← The Wire

Vibe Coding2026-03-22 · source-backed

Wiz Research: Critical Auth Bypass Exposed Every Enterprise App on Base44

Confidence
source-backed
Sources
1
Redaction
passed

Story

Providing only a non-secret app_id to undocumented endpoints created a verified account bypassing all authentication including SSO — granting full access to private enterprise applications. Potentially thousands of company chatbots and PII-laden apps were exposed. Wix patched within 24 hours. The auth layer of vibe coding platforms cannot be trusted without independent security review. Source


Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entity: PII / Shared topic / Earlier coverage

    Karpathy Retires "Vibe Coding," Coins "Agentic Engineering" — and the Security Data Proves Why

    Both cover PII; overlapping topics (apps, base44, coding); earlier PII coverage from 2026-03-11.

  2. Shared entity: SSO / Shared topic / Earlier coverage

    Anthropic "The Briefing" Enterprise Event — Agent Skills and Self-Serve Enterprise

    Both cover SSO; overlapping topics (access, company, enterprise); earlier SSO coverage from 2026-02-24.

  3. Shared entity: SSO / Shared topic / What happened next

    Anthropic adds SSO and spend caps to Claude Code

    Both cover SSO; overlapping topics (access, apps); picks up the SSO thread on 2026-07-01.

  4. Shared entity: Wiz Research / Same source domain / What happened next

    Amazon Q turned `git clone` into cloud RCE — CVE-2026-12957, CVSS 8.5.

    Both cover Wiz Research; reported by the same outlet (wiz.io); picks up the Wiz Research thread on 2026-06-26.

  5. Ghostty Is Leaving GitHub After 18 Years. Mitchell Hashimoto Says the Platform Isn't for Serious Work Anymore.

    Both cover Wiz Research; reported by the same outlet (wiz.io); picks up the Wiz Research thread on 2026-04-29.

  6. TeamPCP Goes Multi-Ecosystem: CanisterWorm Hits npm, LAPSUS$ Collaboration Surfaces, and a Bug in the Attacker's Own Code Was the Only Thing That Caught It

    Both cover Wiz Research; reported by the same outlet (wiz.io); picks up the Wiz Research thread on 2026-03-25.

  7. Same source domain / Shared topic

    Moltbook: The Canonical Vibe-Coded Security Failure

    Reported by the same outlet (wiz.io); overlapping topics (access, authentication, coding, exposed).

  8. Shared entity: PII / Shared topic / Earlier coverage

    First Real Vibe-Coded Security Breach: 18K Users Exposed

    Both cover PII; overlapping topics (access, exposed); earlier PII coverage from 2026-03-01.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-03-22-wiz-research-critical-auth-bypass-exposed-every-enterprise-app-on-base44
Labels
source-backed, canonical briefing excerpt