There are now a bunch of tools that let you create a webapp or website simply by writing text prompts. Exercise caution! It’s becoming obvious that many popular products do not follow good security practices. What does this mean? It means if you use one of these sites to create software and you collect user data, that data has a very high chance of being harvested by automatic scripts that hackers are running 24/7 across the Internet.

A number of these AI tools reveal the secret API key that you use to connect to the web server. (That key is like an ID badge that lets you talk to the AI company). If it’s no longer secret, a hacker can use up all your credits, or worse, if you’re paying per use, run up thousands of dollars. This is going to happen to a lot of unknowing users.

So we strongly counsel against using these apps to collect customer information and make sure the AI app you’re using keeps your API key secure. Contact us if you need us to audit the various tools you’re considering or improve your security.

The company that just admitted its security weaknesses, Lovable, which claims to be the fastest growing company in Europe, has not fixed the problem. But there are many other apps that do the same thing. Here’s the write up on the Lovable vulnerability.

Related Posts