Global public exposure of vibe-coded applications across organizations
Trend
Summary
Hide ▲
Show ▼
Vibe-coded applications are leaking onto the public internet across organizations, creating a growing exposure trend for corporate, operational, and personal data. A May 2026 investigation found more than 380,000 publicly accessible web assets on leading AI development platforms, including more than 2,000 with sensitive data. The exposed apps were seen across six continents and every industry, with many reachable without basic access controls and some granting admin access by default. The pattern shows a broad governance gap in how employee-built AI apps are deployed and published.
Related Happenings
Enterprise employees uploading sensitive data to AI tools surge across organizations
Trend
H score69
First: 17.06.2026 16:15
Last: 17.06.2026 16:15
Sources 1
About this happening:
**Enterprise employees** are uploading sensitive data to **AI and machine-learning tools** at a sharply higher rate, increasing the chance of **data breaches** and **cyber espiona...
Enterprise employees uploading sensitive data to AI tools surge across organizations
TrendAbout this happening: **Enterprise employees** are uploading sensitive data to **AI and machine-learning tools** at a sharply higher rate, increasing the chance of **data breaches** and **cyber espiona...
Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend
Trend
H score22
First: 05.06.2026 17:00
Last: 05.06.2026 17:00
Sources 1
About this happening:
**Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...
Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend
TrendAbout this happening: **Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...
Enterprise AI guardrails for shadow AI and personal-account exposure
Defensive Guidance
H score6
First: 28.05.2026 14:30
Last: 28.05.2026 14:30
Sources 1
About this happening:
Enterprise AI governance is shifting toward **AI power users**, **personal accounts**, and **inline guardrails** as sensitive-data exposure concentrates in a small share of workfl...
Enterprise AI guardrails for shadow AI and personal-account exposure
Defensive GuidanceAbout this happening: Enterprise AI governance is shifting toward **AI power users**, **personal accounts**, and **inline guardrails** as sensitive-data exposure concentrates in a small share of workfl...
AI-driven attack surge against customer-facing mobile apps in 2026
Trend
H score43
First: 19.05.2026 15:00
Last: 19.05.2026 15:00
Sources 1
About this happening:
**Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
AI-driven attack surge against customer-facing mobile apps in 2026
TrendAbout this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
Enterprise browser users AI adoption and browser-risk trends
Trend
H score8
First: 05.03.2026 17:01
Last: 05.03.2026 17:01
Sources 1
About this happening:
Enterprise browser sessions are seeing **mainstream AI tool use**, widening the security blind spot around **employee work sessions** and increasing the risk of **sensitive data e...
Enterprise browser users AI adoption and browser-risk trends
TrendAbout this happening: Enterprise browser sessions are seeing **mainstream AI tool use**, widening the security blind spot around **employee work sessions** and increasing the risk of **sensitive data e...
Timeline
-
29.05.2026 13:30 2 articles · 1mo ago
Red Access identifies more than 380,000 publicly accessible vibe-coded web assets
Initial DisclosureRed Access identifies more than 380,000 publicly accessible web assets across leading vibe-coding platforms, including roughly 5,000 that looked corporate and more than 2,000 that held sensitive corporate, operational, or personal data. The exposed applications were reachable on the open web without basic access controls, often granting admin access by default to anyone who knew the URL, with the exposure spanning six continents and every industry.
Show sources
- What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks — thehackernews.com — 29.05.2026 13:30
- What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks — thehackernews.com — 29.05.2026 13:30