Published by Bastion Prime | Edited by Heorhi Tratsiak, CEO
A security researcher created a free Lovable account, made a handful of API calls, and within minutes was looking at another user’s complete source code, API keys, customer names, email addresses, and Stripe payment records. He didn’t hack anything. No malware. No brute force. Just a free account and a few minutes of casual browsing.
At the time of this writing, security researchers estimate that over 5,000 production applications built on platforms like Lovable, Replit, Base44, and Netlify have been sitting completely unprotected on the open web. Roughly 40 percent of those 5,000 apps were found to contain sensitive corporate data — everything from hospital work assignments with physician names and patient details to go-to-market strategy presentations, sales and financial records, and customer service logs including full names and contact information .
Lovable has suffered three documented security incidents in the last year alone, exposing thousands of customer records every time. In one previously documented vulnerability (CVE-2025-48757), a developer’s scan found that 303 endpoints across 170 projects lacked proper Row‑Level Security (RLS) controls. Attackers could dump entire database tables — including payment records and API keys — without even logging in .
This isn‘t a warning about a hypothetical future. This is a documented chronicle of platforms that prioritized virality over security, treated bug bounties as documentation problems, and left real customer data exposed on tens of thousands of projects.
If you’ve built a production store on a viral AI platform, your data is probably already out there. And the worst part? You may not even know it.
Part 1: How Lovable Handled Three Major Security Incidents (Spoiler: Badly)
In many ways, the platform’s response to security incidents has been as concerning as the incidents themselves. Worse, Lovable refused to provide an executive to explain the situation to media outlets, leaving only a series of contradictory X posts in its wake .
Incident One: The Row‑Level Security Failure (CVE-2025-48757)
In March 2025, developer Matt Palmer discovered a critical vulnerability affecting Lovable-generated projects: missing or insufficient Row‑Level Security (RLS) policies in the Supabase database layer, allowing any unauthenticated user to query entire database tables directly.
A follow‑up scan found that 303 endpoints across 170 projects lacked proper RLS controls. Attackers could retrieve usernames, emails, phone numbers, payment status, and even API keys (Gemini, Google Maps, etc.) with a few modified API requests. They could dump entire tables — full user lists, billing records, and developer credentials.
Palmer reported the vulnerability on March 21 and initiated a 45‑day coordinated disclosure window. On April 24, Lovable released a so‑called “security scan” feature. The scanner only checked for the presence of RLS, not whether the policies actually worked. It could not detect misconfigured policies, failed to enforce access correctly, and completely missed the invisible vulnerabilities.
By the end of May, the 45‑day window had closed without a meaningful fix. The CVE was published, and the exposure persisted for months.
Incident Two: The Broken Object‑Level Authorization (BOLA) – April 2026
By April 2026, security researcher @weezerOSINT identified a Broken Object Level Authorization (BOLA) vulnerability in Lovable‘s API, which sits at the very top of the OWASP API Security Top 10 for its prevalence and ease of exploitation. BOLA occurs when an API endpoint fails to validate whether the requesting user actually owns or has permission to view the requested resource. In this case, the researcher made five API calls from a free account and pulled another user’s full profile, public projects, and source code. Database credentials embedded in that code then exposed the connected customer database.
The researcher reported the flaw on March 3. Lovable patched it for new projects but left every existing project created before November 2025 completely exposed.
When the researcher submitted documentation of the remaining vulnerable endpoints, Lovable closed the second report as a duplicate without any escalation. The window of exposure? 48 days. Employees at Nvidia, Microsoft, Uber, and Spotify reportedly had Lovable accounts tied to these affected projects .
Lovable‘s initial statement on X claimed that “no data breach had occurred” and that exposing project code was “intentional behavior.” It then blamed its own documentation — ”what ‘public’ implies was unclear” — and then blamed its bug bounty partner HackerOne for closing reports.
Lovable later issued a partial apology and fixed the issue for new projects. But legacy projects remained exposed. Any customer who built a store on Lovable before November 2025 should assume that its source code, database credentials, and customer data have been accessed by unauthorized parties.
