What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

Employees are using AI-driven development platforms (vibe coding, where non-programmers build working applications by describing what they want) to quickly build custom applications and connect them to company systems, then publish them on the public internet without involving security teams or implementing basic access controls. A study found over 2,000 such exposed applications containing sensitive data across major companies, sitting unprotected because traditional security tools like EDR (endpoint detection and response, software that monitors what happens on company devices) and DLP (data loss prevention, software that blocks sensitive information from leaving the company) were designed to catch different types of threats and don't detect these cloud-to-cloud connections or applications built in web browsers.