How we found +2k vulns, 400+ secrets and 175 PII instances in publicly exposed apps built on vibe-coded platforms (Research methodology)

I think one of the interesting parts in methodology is that due to structure of the integration between Lovable front-ends and Supabase backends via API, and the fact that certain high-value signals (for example, anonymous JWTs to APIs linking Supabase backends) only appear in frontend bundles or source output, we needed to introduce a lightweight, read-only scan to harvest these artifacts and feed them back into the attack surface management inventory. Here is the blog article that describes our methodology in depth. In a nutshell, we found: – 2k medium vulns, 98 highly critical issues – 400+ exposed secrets – 175 instances of PII (including bank details and medical info) – Several confirmed BOLA, SSRF, 0-click account takeover and others submitted by /u/PriorPuzzleheaded880 [link] [comments]Technical Information Security Content & DiscussionRead More