Incident Three: The “5,000 Apps” Discovery – May 2026
Security researcher Dor Zvi and his team at RedAccess scanned the web and identified roughly 5,000 publicly accessible applications built with Lovable, Replit, Base44, and Netlify. These applications had virtually no security or authentication of any kind. Anyone who simply found the web URL could access the app and its data. In other cases, barriers were only trivial — signing in with any email address would suffice.
Roughly 2,000 of those 5,000 apps were found to contain sensitive data, including hospital work assignments with physician names and patient information, corporate strategy presentations, customer service logs with full names and contact details, shipping records and financial data, ad purchasing strategies and sales records, and in one confirmed case, patient conversations from a children’s long-term care facility.
Among the exposures that were independently verified: a shipping company‘s cargo records, an internal health application listing active clinical trials across the UK, full unredacted customer service conversations for a cabinet supplier, internal financial information for a Brazilian bank, and hospital doctor-patient summaries .
Lovable initially responded that “how an app is configured is ultimately the creator’s responsibility.” This mirrored the early days of the Amazon S3 bucket crisis, where media companies and financial institutions leaked millions of customer records because confusing default settings made their data public without their knowledge.
Part 2: What Actually Got Exposed (Real Customer Data, Not Hypotheticals)
The breach wasn’t some theoretical vulnerability buried in an obscure configuration setting. It was real customer data that security researchers verified was actively exposed.
Connected Women in AI, a Danish nonprofit, was among the affected projects. The exposure included real user records: names, job titles, LinkedIn profiles, and Stripe customer IDs. The leaked data was linked to individuals employed at Accenture Denmark and Copenhagen Business School .
The BOLA vulnerability allowed a free account with zero special permissions to pull another user‘s source code, and from that source code, extract Supabase database credentials embedded directly in the API endpoints. With those credentials, an attacker could connect directly to the database of a live production application built on Lovable.
Employees at Nvidia, Microsoft, Uber, and Spotify reportedly have Lovable accounts tied to affected projects, meaning their corporate development data could have been exposed as well .
WIRED verified multiple online web apps that were still exposing sensitive data: logs of customer chatbot conversations containing names and contact information, a shipping company‘s cargo manifests, a hospital‘s work assignments with doctor names and case details, and a retailer‘s full customer service transcripts .
If you built an application on Lovable before November 2025 and you used it for real business operations — collecting customer names, processing payments, storing order data — those records likely became publicly accessible. The researcher demonstrated that extracting source code from Lovable’s API yielded hardcoded Supabase credentials, and those credentials provided direct, unauthenticated access to the application‘s underlying database.
Part 3: Structural Failures of AI App Builders (Not Just One Company)
This is not a story about a single company making a mistake. This is a structural problem across the entire category of viral AI app builders. According to a security audit of more than 200 AI-generated applications, 91.5 percent contained at least one AI hallucination-related flaw. Across the board, 45 percent of AI-generated code fails basic security tests because these models reproduce insecure patterns from their training data. In that same audit, more than 60 percent of the applications exposed API keys or database credentials in public repositories, and the vulnerability classes — disabled RLS, hardcoded secrets, missing webhook verification, injection flaws, broken access controls — were identical across every major platform.
The Bubble AI builder has already been weaponized by threat actors to evade phishing detection. Attackers are creating malicious web apps on Bubble using complex JavaScript bundles and Shadow DOM-heavy structures that automated security tools fail to flag. Those apps then redirect users to convincing Microsoft login portals that steal credentials for 365 accounts .
The Bubble incident is a preview. Phishing-as-a-Service platforms are now integrating AI-builder abuse into standard kits. These kits already include session cookie theft, adversary-in-the-middle layers that bypass two-factor authentication, geo-fencing, anti-analysis tricks, and AI-generated email content. Adding legitimate trusted domains to the mix makes detection nearly impossible .
The common thread across every platform: security is not the default. Default privacy settings make apps publicly accessible unless users manually toggle them. Many applications get indexed by Google, and they remain indexed for days or weeks before discovery .
