A security researcher is building what might be the most terrifying database in tech right now: a real-time catalog of apps built with AI-generated code. The findings? Out of 198 iOS applications scanned, 196 have security vulnerabilities. That's 99%.
Welcome to the "vibecoding" era - where developers ship code they don't fully understand because an LLM told them it would work.
The researcher behind Firehound isn't tracking theoretical vulnerabilities or academic edge cases. These are production applications on the App Store with real users, exposing real data. We're talking about 406 million database records compromised in the worst case, with 13 apps rated as CRITICAL risk level.
The exposed data includes emails, user IDs, device information, authentication tokens, and personally identifiable information - basically everything you'd need to cause serious harm. And it's all sitting there accessible because someone asked ChatGPT to write their backend and never bothered to understand what it actually did.
I need to be clear about something: AI code generation tools are not inherently insecure. GitHub Copilot, Cursor, and ChatGPT can write perfectly secure code. The problem is they can also write catastrophically insecure code, and unless you know enough to tell the difference, you won't know which one you got until it's too late.
This is fundamentally different from Stack Overflow-driven development. When you copy code from Stack Overflow, there are usually comments explaining what it does, warnings about edge cases, and follow-up answers pointing out security issues. The code has been seen by human eyes. It's been debugged in public.
AI-generated code comes with none of that context. It arrives fully formed, syntactically correct, and often functional enough to pass basic testing. It looks professional. And if you're junior enough or rushed enough or trusting enough, you ship it.
The common pattern Firehound is finding: misconfigured Firebase databases, exposed API keys, authentication bypasses, and broken access controls. These aren't sophisticated zero-days. These are the kind of mistakes a senior engineer would catch in code review - if there was a senior engineer reviewing the code.
But here's the thing that really worries me: we're about to see this pattern at enterprise scale. OpenAI just announced a partnership with ServiceNow to embed AI agents into business software. Microsoft is pushing Copilot into every product. Every code editor now has AI autocomplete.
That's a lot of auto-generated code going into production systems, written by tools that don't understand security models, don't know about your company's threat model, and can't explain why they made the architectural decisions they made.
The fix isn't to ban AI code generation - that ship has sailed. The fix is to treat AI-generated code the same way you'd treat code from an intern: useful, possibly correct, but requiring review from someone who actually understands what secure code looks like.
If you're shipping code you got from an LLM without understanding it, you're not a developer. You're a QA department for a nondeterministic code generator. And based on Firehound's data, you're not very good at QA either.
