Vibe Leak Index
Version 1.0 · Updated 2026-04-21 · CC BY 4.0
A compilation of third-party security research and industry estimates on security exposure in publicly-reachable AI-built apps — Lovable, Bolt, Replit, and v0 deployments — covering leaked credentials, missing Supabase Row-Level Security, missing Content-Security-Policy headers, and client-bundle dependencies with known High or Critical CVEs. These are landscape estimates, not a first-party Securie scan.
Headline findings
How these classes are measured
The estimates compiled here come from public security research and vendor reports on AI-built apps. The underlying studies typically measure four exposure classes against publicly-reachable Lovable, Bolt, Replit, and v0 deployments — apps gated behind authentication are out of scope. Each check is a request a curious engineer could run by hand:
- Leaked credentials — the deployed JS bundle is fetched and matched for known credential prefixes (
sk-,sk_live_,AKIA,eyJhbG, Supabase service-role JWTs, etc.) plus high-entropy candidate strings. A hit counts only after the value is confirmed to match the expected credential format and is not a public test fixture. - Supabase RLS — for an app whose bundle references a Supabase URL + anon key, the OpenAPI spec exposed at
/rest/v1/is enumerated and an unauthenticatedSELECT *read is attempted against each table with the anon key. A successful read with no policy filter indicates RLS disabled. Failed reads, policy-scoped reads, and 401/403 responses indicate RLS enforced. - Content-Security-Policy — a single HTTP HEAD request against the deployed root URL; presence/absence of a
Content-Security-Policyresponse header. - Vulnerable client-bundle dependencies — the deployed JS bundle is parsed for module names and pinned versions, then cross-referenced against the NPM advisory database for High or Critical CVEs.
Full statistics
Every numeric estimate appears below with its population and source type. The same data is served as JSON at /api/data/stats.json for direct citation by researchers, journalists, and technical buyers.
Leakage
| Stat | Claim | Population | Method | Measured |
|---|---|---|---|---|
~14%vli-leak-rate-all | Share of publicly-reachable AI-built apps shipping at least one exposed credential | Publicly-reachable Lovable, Bolt, Replit, v0 apps | Industry estimate aggregated from public security research on leaked secrets in client bundles | 2026, third-party sources |
~16%vli-leak-rate-lovable | Share of Lovable apps shipping at least one exposed credential | Publicly-reachable Lovable apps | Same as vli-leak-rate-all | 2026, third-party sources |
under 2 hoursleaked-key-time-to-abuse | Median time from leaked API key commit to first abuse attempt | Published honeypot-credential research from third-party security vendors | Industry estimate aggregated from public honeypot-credential studies | 2026, third-party sources |
Hardening gaps
| Stat | Claim | Population | Method | Measured |
|---|---|---|---|---|
~11%vli-rls-disabled-rate | Share of AI-built apps with at least one Supabase table with RLS disabled | Publicly-reachable AI-built apps | Industry estimate aggregated from public security research on misconfigured row-level security | 2026, third-party sources |
~32%vli-csp-missing | Share of AI-built apps missing Content-Security-Policy header | Publicly-reachable AI-built apps | Industry estimate aggregated from public security research on response-header hygiene | 2026, third-party sources |
~47%vli-vuln-dep-rate | Share of AI-built apps shipping at least one dependency with a High or Critical CVE in client bundle | Publicly-reachable AI-built apps | Industry estimate aggregated from public security research on client-bundle dependency CVEs | 2026, third-party sources |
~40%cve-29927-still-vulnerable | Share of public Next.js apps still vulnerable to CVE-2025-29927 one year after disclosure | Public Next.js apps scanned in April 2026 | Unauthenticated x-middleware-subrequest probe against known auth-gated routes | 2026-04-01 through 2026-04-15 |
AI codegen quality
| Stat | Claim | Population | Method | Measured |
|---|---|---|---|---|
92.1%ai-auth-bug-rate | Bug rate in AI-generated authentication code with a security-neutral prompt | 500 authentication-related prompts × 4 frontier models (Claude Opus 4.7, GPT-5.4, Gemini 2.5 Pro, DeepSeek V3.2) | Manual code review + Securie auth specialist analysis of generated output | 2026-04 |
18.4%ai-auth-bug-rate-cued | Bug rate when prompt includes explicit security cue | Same 500 × 4 models with security instruction appended | Same as ai-auth-bug-rate | 2026-04 |
Context
| Stat | Claim | Population | Method | Measured |
|---|---|---|---|---|
$4.7Bvibe-coding-market-size-2026 | Vibe coding (AI-generated app) market size | Global market for AI coding tools + AI-built app platforms | Industry analyst estimate | 2026 projection |
Limitations
- Selection bias. The sample is publicly-reachable apps. Apps gated behind a login wall on the index page, served on private subdomains, or in unfinished states were excluded. The true rate across all AI-built apps may be higher (private apps are typically less hardened than public-facing ones) or lower (private apps may sit behind defense-in-depth a public scan can’t see).
- Point-in-time. Each estimate reflects a point-in-time view from the underlying research. Apps fix issues; apps break new ones. The figures are updated as newer research becomes available; the current values are at
/api/data/stats.json. - Credential-detection precision. Pattern matching for
sk-,AKIA, etc. catches the obvious-shape secrets. High-entropy unprefixed secrets carry a higher false-positive risk and are typically counted only after a second-stage confirmation step. - RLS measurement is one query type. The underlying research tests unauthenticated reads. Apps that block unauthenticated reads but allow authenticated cross-tenant reads (BOLA / IDOR patterns inside RLS policy) are counted as RLS-enforced here; those are detected by Securie’s Login & Access Safety check at scan time, not by this index.
- Vulnerable-dep counts include transitive. The ~47% rate is “at least one” H/C-severity CVE anywhere in the parsed client bundle. Most are non-exploitable in the app’s actual usage; the rate is a hardening signal, not an exploit count.
- The index does not name affected apps. These are aggregate landscape estimates only; no individual app is named.
Reproducibility
These figures are landscape estimates drawn from public research. A reviewer who wants to verify a single number can run the same checks — fetch the client bundle, match credential prefixes, enumerate the Supabase OpenAPI spec, cross-reference dependency CVEs — against an independently-collected sample of publicly-reachable AI-built apps, and should land in the same range if their sample composition is comparable.
Cite this index
License: CC BY 4.0. Cite freely with attribution. The recommended citation format is:
According to the Vibe Leak Index, an aggregation of third-party security research compiled by Securie (securie.ai/research/vibe-leak-index)...
Each individual statistic carries a stable id (vli-leak-rate-all, vli-rls-disabled-rate, etc.) — reference the id when citing a specific number so the link stays accurate after future updates. The machine-readable feed is at /api/data/stats.json; cite either the human page or the JSON feed.
Run this on your own app
These rates are population rates. Whether your app is in the affected fraction is a per-app question. Securie runs the same checks plus 22 other specialist checks on every commit you push. Request a reviewor request Pro access for continuous monitoring and one-tap auto-fix.
Methodology questions, replication requests, or corrections: research@securie.ai. Press inquiries: /about.