Fetching from the wire…
Public story · 2026-03-02 · source-backed
The most concrete vibe coding security failure to date: a security researcher found 16 vulnerabilities (6 critical) in a Lovable-hosted exam platform featured on Lovable's own Discover page. The AI-generated authentication logic was literally backwards — it blocked logged-in users and granted access to anonymous visitors. Missing row-level security exposed 18,697 user records including 4,538 K-12 student accounts from UC Berkeley and UC Davis. Lovable's pre-publish security scan caught the issues, but the user deployed without fixing them. The Register
Each link below shares sources, entities, or timing with this story.
Shared entity: Lovable / Same source domain / Shared topic / What happened next
Both cover Lovable; reported by the same outlet (theregister.com); overlapping topics (access, account, coding, lovable, security).
Shared entity: Lovable / Same source / Shared topic / Earlier coverage
Both cover Lovable; cite the same source (The Register); overlapping topics (access, blocked, security, user).
Shared entity: UC Berkeley / Shared topic / What happened next / Tension
Both cover UC Berkeley; overlapping topics (berkeley, coding); picks up the UC Berkeley thread on 2026-06-18.