What happened
Swedish “vibe coding” startup Lovable has secured a new funding round that values the company at $6.6 billion, more than triple its July 2025 valuation. The platform uses advanced AI models (from OpenAI and Anthropic) to convert natural language prompts into production-ready web apps and software, and reportedly powers 100,000+ projects per day, generating $ 200+ million in annual recurring revenue. Investors in the latest round include Accel and Khosla Ventures, and Lovable plans global expansion.
Who is affected
- Developers and non-technical builders using vibe coding tools to rapidly create applications.
- Security teams and enterprise CISOs evaluating the risks of integrating AI-generated software into production environments.
- Cyber threat actors, who already exploit such platforms to build phishing pages and scam sites.
Why CISOs should care
Rapid growth and democratization of software creation via AI have security implications: threat researchers have observed tens of thousands of malicious sites built on vibe-coding platforms like Lovable for credential harvesting and phishing campaigns. The ease of generating and hosting web properties can accelerate adversaries’ operational tempo, lowering barriers for abuse.
3 practical actions for CISOs
- Audit and monitor AI-generated assets: Track applications built using vibe coding tools in your environment for unexpected changes or unauthorized deployments.
- Implement robust URL and domain filtering: Add protections against phishing and scam sites that may be spun up quickly using automated tools.
- Integrate security into AI dev workflows: Require static analysis, SAST/DAST tools, and vulnerability scanning for code produced by AI platforms before deployment.