Vibe Coding Security Shitshow
This week, Lovable and Vercel were both in the news for security problems. According to reports, anyone with a free Lovable account could see other users’ projects and chat history. The funny part? Lovable’s first response took the classic “it’s not a bug, it’s a feature” line to a new level, claiming this was normal behavior for public projects. They later walked it back and admitted that access to chat history on public projects, which they had turned off before, was accidentally turned back on in February 2026.
Lovable Statement β | Aakash Gupta Thread β
The Vercel case is a clear data leak. Vercel shared that attackers got into one of their employee’s Google Workspace account through an AI tool called Context.ai, which led to some of the platform’s environment variables being stolen and a small number of users’ data being exposed. More technical details have not been shared yet. The breach also shows how one weak internal tool connection can become a supply-chain risk for everyone downstream.
Vercel Bulletin β | TechCrunch β
Our advice: take care of your prompts and pay attention to what you share while vibe coding. If you host a site on Vercel, it’s a good idea to also rotate the environment variables that aren’t marked as sensitive.
Amazon and Anthropic Take Things to the Next Level
Amazon said it will put $5 billion into Anthropic up front, with another $20 billion on the table if more is needed later. In return, Anthropic promised to spend $100 billion on AWS as part of the deal. On top of that, the Claude Platform will be added to AWS.
These moves show that in the model race, building the best model is no longer enough on its own. Access to the energy and compute power you need is just as important. It also locks in both sides for years: Anthropic gets long-term compute, and Amazon gets guaranteed demand.
Is Cursor Being Sold to SpaceX?
Cursor, one of the most popular AI-powered code editors, announced that it’s working with SpaceX to build a coding model. They also said they’ve given SpaceX the option to buy Cursor for $60 billion this year, or to pay $10 billion for the partnership instead.
Cursor is one of the names that put vibe coding on the map, but it’s built on top of the open-source VS Code editor and mostly serves up models from companies like OpenAI, Anthropic, and Google. So a valuation this high is raising some eyebrows. On top of that, their own new coding model, Composer, recently turned out to be based on the open-source Chinese Kimi model. If true, this is another reminder that in AI, distribution and user love can matter as much as model originality.
