If a small business shipped a customer-facing app built with a no-code or vibe-coding platform and never ran a security review, the safe operating assumption is that its database is reachable from the public internet until proven otherwise, because spring 2026 scans found thousands of such apps actively leaking sensitive data and the common cause is open data-access defaults that the natural-language build does not close for you.

Anchored on spring 2026 security research: a RedAccess scan of roughly 380,000 publicly reachable apps built on no-code AI platforms (Lovable, Base44, Replit and others) found around 5,000 actively leaking sensitive data (API keys, customer records, in some cases payment or health data); separate testing by Escape.tech (Oct 2025) of about 5,600 production apps found roughly 2,000 vulnerabilities (not labelled critical); Lovable had a documented BOLA-class flaw between February and April 2026 where project links could expose other projects, with fixes shipped for new projects while some existing ones stayed open for a period. In May 2026 several platforms (Replit, Vercel and others) shipped built-in security scanners. Mechanism: the vibe-coding build defaults to open data access and skips the access-control review a developer would perform by habit. Scope: operator-register risk advisory, not a claim that any specific named app is currently leaking and not a recommendation to abandon these platforms; the prescription is to run the check. VERIFIED 2026-05-29: the RedAccess 380k/5k scan confirmed via Axios (axios.com/2026/05/07/loveable-replit-vibe-coding-privacy) and Security Boulevard; the Escape.tech figure (about 5,600 apps, about 2,000 vulnerabilities) is from an Oct 2025 report, not spring 2026 and not labelled critical; the Lovable BOLA window 3 Feb to 20 Apr 2026 and the Replit/Vercel May-2026 scanners confirmed (lovable.dev incident post and The Register). 30-day review cadence (28 Jun 2026), short because platform defaults and scanner tooling are changing fast. Trigger conditions: (1) the major platforms change their default to closed data access, which would soften the assume-it-is-public posture toward Partial; (2) a new published scan materially changes the scale of the problem; (3) a platform ships or withdraws a built-in security scanner that changes the recommended check. Related: the solopreneur stack-consolidation piece (/operators/solopreneur-ai-stack-consolidation/) and the small-business vendor red-flags piece (/operators/ai-vendor-redflags-smb/).