His AI-Built Site Had an Open Door for Months

A builder's vibe-coded site shipped with a hidden flaw that let anyone reach into its database. He found out months later — and he's far from the only one.

↻ Published 2026-06-22◷ 4 min readEA

Evgenii Arsentev · PhD

New posts every dayFollow me on TelegramWhere the AI world lives — daily AI news + Claude Code tipsFollow →Free Claude Code courseNo upsells, no cross-sells — nothing to buy here.Start free →

Bob Starr, a tech project manager, built a website called Boomberg that showed how much US taxpayer money goes to tech companies, and launched it online the moment it was finished. Months passed before he realized the site had shipped with a hidden SQL injection flaw — a hole that let an outsider reach straight into the database behind the site and read or alter data they were never supposed to touch. "A complete blindspot in my state of learning this new technology," is how he described it to The Verge.

The unsettling part isn't that the AI wrote bad code. It's that the AI wrote something that looked finished and worked fine in the demo, while quietly leaving a door open that the builder couldn't see. That's the defining trap of the new 'era of personal software,' where people who aren't engineers can describe an app and have a model build it: the gap between 'it runs' and 'it's safe' is invisible until someone hostile goes looking.

It's not one unlucky guy

Starr's story lands harder because it isn't isolated. Jer Crane, founder of PocketOS, watched an AI coding agent wipe out the company's production database. Builder Joe Procopio vibe-coded a web app to run private demos; attackers hit it hard enough that he gave up and went back to showing his work "the old fashioned way, from my local machine over Zoom." Three different builders, three different ways the same blind spot bit them — data exposed, data destroyed, an app hammered until it had to be pulled.

Why it matters for you

If you build by describing what you want to an AI, this is your story too. The most common flaw in this whole genre is the one that got Starr: an input box on your site that's really an open door to your database. A visitor types a command instead of a name, and the database obediently runs it — handing over records, or wiping them. A model will happily ship that without warning you, because making the feature work and making it safe are two different jobs, and only the first one is what you asked for.

My take: vibe coding isn't the problem, and nobody here did anything stupid. The fix is a habit, not a degree. Treat 'it works' as the halfway point, not the finish line, and assume there's a hole until you've gone looking for it.

What I'd actually do

Before you put a vibe-coded app on the public internet, make a separate request to the AI: 'find the security holes in this and fix them' — and point it especially at anything with a login, a payment, or other people's data. Keep demos running on your own machine until you've done that pass. It's five minutes that beats a breach you only notice months later.

#vibe coding#security#AI apps#builders

Related guides

Author

Evgenii Arsentev

PhD · Chief Product Officer at a tech company

About the author →

Want to actually build this?

Guides explain. The free course transforms — personalized, gamified, and built to get you shipping fast.

◉ Start the free course

← All news

Source: theverge.com