secrets
67%API keys for OpenAI, Stripe, Supabase, Firebase hardcoded in source or committed via .env files
Missing Row Level Security
45%Supabase databases accessible without RLS policies. Any user can read/write any row.
Missing Security Headers
100%Zero of 15 tested apps (Tenzai) had CSP, HSTS, X-Frame-Options, or CORS headers configured
Open CORS Policies
53%Access-Control-Allow-Origin set to wildcard (*), allowing any website to make API requests
Missing Authentication
40%API routes handling sensitive operations (payments, data deletion, user management) without auth checks
Missing Rate Limiting
93%Only 1/15 tested apps had rate limiting, and it was bypassable. APIs vulnerable to brute force and abuse.
SQL Injection
27%String concatenation in database queries instead of parameterized statements
Cross-Site Scripting (XSS)
2.74xAI co-written code introduces 2.74x more XSS vulnerabilities than human-only code (CodeRabbit)
Firebase Misconfigurations
35%Client-side Firebase config without server-side validation or security rules
Missing Input Validation
60%API endpoints accepting arbitrary input without sanitization or type checking
Platform-by-Platform Breakdown
Security posture of major vibe coding platforms as of March 2026.
Lovable
10.3% critical RLS flaws (pre-2.0), missing security headers, client-side Firebase config without server validation
Lovable 2.0 added 4 automated checks. Mar 25: launched AI pentesting (agent swarm, OWASP Top 10, privilege escalation)
Bolt.new
Exposed API keys in generated code, missing authentication on API routes, open CORS policies
No built-in security scanning announced
Cursor
Code generation prioritizes functionality over security, missing input validation, SQL injection via string concatenation
No built-in security scanning announced
Google AI Studio
Generates Firebase apps without proper security rules, client-side database access without server validation
New entrant, security posture unknown
Claude Code
Tenzai: 16 vulnerabilities in test app (4 critical), worst performer of 5 AI tools tested
Anthropic launched Claude Code Security (reasoning-based scanning)
Replit
Environment variable exposure in deployments, missing HTTPS enforcement in some configurations
No specific vibe coding security features announced
Timeline: How We Got Here
Andrej Karpathy coins 'vibe coding'
The term enters mainstream vocabulary. Describes writing code by describing what you want to AI.
Anthropic launches Claude Code Security
Reasoning-based security scanning for AI-generated code. Enterprise-focused.
Checkmarx: AI-generated code security report
Major AppSec vendor publishes comprehensive analysis of security risks in AI-generated code.
Kaspersky: 45% of AI code has vulnerabilities
Independent security research confirms widespread vulnerability patterns in AI-generated code.
Escape.tech scans 5,600 vibe-coded apps
Largest study to date. Finds 2,000+ vulnerabilities and 400 exposed secrets across Lovable, Bolt, Base44 apps.
Tenzai: 69 vulnerabilities in 15 apps
Tests 5 AI coding tools. Claude Code scores worst: 16 vulnerabilities, 4 critical. Zero apps had security headers.
Forbes: 'The MVP Is Dead'
Forbes Tech Council declares the traditional MVP obsolete. Vibe coding enables the Minimum Lovable Product (MLP).
Bloomberg Law: vibe coding teaching law students about AI limits
AI 'hallucinate, can't securely handle sensitive client information without proper security engineering.'
Lovable 2.0: built-in security scanning
Lovable adds 4 automated scanners (RLS, schema, code vuln, dependency) before publish. First platform to respond.
Lovable launches AI pentesting
AI agent swarm checks OWASP Top 10, privilege escalation, data exposure. Claims 'world's first penetration testing for vibe coding.' Only covers Lovable-built apps.
Economic Times: AI-led vibe coding amplifying security fears
Enterprise CISOs report shadow AI and vibe coding creating governance and security gaps.
Apple begins blocking vibe-coded apps
App Store review rejects apps with AI-generated code that fails security standards.
Baudr: first real-world vibe coding data breach
Italian streamer Grenbaud launches social network built entirely with AI for 40 euros. Hacked within hours. Admin panel open at /admin. Thousands of users' data exposed, accounts deleted, fraudulent messages sent.
McAfee: 443 vibe-coded malware files detected
McAfee Labs discovers campaign of AI-generated malware impersonating legitimate tools. Malicious zip files use vibe-coded techniques to evade detection.
Moltbook breach: 1.5M auth tokens exposed
Social network Moltbook, built entirely via vibe coding ('didn't write one line of code'), had misconfigured database discovered by Wiz. 1.5M authentication tokens and 35K email addresses exposed to the public internet.
UK NCSC CEO warns about vibe coding at RSA Conference
The head of the UK National Cyber Security Centre warned about the security risks of vibe coding at RSA Conference 2026. Government-level recognition of the threat.
11+ security scanners now exist
VibeCheck, Vibe App Scanner, amihackable.dev, DeploySafe, ChakraView, VibeSecurity, SafeVibe.codes, usevibechecker, and more. A month ago there were zero. Market validated.
Case Study: The Baudr Data Breach
The first documented real-world data breach caused by vibe coding. March 14, 2026.
