Vibe Coding2026-03-22 · source-backed
Wiz Research: Critical Auth Bypass Exposed Every Enterprise App on Base44
Story
Providing only a non-secret app_id to undocumented endpoints created a verified account bypassing all authentication including SSO — granting full access to private enterprise applications. Potentially thousands of company chatbots and PII-laden apps were exposed. Wix patched within 24 hours. The auth layer of vibe coding platforms cannot be trusted without independent security review. Source
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entity: PII / Shared topic / Earlier coverage
Karpathy Retires "Vibe Coding," Coins "Agentic Engineering" — and the Security Data Proves Why
Both cover PII; overlapping topics (apps, base44, coding); earlier PII coverage from 2026-03-11.
Shared entity: SSO / Shared topic / Earlier coverage
Anthropic "The Briefing" Enterprise Event — Agent Skills and Self-Serve Enterprise
Both cover SSO; overlapping topics (access, company, enterprise); earlier SSO coverage from 2026-02-24.
Shared entity: SSO / Shared topic / What happened next
Anthropic adds SSO and spend caps to Claude Code
Both cover SSO; overlapping topics (access, apps); picks up the SSO thread on 2026-07-01.
Shared entity: Wiz Research / Same source domain / What happened next
Amazon Q turned `git clone` into cloud RCE — CVE-2026-12957, CVSS 8.5.
Both cover Wiz Research; reported by the same outlet (wiz.io); picks up the Wiz Research thread on 2026-06-26.
Ghostty Is Leaving GitHub After 18 Years. Mitchell Hashimoto Says the Platform Isn't for Serious Work Anymore.
Both cover Wiz Research; reported by the same outlet (wiz.io); picks up the Wiz Research thread on 2026-04-29.
TeamPCP Goes Multi-Ecosystem: CanisterWorm Hits npm, LAPSUS$ Collaboration Surfaces, and a Bug in the Attacker's Own Code Was the Only Thing That Caught It
Both cover Wiz Research; reported by the same outlet (wiz.io); picks up the Wiz Research thread on 2026-03-25.
Same source domain / Shared topic
Moltbook: The Canonical Vibe-Coded Security Failure
Reported by the same outlet (wiz.io); overlapping topics (access, authentication, coding, exposed).
Shared entity: PII / Shared topic / Earlier coverage
First Real Vibe-Coded Security Breach: 18K Users Exposed
Both cover PII; overlapping topics (access, exposed); earlier PII coverage from 2026-03-01.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-03-22
- AI generated
- no
- Story unit
- 2026-03-22-wiz-research-critical-auth-bypass-exposed-every-enterprise-app-on-base44
- Labels
- source-backed, canonical briefing excerpt