Researchers find Base44's "vibe coding" platform contained security flawThis allowed threat actors to access data that should be privateThe bug was squashed within 24 hours with no signs of abuseVibe coding platform Base44 contained a major security vulnerability which could have allowed unauthorized users to access other people’s private applications, experts have warned.The issue was discovered in early July 2025 by security pros from Wiz Research, who explained how exposed API endpoints on Base44’s platform allowed threat actors to create a verified account on private apps using nothing more than app_id, a piece of code that is publicly visible.Normally, authentication systems ask for strong credentials, and means of identity verification, but Base44’s setup apparently lets anyone bypass those checks using just that one code. One could think of it like showing up to a locked office building, shouting “I’m here for app_id 12345”, and the doors would open - no questions asked.Vibe codingAttackers could easily grab an app_Id from public files, and use it to “register” through unsecured API routes, accessing apps that handle sensitive employee data and company communications.The vulnerability could have affected enterprise apps handling HR and personally identifiable information (PII), internal chatbots and knowledge bases, as well as automation tools used in day-to-day operations.Once Wiz discovered the flaw, it reached out to Wix, the company which owns Base44, who fixed it within a day.Wix added it found no signs of abuse by threat actors. The researchers also identified vulnerable apps and reached out to some of the affected companies directly.Vibe coding is a relatively new slang term for coding with the help of generative AI and through natural language rather than writing actual code. A developer will discuss their ideas and needs with the AI, which would come back with code. It has gained a lot of popularity lately, but news such as this one highlight that the method is not without its risks.Since the background infrastructure is shared, there is always a risk of information leaking somewhere.Via Infosecurity MagazineYou might also likeUnderstanding the vibe coding trend and considerations for developersTake a look at our guide to the best authenticator appWe've rounded up the best password managers