Vibe coding has been taking the web by storm, and for good reason. Not only does it open the door to allow anyone to start coding, but a ton of businesses have jumped on the bandwagon, including Google — which recently dropped its vibe coding app Opal on Google Labs.
While some have categorized vibe coding as lazy, others have highlighted just how dangerous it can be. This hasn’t stopped many people from using the apps, though now a group of security researchers has found a major vulnerability in one of the most popular vibe coding apps on the market.
Base44 is one of the apps at the forefront of the vibe coding movement. While it has garnered a lot of attention, and was even purchased by Wix just a month ago, the app is far from the safest option, the researchers at Wiz Research argue. According to a lengthy security report on the app, Base44 has a massive vulnerability that can allow unauthorized access to private apps.
Far from the first issue with vibe coding apps
Of course, this security issue is far from the first time we’ve seen researchers blow the whistle on these types of apps. There are arguments about how vibe coding can help make programming more accessible, but the big idea behind the movement is to let the AI handle all of the heavy lifting. This means you don’t technically need to know much about coding to start using these apps.
However, not having that knowledge does put you at a disadvantage, especially since we’ve seen reports of vibe coding services like Replit going so far as to delete a user’s entire database despite being instructed not to make any changes without authorization from the user first. And that was all because the AI received a bad response and panicked.
While losing an entire database is an issue, the big security issue affecting Base44 is especially notable as it would allow anyone to gain access to an in-development API despite the system offering multiple levels of authorization. The team behind the research even tested it by uncovering a couple of different Base44 applications in the wild.
The good news is that the team behind Base44 has already issued a fix for the problem, so apps made using the service are no longer at risk. But this research is a reminder that while these vibe coding platforms offer some enticing features, you should always be aware of what you’re doing and how accessible your content might be on the internet.
