可爱的应用程序暴露了18,000用户：未曾预见的Vibe编码安全危机

On February 27, 2026, security researcher Taimur Khan discovered 16 vulnerabilities, including 6 critical ones, in a single app hosted on Lovable's platform. This AI-powered EdTech tool, designed to generate AI exams and grade student submissions, leaked data from students at UC Berkeley, UC Davis, and K-12 schools, affecting approximately 18,000 users. The incident highlights the importance of security in AI application development and the potential risks involved, urging developers to prioritize security measures when building AI tools.