Lovable left AI prompts and user data exposed, one researcher found

A researcher revealed that the vibe-coding platform Lovable exposed users’ chat histories with AI models to other users accessing the platform through an API (application programming interface).

X user @weezerOSINT, reported the exposure in a post on Monday. “I made a Lovable account today and was able to access another user’s source code, database credentials, AI chat histories, and customer data are all readable by any free account,” the researcher wrote. The post included a screenshot of another Lovable user’s project code and chats, along with an unresolved ticket for the bug that allegedly caused the data leak.

In a follow-up conversation with Fast Company, @weezerOSINT (who did not share his real name) says it took 30 minutes using xAI’s Grok 4.2 model to conduct the research, adding that before AI, finding similar exposures would take hours or days.

@weezerOSINT reported the issue via HackerOne, a cybersecurity company that runs bug bounty and vulnerability disclosure programs, in early March. On Monday, the researcher showed that Lovable projects created before November 2025 still expose the data.

Lovable declined to provide an executive to explain the situation, and pointed to its public statement on X.

Lovable initially said on X that no “data breach” had occurred, and that exposing project code was “intentional behavior.” When users mark their projects “public,” the company explained, they opt to have their code visible to other users.

But that did not account for the exposure of users’ chats and prompts with the AI model, which Lovable made accessible for public projects until recently.

“We also retroactively patched our API so public project chats couldn’t be accessed, no matter what,” Lovable said in a second, clarifying post on X. “Unfortunately, in February, while unifying permissions in our backend, we accidentally re-enabled access to chats on public projects.”

As for @weezerOSINT’s early-March report to HackerOne, Lovable says the ticket had been closed because its “HackerOne partners” believed that viewing public projects’ chats was “the intended behavior.”

As a vibe-coding platform, Lovable treats natural-language prompts used to generate code as a core part of the building process. The company initially believed its community would benefit from seeing how other developers used prompts to build features, functions, components, or database schemas, so chats were treated as standard project metadata.

But the risk of exposing sensitive information in those chat histories appears to have outweighed that benefit. Lovable says that in December 2025 it made all new projects “private by default” for all users.

Lovable’s most recent funding round came in December 2025, when it raised $330 million from CapitalG, Menlo Ventures, Khosla Ventures, and others. After the round, the company was valued at $6.6 billion, reportedly tripling its valuation in about five months.

View the full article