A recently discovered critical security flaw in Base44, a popular vibe coding platform owned by Wix, posed serious risks, allowing unauthorized access to private applications. Security researchers from Wiz found that an attacker could exploit this vulnerability using only a non-secret app_id to register and verify accounts via endpoints that lacked proper restrictions. This misconfiguration effectively bypassed all authentication, including Single Sign-On protections.
Although promptly patched on July 10, 2025, after responsible disclosure, this incident highlights possible security gaps in artificial intelligence (AI) development. With the rise of AI tools in enterprise environments, traditional security measures may not effectively address emerging threats. Notably, various methods, including prompt injection attacks and coercing AI models into malicious actions, have been documented, indicating the need for robust security frameworks. Continuous security integration at the foundational level is essential to safeguarding enterprise data in this evolving landscape.
Source link
