Security Researchers Expose 5,000 Unsecured AI-Built Apps Leaking Sensitive Data Including Hospital Records and Financial Documents

Security researchers expose over 5,000 unsecured AI-built apps leaking sensitive real-world data — including hospital records and financial documents — as AI coding platforms deflect responsibility, leaving non-technical users unknowingly exposing critical information to the public.

• Security researcher Dor Zvi and his team at RedAccess uncover over 5,000 AI-built web apps created with tools like Lovable, Replit, Base44, and Netlify that are publicly accessible with little to no authentication or security protection.
• Nearly 2,000 of these exposed apps appear to contain sensitive real-world data, including hospital staff records, financial documents, corporate strategy presentations, customer chatbot logs, and cargo records, with some apps even granting potential administrative access to outside users.
• AI coding companies largely deflect responsibility, arguing that public accessibility reflects user configuration choices rather than platform flaws, while cybersecurity experts warn that non-technical users are building and deploying apps without any security oversight or development vetting process.