The Hottest New Vibe Coding Startup May Be a Sitting Duck For Hackers (semafor.com) 22
Lovable, a Swedish startup that allows users to create websites and apps through natural language prompts, failed to address a critical security vulnerability for months after being notified, according to a new report. A study by Replit employees found that 170 of 1,645 Lovable-created applications exposed sensitive user information including names, email addresses, financial data, and API keys that could allow hackers to run up charges on customers' accounts.
The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable's AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.
The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable's AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.
Shocking!! (Score:5, Insightful)
My shock over this is exceeded only by my complete apathy. Everyone deserves what they will get from this AI coding nonsense and anyone that uses the words vibe coding deserves it doubly.
Uh oh.
Re: (Score:1)
It's premature to call "full app AI coding" inherently nonsense. Someday it may become reliable enough to replace human coders for non-trivial apps, but we're just a good ways off.
It's like how self-driving-cars appeared "just around the corner" after highly promising proof-of-concepts. However, dealing with edge cases has proven a bear. Bot-auto-coding will probably follow a similar curve: getting 85% there proves relatively easy, but that last 15% will turn AI researchers and investors grey.
(Commercial bo
FLYING CARS (Score:2)
Some day we may have flying cars, and buildings that are tall enough to reach the moon, and they all get a whole team of human servants to do whatever they need, and a button room where they can have whatever they want at the push of a button.
Edge cases? (Score:2)
Self driving cars can't even drive in snow yet so rendering them useless for winter in a huge part of the northern hemisphere. Hardly an edge case. Thats before you worry about roads that arn't wide and straight like in north america but are knarly, narrow, windy and sometimes single track with passing places like in a lot of the world.
Re: (Score:1)
No problem, global warming will soon solve.
Re: (Score:3)
Before global warming: all the roads are snowed in, autobot cars can't figure out how to drive through that mess.
After global warming: all the roads are inundated, autobot cars can't figure out how to swim through that mess.
Sorry, the grass is not greener on the other side:)
Re: (Score:2)
Considering the amount of accidents happening when it snows, I can safely say that most people can't drive in snow either.
Re: (Score:3)
The edge cases for coding are so much more out there than the edge cases for automated driving, and the automated driving looks to be a bear of a problem that is perpetually just beyond reach for the general purpose case.
So I'd say "full" AI coding is pretty much nonsense for all practical purposes for the near to medium term future. This article illustrates why pretty clearly. It's supremely difficult, particularly with security, to "operate without a net". If it's trivially easy and/or rote but tedious f
Re: (Score:2)
Oh look it's harder than the magician said it would be
Re: (Score:2)
Maybe salesman is a better word here. Magicians know exactly how hard their tricks are, and carefully conceal those difficulties. They rehearse their tricks endlessly to get them just right. Salespeople, on the other hand, aren't so concerned about details, just how much they can make by selling (whatever it is).
Re: Shocking!! (Score:2)
Re: (Score:2)
You're not very lovable.
I think I like this one the best. Genuinely made me smile.
Re: Shocking!! (Score:2)
You know this reminds me of Microsoft word. The world adopted a general purpose tool with waaaaaay to much bla bla bla about formatting... 40 years later, and still, no one knows how to do anything with it.
Wrong paradigm methinks. Here are
the keys to a 747. Now go to the corner store and get milk.
Re: (Score:2)
Yep, same here. Entirely predictable outcome is entirely predictable.
AI company for scanning code for security? (Score:3)
Perhaps we need an AI based company that scans all code for security issues, and fixes it on the fly?
(/s... of course.)
Re: (Score:2)
Hostile actors though.
Rogue AI is going to intimidate, seduce and outsmart the 'good' AI, making your system *less* secure.
Vibe coding keeps me employed (Score:2)
Oh my. (Score:2)
The vibe wasn't there (Score:3)
Security just didn't vibe with them
most people in tech (Score:2)
Most people in tech do not have the disposition or training to handle security. They should not be connecting networks. They should not be handling private and personal data. And every piece of software and every sevice the produce should be treated like it is a ticking time bomb until they go through some extensive security audits on their development process.