Common security gaps in AI-built apps

Apps built with can look polished and work correctly while still missing basic security checks. A real case involved user data being accessible from a browser that was not logged in.

The same pattern can appear in apps made with Cursor, Lovable, Bolt, Rork, Claude, and similar tools. AI tools often create the requested feature but do not always add the that control who can see which data.

The models are improving, but they are not yet reliable enough for a to assume security is handled automatically. If user data is exposed, the responsibility still lands on the app owner.

Key points

  • can produce apps that work but lack security checks.
  • A logged-out browser may still be able to access user data if are wrong.
  • Cursor, Lovable, Bolt, Rork, Claude, and similar tools can all produce this kind of risk.
  • may skip checks for who is allowed to see each piece of data.
  • The app owner remains responsible if user data is exposed.

Sources covering this story (4)

Read original