Dan Cochran (@deecobuilds): "In April 2026, Lovable, the $6.6B AI app builder, had a vulnerability that left thousands of projects' source code, credentials, and AI chat histories exposed.

For 48 days.

If the platform itself isn't safe, what about the apps built on it? A 2026 audit found 91.5% of vibe-c…"

Home

Subscriptions

Chat

Activity

Explore

Profile<br>Create

Make money doing the work you believe in

Start your SubstackLearn more

For you

Dan Cochran 3m<br>@deecobuilds

In April 2026, Lovable, the $6.6B AI app builder, had a vulnerability that left thousands of projects' source code, credentials, and AI chat histories exposed.<br>For 48 days.<br>If the platform itself isn't safe, what about the apps built on it? A 2026 audit found 91.5% of vibe-coded apps contain at least one vulnerability. The most common failure mode isn't malicious code. It's a missing configuration the AI skipped entirely.<br>I built a scanner specifically for this: apps built with Claude Code, Codex, Lovable, Bolt, and v0, catching what general scanners miss. Currently in closed beta. Drop a comment if you want a free scan of your app.

Jun 10<br>at<br>7:23 PM

Relevant people

Log in or sign up<br>Join the most interesting and insightful discussions.

Start your SubstackSign in

Get app

This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts