18,697 user records leaked when a vibe-coded app inverted its authentication logic

A security researcher found 16 vulnerabilities — 6 rated critical — in a single Lovable-hosted exam platform built with AI assistance. The compromise: 18,697 user records exposed, including 4,538 student accounts from top US universities. The root cause was a specific class of mistake that’s hard to make by hand and easy to make with AI-generated code.

The primary flaw was inverted authentication logic in Supabase backend functions. As the discovering researcher Khan articulated it: The guard blocks the people it should allow and allows the people it should block. That single logical inversion was sufficient to: access every user record, send bulk emails, delete user accounts, alter student grades, and retrieve organization admin emails.

The structural problem this exposes

Lovable provides infrastructure scaffolding. It does not enforce that the AI-generated code uses Supabase’s row-level security or role-based access controls. Those are opt-in features. When the AI generates a backend function without enabling them, the code runs — it just runs without the protection. The researcher’s specific framing about responsibility is worth quoting in full: a platform can’t showcase an app to 100,000 people, host it on your own infrastructure, and then close the ticket when someone tells you it’s leaking user data.

Lovable’s CISO countered that the platform provides free security scans, leaving implementation responsibility with users. Both positions are technically true. The actual problem is that the audience for these tools — non-developers and early-stage builders — does not have the threat model in their head that would make enable row-level security an obvious step. The platform’s defaults determine the outcome.

The category mistake in the dispute

The Lovable / Khan exchange is the same shape as the Equifax 2017 dispute about who owns server patching. Both sides have a defensible position. The data breach happens anyway. The lesson from Equifax was that shared responsibility models concentrate failure on the customer side because the customer is the one without the security expertise.

Vibe coding platforms have inherited this exact dynamic. The platform provides the rope; the customer ties the knot; the platform argues the customer should have known to tie it differently. The 18K compromised users on this exam platform did not consent to that arrangement.

What an indie founder shipping with AI tools should take from this

Three concrete moves:

1. If your stack includes Supabase, Firebase, or any other backend-as-a-service, audit explicitly for row-level security enabled on every table that holds user data. AI-generated code rarely turns this on; you have to do it manually.

2. If your AI generates authentication logic, test the negative cases — what happens when an unauthenticated user calls the endpoint? Test the inverted cases — what happens when the role check is read backwards? These are the AI-generated mistake patterns, not the human ones.

3. If you’re using a no-code or low-code platform whose default security posture is opt-in, the platform’s marketing claims about production-ready are doing different work than you think. The product is shipping; whether the data is protected is on you. Research finding: 45% of AI-generated code contains security flaws. Your audit job is not theoretical.