Vibecoding platform Lovable has admitted a serious flaw in its service after, bizarrely, first denying the vulnerability and blaming the alleged misunderstanding on unclear documentation and design. Then it threw HackerOne, the bug-bounty service, under the bus.

As a lesson in how not to respond to vulnerability reports, it’s probably one of the best ones yet, but for a startup with a $6.6 billion valuation and used by employees at giants like Microsoft and Nvidia, it could become a serious blow to its reputation.

Here’s what happened. A researcher who calls themselves @weezerOSINT on X posted on Monday that Lovable had a mass data breach affecting every project created before November 2025.

No hacking needed to trigger the bug

“I made a Lovable account today and was able to access another user’s source code, database credentials, AI chat histories, and customer data, which are all readable by any free account,” the researcher said.

In multiple screenshots, the researcher further detailed how they easily accessed another user’s profile and downloaded the source code of an admin panel for a Danish non-profit.

“I extracted the database credentials from the source code and queried it. Got back real names, real companies, real LinkedIn profiles. Speakers from Accenture Denmark and Copenhagen Business School. Not test data. Not ‘John Doe.’ Real people at real companies who have no idea their information is exposed,” said the researcher.

It actually gets worse. They even managed to read the full chat of this non-profit’s very alive project: discussions about database schemes, tables with PII, the AI-generated SQL migrations, and Supabase credentials.

“All of it is readable by any free account. People tell the AI what they want to build. They paste error logs. They discuss their business logic. They share credentials. Lovable stores all of it and exposes all of it,” said the bug hunter.

The researcher also noted that no hacking is required to trigger the bug. They just made five API calls from a free account.

According to the bug hunter, the first HackerOne report was filed on March 3rd – not by them – and Lovable patched the issue for new projects. But they never patched it for existing ones.

And when the researcher found the bug again and reported it to Lovable, the company essentially told them to “buzz off.” The bug was labeled as a “duplicate” by HackerOne, Lovable’s bug bounty partner.

Prompts and source code are visible intentionally

Case closed? Obviously, not. The personal data in chats was still leaking when Lovable decided to issue an explanation about what was actually going on, in its view.

On X, Lovable said it was “made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility setting,” adding: “To be clear: We did not suffer a data breach.”

The startup then admitted: “Our documentation of what ‘public’ implies was unclear, and that's a failure on us.”

And then, mind-boggingly, Lovable spewed out an incredible statement that reads like an insult to all data security professionals. It turns out that the vibecoders actually deliberately make prompts and source code visible.

“When it comes to code of public projects: That is intentional behavior. We have experimented with different UX for how the build history is surfaced on public projects, but the core behavior has been consistent and by design,” said Lovable.

To many cyber pros, this sounded almost insane. An account called vx-underground posted: “This was a documentation error on their end, and prompts were ... intentionally (???) made public? I actually have no idea what they're saying.”

An apology and some finger-pointing

Later that same Monday, Lovable issued a new statement on X, apologizing that its earlier post – what a surprise – “didn’t properly address” the company’s mistake.

Allegedly, the company made the projects public because ”in the early days, people didn’t know Lovable was capable of.” Lovable wanted to make it easy to explore what others were building “as a way to spark ideas and lower the barrier to getting started.”

The company apparently did nothing because HackerOne believed that seeing public projects’ chats was the intended behavior, although it’s hard to be surprised, since that’s exactly how Lovable has marketed its product historically.

Users, Lovable explained, could select a “public” or “private” option for projects – both chats and codes.

“Over time, we realized this was confusing. Many users thought ‘public’ just meant others could see their published app, not the chat of an unpublished project. That’s reasonable,” the company went on.

There must have been at least some level of backlash since, in December 2025, Lovable switched to private by default across all tiers. The company also retroactively patched its API so that public project chats couldn’t be accessed.

“Unfortunately, in February, while unifying permissions in our backend, we accidentally re-enabled access to chats on public projects,” Lovable said.

This was what the aforementioned researcher reported through Lovable’s vulnerability disclosure program via HackerOne.

And the company apparently did nothing because HackerOne believed that seeing public projects’ chats was the intended behavior, although it’s hard to be surprised, since that’s exactly how Lovable has marketed its product historically.

Now, chats from Lovable’s public projects are no longer visible – for anyone. Still, it’s only the latest example of a confident AI firm incapable of quickly admitting its products can be flawed.

Last week, security researchers said they hijacked popular AI agents from Anthropic, Google, and Microsoft, but all three vendors chose to stay silent, none assigning CVEs or publishing public advisories.

---

Unlock more exclusive Cybernews content on YouTube.