Vibecoding puts health records and customer data out in the open: A security researcher found hundreds of websites were leaking data through a commonly used service called Supabase (which blamed its new type of user.) (Eva Wolfangel, Die Zeit)
- A collaboration between Die Zeit and security researcher Christopher Helm found nearly half of 670 German-language Supabase-backed websites were leaking sensitive data, including health records, passwords, and customer databases.
- AI coding agents build apps using Supabase's default configurations without flagging the security gaps, and users who can't code can't audit what the AI produced.
- Supabase acknowledged the problem but pointed to its user base shifting from professional developers to AI-assisted beginners.