Part 4: Side‑by‑Side Comparison – Lovable vs. Traditional WooCommerce Store
| Security & Ownership Aspect | Lovable (AI‑Built Store) | Traditional WooCommerce Store |
|---|---|---|
| Data ownership | Customer data lives on Lovable’s Supabase instance; you leave, you lose your records. | Full ownership inside your own database; export anytime. |
| Security defaults | Public by default unless manually set to private | Private by default; requires explicit configuration to become public |
| API key exposure | Hardcoded in generated code; extracted via API calls | Environment variables and secrets management; never exposed to public |
| Vulnerability window | 48+ days after researcher disclosure | Your responsibility, but no third‑party API can expose your keys |
| Platform abandonment risk | High: you lose database and customer records if you stop paying | Zero: full database export, move to any host |
| Compliance auditability | Low; no visibility into AI‑generated security controls | Complete control; every security layer is configurable and auditable |
| Regulatory liability | Shared; ambiguous responsibility for exposed customer data | Sole responsibility; compliance is fully within your control |
| Long‑term TCO (including breach risk) | $0 initial fee, potential unlimited liability from data exposure | $50–150 monthly hosting, fully manageable and predictable |
Lovable‘s most convenient feature — the AI handles everything — is also its biggest security liability. Because the AI manages the database, the API, and the authentication, you never see where the vulnerabilities are hiding. The WooCommerce model puts you in full control of every security decision.
Part 5: When It’s Still Acceptable to Use AI App Builders
The technology is not useless; it is simply inappropriate for production commerce.
Use AI builders for:
- Validating a business idea with a clickable prototype (no real customer data)
- Testing design concepts with placeholder content
- Building internal dashboards that do not touch customer PII
- Creative exploration and learning
Never build your production e‑commerce store on an AI app builder if:
- You will collect real customer names, email addresses, or payment information
- You need to be compliant with GDPR, CCPA, or PCI standards
- You plan to scale beyond a few hundred monthly visitors
- You care about owning your customer database and selling your brand someday
The smart entrepreneur uses Lovable to prototype the store, validate the idea, and test the product-market fit with mock data. Then they rebuild on a platform they actually control before onboarding real customers. That’s the best of both worlds.
Part 6: The Bottom Line – You Own the Risk
Here’s the cold truth that the viral AI platforms won’t tell you: they give you zero warranties about data protection, accept no liability for exposure, and shift every ounce of responsibility onto you. The platform terms of service explicitly disclaim responsibility for how your app is configured. “Public by default” means any mistake immediately exposes your customer database to the entire internet.
Security researchers will continue probing these platforms — and finding new holes — every single quarter. The platforms‘ financial incentives reward growth over fixes. Lovable is worth over $6.6 billion. Its customers have no idea that their private data is being used as training fodder and their API keys are a few API calls away from public exposure.
You cannot sue your way out of a GDPR fine after a researcher publishes your customer names and Stripe IDs. You cannot apologize your way out of losing customer trust after attackers hijack your checkout flow. You cannot rebuild your reputation after the press covers “data breach exposes thousands of customer records from [Your Brand].”
If you are serious about e‑commerce, build your store on WooCommerce. Use Lovable for the prototype. Migrate before you take the first real dollar.
Your Next Move
If you already built your store on Lovable before November 2025, here is your immediate checklist:
- Rotate every API key, database credential, and secret stored in those projects
- Assume chat histories and source code have already been accessed by unauthorized parties
- Notify customers if you stored their PII in an affected project
- Migrate to a proper WooCommerce store before taking another customer order
We migrate production stores from AI platforms to WooCommerce. We do it with zero downtime and full SEO preservation. Your data should be yours alone.
Book a free security audit for your AI‑built store
👉 Book Your Free Consultation →
Related Reading
- From Prompts to Profits: Build a Custom WooCommerce Plugin Using AI (No Developer Required)
- WooCommerce is Dead. Long Live WooCommerce: How Headless + AI Save the Platform
- Lovable vs. WooCommerce: The Hidden Cost of ‘Free’ AI Storefronts You’re Not Seeing
- Stop Building Static Stores: How Lovable’s Real‑Time Personalization Works
- Store Audit & Strategy Session ($197 – credited toward any package)
Bastion Prime is a UK‑registered e‑commerce agency specializing in WooCommerce migration, AI platform rescue, and secure store operations for US brands.