Live Wire
14:29ZTASNIMNEWSThe beginning of the joint air exercise between Türkiye and EgyptThe Ministry of Defense of Turkey announced…14:29ZTASNIMNEWSTrump's new claim about the agreement with Iran🔹 The head of the American terrorist government, in his lates…14:29ZTASNIMNEWSIn a message, the doctors congratulated the arrival of the Russian National DayPresident in a message to Russ…14:28ZTHEJERUSALHamburg airport terminal evacuated after security incident"Flights are currently unable to depart, but arriva…14:26ZNOELREPORTPutin orders intensified strikes on Ukrainian infrastructure14:26ZPRESSTVHezbollah drone strike kills Israeli soldier in southern Lebanon14:25ZMIDDLEEASTTrump claims Iran leaked false terms about nuclear negotiations14:25ZCORRIEREDEAxios: US-Iran agreement signing possibly in Geneva; Tehran denies reports14:29ZTASNIMNEWSThe beginning of the joint air exercise between Türkiye and EgyptThe Ministry of Defense of Turkey announced…14:29ZTASNIMNEWSTrump's new claim about the agreement with Iran🔹 The head of the American terrorist government, in his lates…14:29ZTASNIMNEWSIn a message, the doctors congratulated the arrival of the Russian National DayPresident in a message to Russ…14:28ZTHEJERUSALHamburg airport terminal evacuated after security incident"Flights are currently unable to depart, but arriva…14:26ZNOELREPORTPutin orders intensified strikes on Ukrainian infrastructure14:26ZPRESSTVHezbollah drone strike kills Israeli soldier in southern Lebanon14:25ZMIDDLEEASTTrump claims Iran leaked false terms about nuclear negotiations14:25ZCORRIEREDEAxios: US-Iran agreement signing possibly in Geneva; Tehran denies reports
Markets
S&P 500740.06 0.31%Nasdaq25,819 0.04%Nasdaq 10029,480 0.11%Dow511.53 0.43%Nikkei92.36 0.20%China 5035.22 0.87%Europe89.27 0.22%DAX42.02 0.59%BTC$63,548 1.06%ETH$1,669 1.51%BNB$607.23 1.34%XRP$1.14 1.98%SOL$67.01 2.69%TRX$0.313 2.51%DOGE$0.0887 4.43%HYPE$59.74 5.66%LEO$9.57 0.37%RAIN$0.0131 0.18%QQQ$719 0.26%VOO$680.29 0.30%VTI$365.34 0.28%IWM$293.96 1.22%ARKK$75.29 0.23%HYG$79.91 0.04%Gold$384.53 0.46%Silver$60.21 1.00%WTI Crude$128.78 0.04%Brent$49.21 0.16%Nat Gas$11.28 1.08%Copper$39.12 0.45%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%S&P 500740.06 0.31%Nasdaq25,819 0.04%Nasdaq 10029,480 0.11%Dow511.53 0.43%Nikkei92.36 0.20%China 5035.22 0.87%Europe89.27 0.22%DAX42.02 0.59%BTC$63,548 1.06%ETH$1,669 1.51%BNB$607.23 1.34%XRP$1.14 1.98%SOL$67.01 2.69%TRX$0.313 2.51%DOGE$0.0887 4.43%HYPE$59.74 5.66%LEO$9.57 0.37%RAIN$0.0131 0.18%QQQ$719 0.26%VOO$680.29 0.30%VTI$365.34 0.28%IWM$293.96 1.22%ARKK$75.29 0.23%HYG$79.91 0.04%Gold$384.53 0.46%Silver$60.21 1.00%WTI Crude$128.78 0.04%Brent$49.21 0.16%Nat Gas$11.28 1.08%Copper$39.12 0.45%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%
OPENNYSEcloses in 5h 29m
themonexus.
Vol. I · No. 163
Friday, 12 June 2026
14:30 UTC
  • UTC14:30
  • EDT10:30
  • GMT15:30
  • CET16:30
  • JST23:30
  • HKT22:30
← back to Saturday edition◉ LIVE ON THE WIREfollow this thread in real time
Science

Five thousand vibe-coded apps expose a quiet crisis in enterprise AI security

When security researchers audited five thousand applications built on no-code AI platforms, they found something alarming: most of these apps had never appeared on any approved technology register. The exposure was not a bug — it was the result of a workflow that makes traditional security governance structurally obsolete.
By Moemedi Michael PoncanaUS5-minute read11 May 2026☆ Save↗ Share⎙ Print
Secretary Rubio Holds Meet and Greet with U.S. Embassy China
Secretary Rubio Holds Meet and Greet with U.S. Embassy China / Photo: U.S. Department of State / Public domain

Security teams managing the software portfolios of large enterprises have long dealt with shadow IT — the unauthorized applications that employees provision without going through the formal procurement and security-review process. That problem predates artificial intelligence. What is new, and what a 2026 audit of five thousand applications built on the no-code AI platform Lovable has brought into sharp relief, is the speed at which AI-powered development tools have made shadow IT both faster to create and harder to see.

