Lovable Denies Data Breach After Researcher Exposes Project Visibility Issues
Stockholm-based AI app builder says unclear documentation, not security breach, caused chat messages and code to be visible in public projects
Auf einen Blick
- Stockholm-based AI app-building platform Lovable denied suffering a data breach after a researcher disclosed that chat messages, source code, and customer data were accessible in public projects.
- The company acknowledged unclear documentation around what 'public' visibility meant, stating the issue stemmed from documentation rather than a security breach.
- A researcher using the handle 'impulsive' accessed another developer's project using five API calls from a free account, exposing database credentials and AI chat histories.
KI-generierte Zusammenfassung
Warum es wichtig ist
Lovable is a Stockholm-based AI app-building platform founded in 2023. The company raised $330 million in December 2024 at a $6.6 billion valuation according to Reuters. The platform allows developers to build applications using AI assistance.
Stockholm-based AI app-building platform Lovable said it did not suffer a data breach after concerns surfaced over the visibility of chat messages and code in projects set to public.
The startup acknowledged that its documentation around what "public" meant had been unclear. In a statement posted on X on Monday, the company said it had been "made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility settings."
It added that the issue stemmed from unclear documentation rather than a security breach. The statement follows disclosures by a researcher posting under the handle "impulsive" (@weezerOSINT), who went public with the issue after reporting it to the company more than six weeks ago.
In a series of posts on X, the researcher said he was able to access another developer's active project, including its full source code, database credentials, customer records, AI chat histories and related data. "This is not hacking," the researcher wrote. "This is five API calls from a free account."
In response, Lovable said chat messages in public projects "used to be visible," but added that this is "now no longer possible." The company drew a distinction between chat history and code, saying the visibility of code in public projects was intentional and consistent with the product's design.
It added that while it had experimented with different ways of surfacing build history, the core behaviour around code access had remained unchanged. The company also stated that enterprise customers have not been able to set new projects to public since May 25, 2025.
Lovable, founded in 2023, raised $330 million last December at a $6.6 billion valuation, according to a Reuters report.
Worauf zu achten ist
KI-Ausblick — Möglichkeiten, keine Fakten
Lovable will likely update its documentation and visibility settings to be more explicit
Sehr wahrscheinlich · Innerhalb von Wochen
Regulatory scrutiny unlikely as issue was not classified as a breach
Wahrscheinlich · Innerhalb von Monaten
Offene Fragen
- What specific changes has Lovable made to its documentation?
- How many users were affected by the visibility issue?
- Will Lovable compensate any affected users?