LT A.I CyberSecurity Scoring
LT
Company Information
Website:http://lovable.tech
Employees number:1
Number of followers:0
NAICS:513
Industry Type:Technology, Information and Internet
Homepage:lovable.tech
LT Risk Score (AI oriented)
Between 750 and 799
LTTechnology, Information and Internet
Updated:
02/04/2026
02/04/2026
780/1000
Fair
Baa
LT Global Score (TPRM)
xxxx
LTTechnology, Information and Internet
Score locked

LTFair
Current Score
780Baa (FAIR)
01000
1 incidents
-17 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
780
JUNE 2026
780
MAY 2026
780
APRIL 2026
780
MARCH 2026
779
FEBRUARY 2026
796
Vulnerability
26 Feb 2026 • LT
Supabase and Lovable: AI-built app on Lovable exposed 18K users, researcher claims
Lovable Platform Under Fire After AI-Generated App Exposes 18,000 Users’ Data
779
CRITICAL-17
MUSSUP1772216763
Lovable Platform Under Fire After AI-Generated App Exposes 18,000 Users’ Data
A security researcher has uncovered critical vulnerabilities in an app hosted on the AI-driven vibe-coding platform Lovable, exposing the personal data of over 18,000 users, including students and educators from top U.S. universities. Tech entrepreneur Taimur Khan identified 16 flaws six deemed critical in an unnamed app featured on Lovable’s Discover page, which had amassed over 100,000 views and 400 upvotes.
The app, designed for creating exam questions and managing grades, relied on Supabase for authentication and database management. However, due to missing security controls like row-level security (RLS) and role-based access, the AI-generated backend contained logic flaws that inverted access permissions. For example, a malformed authentication function blocked legitimate users while allowing unauthenticated attackers to access sensitive data, delete accounts, alter grades, and extract admin emails.
The exposed dataset included 14,928 unique email addresses, 4,538 student accounts, and 870 records with full personally identifiable information (PII). Users spanned K-12 institutions and universities such as UC Berkeley and UC Davis.
Khan criticized Lovable’s response after his initial report was allegedly closed without action, arguing that the platform should bear responsibility for apps it generates and promotes. Lovable’s CISO, Igor Andriushchenko, countered that the company received a "proper disclosure" only on February 26 and acted within minutes, noting that users are responsible for implementing security recommendations from pre-publish scans. He added that the vulnerable database was not hosted by Lovable and that the app’s creator is now addressing the issues.
The incident highlights broader concerns about AI-generated code, with studies like Veracode’s finding that 45% of such code contains security flaws. While vibe coding named Collins Dictionary’s Word of the Year for 2025 aims to democratize app development, critics warn that unchecked AI tools can produce functional but dangerously insecure software. Lovable has since contacted the app’s owner to mitigate the risks.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
796
DECEMBER 2025
796
NOVEMBER 2025
796
OCTOBER 2025
796
SEPTEMBER 2025
796
AUGUST 2025
796
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for LT ??
What was LT's A.I Rankiteo Cyber Score in June 2026 ??
What was LT's A.I Rankiteo Cyber Score in May 2026 ??
What was LT's A.I Rankiteo Cyber Score in April 2026 ??
What was LT's A.I Rankiteo Cyber Score in March 2026 ??
What was LT's A.I Rankiteo Cyber Score in February 2026 ??
What was LT's A.I Rankiteo Cyber Score in January 2026 ??
What was LT's A.I Rankiteo Cyber Score in December 2025 ??
What was LT's A.I Rankiteo Cyber Score in November 2025 ??
What was LT's A.I Rankiteo Cyber Score in October 2025 ??
What was LT's A.I Rankiteo Cyber Score in September 2025 ??
What was LT's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on LT's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with LT ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view LT's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?