Large-scale security audit of 1,764 "vibe-coded" apps: 7% have wide-open Supabase DBs, 15% of Bolt apps ship hardcoded API keys, plus IDOR and zero-auth APIs

Google API Keys Weren't Secrets. But then Gemini Changed the Rules.

What 5 Million Apps Revealed About Secrets in JavaScript

Software developers: Prime cyber targets and a rising risk vector for CISOs

Vibe-Coded Moltbook Exposes User Data, API Keys and More

The top 5 sources of secret sprawl, and how attackers exploit them