The audit, first reported by VentureBeat on 8 May 2026, found that the majority of those five thousand applications had never appeared on any approved technology register. They had been built, iterated on, and in many cases deployed into production environments — all without passing through the standard governance workflows that most enterprise security programs rely on to maintain an accurate inventory of their digital assets. The parallel that the researchers drew is precise: this is the same class of exposure that the S3 bucket misconfiguration crisis represented for cloud infrastructure a decade ago, applied now to the application layer that no-code AI platforms have made trivially accessible.

The anatomy of shadow AI

The mechanism is straightforward and structurally consequential. Platforms such as Lovable allow product managers, operations staff, and other non-developers to describe what they need in plain language and receive a working application — complete with frontend, backend, and database integration — within minutes. The prompt-and-deploy workflow compresses a process that traditionally involves requirements gathering, design reviews, security assessments, code review, and staging deployments into a single session that a non-technical user can complete without encountering any of those gates. The applications that result are real. They process data, integrate with existing systems, and are accessible to employees and customers alike.

What they are not is visible to the security team. And because the teams building them are not software engineers, the security awareness that would normally accompany a development process — input validation, access control, data handling hygiene — is inconsistent at best. The five thousand apps in the audit represent the current state of a problem that is compounding by the week as more employees discover that they can build and ship software without writing a line of code or submitting a ticket to IT.

Why traditional security tooling fails here

Most enterprise security programs were designed around a set of assumptions that no longer hold. They assume that software assets are created by developers operating within governance frameworks, that the inventory of production systems can be maintained through periodic scans of infrastructure and endpoints, and that the pathway from idea to deployed application passes through enough checkpoints to catch dangerous misconfigurations before they reach users. No-code AI platforms bypass all of those assumptions simultaneously.

The tools designed to monitor cloud infrastructure — the S3 bucket class of misconfiguration alerts — work by maintaining a map of known resources and flagging deviations from intended configurations. They do not, by design, monitor the application layer that Lovable and its competitors operate in, because that application layer did not exist in any significant volume until recently. Security teams find themselves with no equivalent to the S3 bucket scan for applications that were never provisioned through IT, never audited by a security reviewer, and in many cases never even known to exist until a researcher or an incident makes them visible.

The structural frame

What is being described here is a governance lag — the gap between a technology adoption pattern and the institutional mechanisms designed to manage its risk. This lag is not unique to no-code AI platforms. Cloud infrastructure itself produced an analogous gap in the early 2010s, when employees and business units began provisioning cloud resources outside IT's visibility, generating the S3 bucket crisis that required years of tooling investment, policy development, and cultural change to bring partially under control. The difference now is the speed of the technology and the breadth of who can use it.

The S3 bucket problem required technical expertise to exploit. Shadow AI applications can be created by anyone with access to a browser and an enterprise login. The population of potential builders has expanded from a small technical minority to the entire organisation. The governance challenge is not merely technical — it requires new assumptions about who is a software developer and what constitutes a material security risk.

The stakes and the road ahead

The immediate losers in a continued expansion of shadow AI are organisations whose security programmes operate without real-time visibility into their application surface. When a misconfiguration or a data handling failure occurs in a shadow AI app, the response is slower, the forensic trail thinner, and the blast radius larger than it would be for a governed application where the security team has baseline knowledge of the architecture. The threat actor looking for an entry point is not indifferent to the existence of shadow AI — they are actively looking for it, because shadow IT has always been a preferred route into enterprise environments.

The resolution requires enterprises to accept that the security function must extend upstream — into the platforms that enable non-technical employees to build production software. This is not an argument that no-code AI tools should be restricted. It is an argument that the governance model built around developer-centric workflows must be redesigned for a world where development is no longer the exclusive domain of developers. The five thousand apps in the audit are a snapshot of a moment in that transition. The trajectory from here is toward a larger number, not a smaller one, unless the governance architecture changes to match the speed of deployment.

Desk note: The dominant wire framing of this story treated it as a Lovable-specific problem. Monexus framed it structurally — as a governance lag affecting the entire no-code AI platform category — and placed the emphasis on the institutional failure rather than the vendor. The VentureBeat report was the primary source; all claims trace back to that audit.

© 2026 Monexus Media · reported from the wire