Yesterday, litellm v1.82.8 was published to PyPI with a three-stage backdoor that harvested SSH keys, cloud credentials, Kubernetes configs, and crypto wallets from every machine that installed it. 97 million downloads per month. The compromised package was discovered inside Cursor when an MCP plugin pulled it as a transitive dependency.
Karpathy's post about it hit 11 million views. GitGuardian, Snyk, The Hacker News, JFrog, and Endor Labs all published detailed analysis. The UK's NCSC CTO published a blog the same day titled "Vibe Check," calling AI-generated code an "intolerable risk."
But here's what nobody in those threads is talking about: the litellm attack succeeded because of the same patterns that exist in most vibe-coded applications right now.
The Pattern That Makes Vibe-Coded Apps Vulnerable
The litellm backdoor worked because:
Transitive dependencies - A developer used an MCP plugin. That plugin pulled litellm. The developer never chose litellm, never audited it, never knew it existed in their dependency tree.
No security review - The AI agent that installed the package optimized for "does it work?" not "is it safe?"
Credentials in the environment - SSH keys, AWS tokens, database passwords were all accessible to the malicious code because they were stored insecurely.
Sound familiar? That's because these are the exact same patterns Escape.tech found when they scanned 5,600 vibe-coded applications:
- 2,000+ vulnerabilities across the apps
- 400 exposed secrets (API keys, database credentials, auth tokens)
- 60% of real vibe-coded apps fail basic security scans
The litellm attack was supply chain. But the vulnerabilities in your app? Those were put there by your AI coding assistant.
What Your Vibe-Coded App Probably Has Wrong
Based on data from Escape.tech, Tenzai (69 vulnerabilities in 15 apps), CodeRabbit (2.74x more XSS vulnerabilities in AI code), and our own scans of real Lovable/Bolt/Cursor projects:
1. Hardcoded API Keys
Your AI assistant puts Firebase config, Supabase keys, or Stripe secrets directly in client-side code. Every user of your app can see them in the browser dev tools.
2. No Row Level Security
If you're on Supabase (most Lovable apps are), there's a 10.3% chance you have critical RLS flaws. Users can read, modify, or delete other users' data.
3. Missing Authentication on API Routes
Your write, delete, and payment routes probably don't check if the user is actually logged in. AI generates the route, not the auth check.
4. No Security Headers
Tenzai found that 0 out of 15 AI-built apps had proper security headers. No CSP, no HSTS, no X-Frame-Options. Your app can be embedded in iframes, injected with scripts, and served over HTTP.
5. Exposed .env Files
28/100 was the lowest score we found scanning random Lovable repos. The app had its .env file committed to the public repo with Firebase keys in plaintext.
How to Fix This in 15 Minutes
You don't need to become a security engineer. You need to check 5 things:
Step 1: Scan your repo (2 minutes)
Use VibeCheck to scan your GitHub repo. Free, no signup. You'll get a score out of 100 and a list of every issue found.
Step 2: Check your .env (1 minute)
Run git log --all --full-history -- .env in your repo. If it returns anything, your secrets have been committed to git history. Even deleting the file doesn't remove it from history.
Step 3: Check your Supabase RLS (3 minutes)
Go to Supabase dashboard > Authentication > Policies. Every table with user data needs at least one RLS policy. If the "RLS disabled" warning appears on any table, fix it now.
Step 4: Check your security headers (2 minutes)
Visit securityheaders.com and enter your deployed URL. If you get anything below a B, you're missing critical protections.
Step 5: Audit your API routes (5 minutes)
Search your codebase for export async function POST and export async function DELETE. Every one of these should have an auth check at the top. If it doesn't, anyone on the internet can call it.
The Copy-Paste Fix
For each vulnerability type, there's a prompt you can paste directly into your AI coding tool to fix it. Example for exposed API keys:
"Move all API keys and secrets to environment variables. Create a .env.local file (add to .gitignore). Create a server-side API route that proxies requests to the external service. Remove all client-side references to sensitive keys."
We compiled 25+ of these fix prompts into The Vibe Coding Security Playbook - covers every vulnerability type across Lovable, Bolt, Cursor, Firebase, Supabase, and Next.js. $19.
The litellm attack compromised thousands of developers in hours. The vulnerabilities in your vibe-coded app are waiting to do the same to your users. The difference is that you can fix yours right now.
VibeCheck is a free, no-signup security scanner for vibe-coded apps. The State of Vibe Coding Security 2026 tracks all incidents, data, and scanners.
Top comments (0)