Large-scale security audit of 1,764 "vibe-coded" apps reveals significant vulnerabilities

A security audit examined 1,764 applications described as "vibe-coded." The findings revealed that 7% of these apps had exposed Supabase databases, while 15% of Bolt-based apps contained hardcoded API keys. The audit also identified instances of insecure direct object references (IDOR) and APIs with no authentication requirements.