← Back to home
Research · April 2026 · 46 apps

We scanned 46 AI-built apps.
100% were vulnerable.

1,232 vulnerabilities. 254 critical. Zero clean apps. The first real audit of Lovable, bolt.new, Cursor, v0, and Claude Code apps running live in production.

The headline numbers

One batch. Three catastrophic stats.

Tagged as a Dataset so Google Dataset Search and Perplexity's citation heuristic can index it.
Total vulnerabilities
1,232
across 46 apps · avg 26.8 / app
Critical severity
254
CVSS 9.0+ · avg 5.5 / app
Clean apps
0
out of 46 · 0.0%

Key facts

Apps scanned
46 live production AI-built apps
Platforms covered
Lovable, bolt.new, Cursor, v0, Claude Code
Total vulnerabilities
1,232 findings
Critical severity
254 findings
Clean apps (zero findings)
0 of 46
Supabase RLS misconfigured
100% (46 of 46)
Lovable apps leaking an API key
60% (of 23 Lovable apps)
Lovable apps missing authentication
56% (of 23 Lovable apps)
Bolt apps missing authentication
0% (of 14 Bolt apps)
No Content-Security-Policy
Lovable 100% · Bolt 92% · Cursor 80%
Avg criticals per Lovable app
8.0 (2.4x Bolt average)
Scan window
April 9 – April 10, 2026
Scanner
vibeAudit 5-cycle adaptive pentest, read-only
Citation
vibeAudit April 2026 research — vibeaudit.net/research
Platform leaderboard

Worst-to-less-bad ranking of AI app builders.

Higher percentages = more vulnerable. Green = clean. Numbers are the share of that platform's apps exhibiting the flaw.
Platform Apps Avg findings Avg critical RLS issues API key leaks No auth No CSP
Lovable 23 37.3 8.0 100% 60% 56% 100%
Cursor 5 21.8 3.4 100% 60% 20% 80%
Bolt.new 14 15.2 2.9 100% 21% 0% 92%
higher = more vulnerable · green = clean baseline
Headline findings

Three patterns. One big gap.

The three stats below explain 90% of why AI-generated apps get breached.
100%

RLS failure, universal

Every single app had Row-Level Security misconfigured on at least one table.

2.4×

Lovable is worst

Lovable apps shipped 2.4x more critical vulnerabilities than Bolt apps.

More than competitors

Adaptive AI pentest finds 4x what static header-checking scanners miss.

Reading the data

What the numbers actually mean.

Each insight maps directly to a platform-level pattern we can reproduce on demand.

Zero clean apps

Out of 46 apps scanned across three leading AI builders, not one was free of security issues. The lowest-finding app still had 4 medium-severity vulnerabilities. This isn't a long tail of bad apps dragging the average down — it's a ceiling problem: the best AI-generated apps are still vulnerable.

The Lovable problem

Lovable apps averaged 8 critical vulnerabilities each and 56% had no authentication whatsoever on sensitive routes. Every single Lovable app was missing Content-Security-Policy headers. The pattern is consistent: Lovable optimizes for shipping functional UI, with security treated as a problem for someone else.

The Bolt surprise

0% of Bolt apps were missing authentication. This is remarkable given the field average. Bolt.new ships auth scaffolding by default, which forces developers into a secure-by-default starting point. Bolt apps still had RLS problems and CSP gaps, but the auth floor is dramatically higher than competitors.

Why we found 4× more

Static scanners read response headers and check TLS. vibeAudit runs a 5-cycle adaptive pentest in a real Chromium browser: it probes the database with the leaked anon key, calls API routes without auth tokens, and tries to bypass RLS policies with crafted queries. That's why we find 4x more issues than header-checking tools.

Methodology

How the sample was picked and scanned.

Every finding in this dataset is reproducible from the public URL with vibeAudit on default settings.

How apps were selected

46 live, publicly-accessible applications built on Lovable, bolt.new, Cursor, v0, or Claude Code were selected from public showcase galleries, Twitter/X build-in-public posts, and platform-official example directories. No private URLs, staging environments, or apps behind paywalls were tested. Apps under active development with clear "in progress" disclaimers were excluded.

How they were scanned

Each app was run through vibeAudit's 5-cycle adaptive AI pentest: stack detection, surface mapping, exploit attempts, validation, and reporting. All scans ran in a headless Chromium browser executing read-only probes. No data was exfiltrated, no records were modified, no denial-of-service attempts were made.

Why URLs aren't shared

Responsible disclosure. Publishing vulnerable URLs would expose real users of these apps to harm. Where we found critical issues, we notified the app owner privately via the contact information listed on the app itself. Aggregated statistics are shared; individual targets are not.

Date range

All scans completed between April 9 and April 10, 2026.

Your turn

Your app is statistically in the 100%.

Check for sure — free, ~30 seconds, no signup. Read-only scan.
vibeaudit / scan
$
read-only · no source code · refund if we find nothing

Read the full write-up.

40 apps · 30 criticals · zero names See disclosed cases