What Happened
Italian streamer Grenbaud (Simone Buratti, 1M+ Twitch followers) launched Baudr, a social network for his community. He built it entirely with AI for approximately 40 euros. He consulted no technical experts or legal advisors.
Within hours of launching live on Twitch, users discovered the administration panel was accessible to anyone by navigating to /admin. The consequences were immediate:
- xThousands of user accounts deleted in bulk
- xPersonal data downloaded by unauthorized individuals
- xFraudulent messages sent from compromised accounts
- xSite taken offline for emergency security repairs
Technical Findings
Security researcher Pasquale Pillitteri identified 9 critical vulnerabilities in Baudr:
Data collected by Baudr included: Twitch ID, personal photos, name, age, city, zodiac sign, hobbies, music preferences, YouTube channels, Instagram usernames, and private messages.
Why this matters: Baudr is not an edge case. It is the inevitable consequence of shipping AI-generated code without security review. The only difference between Baudr and thousands of other vibe-coded apps is that Baudr had a million viewers watching when it failed.
Source: Pasquale Pillitteri, "The Baudr Case: When Vibe Coding Goes to Production" (March 2026)
Case Study: The Moltbook Data Breach
The largest documented vibe coding data breach. February 2026.
What Happened
Moltbook was a social networking site built entirely through vibe coding. The founder publicly stated he “didn’t write one line of code.” The entire application was generated by AI.
Security firm Wiz discovered a misconfigured database that was wide open to the internet, exposing:
- x1.5 million authentication tokens
- x35,000 email addresses
- xAll data publicly readable with no authentication required
Why This Matters
Moltbook is the largest known vibe coding data breach by volume. 1.5 million authentication tokens means 1.5 million potential account takeovers. With those tokens, an attacker could impersonate any user on the platform.
The root cause was identical to dozens of other vibe-coded apps: the AI generated code that worked functionally but was not configured securely. The database had no access controls. No one reviewed the security configuration before launch.
The pattern: Baudr was hacked in hours with thousands of users affected. Moltbook exposed 1.5 million tokens. These are not edge cases. They are the predictable outcome of shipping AI-generated code without security review. The only question is how many more Baudr and Moltbook incidents exist that haven’t been discovered yet.
Source: Wiz security research, reported by sainam.tech and multiple outlets (February 2026)
Sources & Methodology
Escape.tech (March 2026)
Scanned 5,600 publicly deployed vibe-coded applications built with Lovable, Bolt.new, Base44, and similar platforms. Found 2,000+ vulnerabilities and 400 exposed secrets. The largest vibe coding security study to date.
Tenzai (March 2026)
Tested 15 applications built with 5 AI coding tools. Found 69 vulnerabilities including critical SSRF and injection flaws. Claude Code performed worst (16 vulnerabilities, 4 critical). Zero apps had security headers. One had bypassable rate limiting.
CodeRabbit (2026)
Analysis of AI co-written code found it introduces 2.74x more cross-site scripting (XSS) vulnerabilities compared to human-only code.
Kaspersky (2026)
Research finding that 45% of AI-generated code contains security vulnerabilities.
Veracode (March 2026)
Report finding that 45% of AI-generated code creates security vulnerabilities, with specific patterns in authentication bypass and input validation failures.
Sonar (2025-2026)
Data showing 42% of all code written is now AI-generated, up from under 10% in 2024.
Cisco AI Security Team (2026)
Found AI-built projects extracting data and injecting prompts without user awareness. Projects rarely checked before or maintained after launch.
Baudr / Pasquale Pillitteri (March 2026)
Detailed technical analysis of the Baudr data breach. Social network built by Italian streamer Grenbaud (1M+ Twitch followers) entirely with AI for 40 euros. 9 critical vulnerabilities identified. Admin panel open to public. Thousands of users' data exposed within hours of launch.
McAfee Labs (January 2026)
Detected 443 malicious zip files using AI-generated/vibe-coded techniques to create malware. Campaign impersonated AI image generators, voice-changing tools, stock trading utilities, game mods, and graphics card drivers.
Wiz / Moltbook (February 2026)
Security firm Wiz discovered a misconfigured database in Moltbook, a social networking site built entirely via vibe coding. 1.5 million authentication tokens and 35,000 email addresses exposed to the public internet. The founder stated he “didn’t write one line of code.”
UK NCSC (March 25, 2026)
The CEO of the UK National Cyber Security Centre warned about vibe coding security risks at RSA Conference 2026, marking the first government-level recognition of the threat from AI-generated code.
VibeCheck / notelon.ai (March 2026)
Independent audit of 7 randomly selected Lovable-built GitHub repositories. 60% failed security scan with grade D or F. Common issues: committed .env files, hardcoded Firebase keys, missing gitignore for secrets.
Check If Your App Is Vulnerable
VibeCheck scans your GitHub repo or live site for the exact vulnerabilities described in this report. Free. No signup. Results in seconds.
This report is maintained by notelon.ai and updated as new data becomes available.
Cite as: "State of Vibe Coding Security 2026, notelon.ai/report"
Questions or additional data? @solobillionsHQ on X