86% do código é lixo. e tá em produção.
Vibe coding democratizou o desenvolvimento. E de brinde, democratizou a vulnerabilidade.380 mil apps analisados.5 mil sem autenticação. Banco brasileiro exposto no Google. 19 mil alunos vazados porque a autenticação tava de cabeça pra baixo.
E o ticket do pesquisador que achou tudo isso? Fecharam sem responder.Nesse vídeo eu mostro os dados que ninguém tá juntando: o estudo da Red Access, o caso da Lovable (plataforma de 6 bilhões de dólares com falha número 1 do OWASP), os 86% de XSS que a Veracode achou em código gerado por IA, o bloqueio da Apple e o que a LGPD tem a ver com isso tudo.Funcionar não é a mesma coisa que tá seguro.
🪑 Cadeira Elements: https://links.chorume.dev/elements
💳 Conta Dev: https://links.chorume.dev/contadev-igCapítulos:
⭐ Seja membro do canal: https://www.youtube.com/channel/UC1VZDEtGNxfQzh7EYcD2frg/join
📸 Instagram: https://instagram.com/manodeyvin
📌 Canal de cortes: https://www.youtube.com/@cortesdomanoofc
Capítulos:
00:00 O app que bloqueava quem tava logado
00:55 A tese: funcionar ≠ seguro
02:54 380 mil apps analisados pela Red Access
04:29 O caso Lovable: 6 bilhões e zero autenticação
07:04 O padrão sistêmico: 86% com XSS
08:31 LGPD não tem carência pra vibe coder
09:34 Apple bloqueou vibe coding
10:18 Dev assistido por IA ≠ vibe coding puro
11:11 Nubank e o risco corporativo
12:30 A crise de confiança tá acontecendo agora
-----
Fontes:
Karpathy cunha "vibe coding" (fev/2025) — https://en.wikipedia.org/wiki/Vibe_coding
Collins Dictionary Word of the Year 2025 — https://www.collinsdictionary.com/us/woty
Y Combinator W25: 25% codebases quase inteiramente IA — https://techcrunch.com/2025/03/06/a-quarter-of-startups-in-ycs-current-cohort-have-codebases-that-are-almost-entirely-ai-generated/
RedAccess: 380 mil apps, 5 mil sem proteção — https://securityboulevard.com/2026/05/thousands-of-vibe-coded-apps-exposing-corporate-personal-data-redaccess/
Axios confirma dados de banco brasileiro exposto — https://securityboulevard.com/2026/05/thousands-of-vibe-coded-apps-exposing-corporate-personal-data-redaccess/
Lovable BOLA: pesquisador denuncia no X (abr/2026) — https://thenextweb.com/news/lovable-vibe-coding-security-crisis-exposed
Lovable nega, depois admite falha — https://cybernews.com/security/lovable-vibe-coding-flaw-apology/
Lovable EdTech: 16 vulns, 18.697 usuários expostos — https://vibegraveyard.ai/story/lovable-showcased-edtech-app-18k-users-exposed/
Vercel hack via Context.ai / ShinyHunters — https://techcrunch.com/2026/04/20/app-host-vercel-confirms-security-incident-says-customer-data-was-stolen-via-breach-at-context-ai/
OmniGPT: 34M linhas de chat expostas (fev/2025) — https://hackread.com/omnigpt-ai-chatbot-breach-hacker-leak-user-data-messages/
Veracode: XSS 86%, Log Injection 88% — https://www.veracode.com/blog/ai-generated-code-security-risks/
Apple bloqueia apps de vibe coding na App Store — https://9to5mac.com/2026/03/30/apple-steps-up-crackdown-on-vibe-coding-apps-pulls-anything-from-the-app-store/
63% dos usuários de vibe coding não são devs — https://www.secondtalent.com/resources/vibe-coding-statistics/
Nubank adota vibe coding internamente — https://www.youtube.com/watch?v=w3McNRyXpQ4
---------
📧 Precisa de recomendação de Pentesters / Devs Seniores? https://hiresenior.app Receive SMS online on sms24.me
TubeReader video aggregator is a website that collects and organizes online videos from the YouTube source. Video aggregation is done for different purposes, and TubeReader take different approaches to achieve their purpose.
Our try to collect videos of high quality or interest for visitors to view; the collection may be made by editors or may be based on community votes.
Another method is to base the collection on those videos most viewed, either at the aggregator site or at various popular video hosting sites.
TubeReader site exists to allow users to collect their own sets of videos, for personal use as well as for browsing and viewing by others; TubeReader can develop online communities around video sharing.
Our site allow users to create a personalized video playlist, for personal use as well as for browsing and viewing by others.
@YouTubeReaderBot allows you to subscribe to Youtube channels.
By using @YouTubeReaderBot Bot you agree with YouTube Terms of Service.
Use the @YouTubeReaderBot telegram bot to be the first to be notified when new videos are released on your favorite channels.
Look for new videos or channels and share them with your friends.
You can start using our bot from this video, subscribe now to 86% do código é lixo. e tá em produção.
What is YouTube?
YouTube is a free video sharing website that makes it easy to watch online videos. You can even create and upload your own videos to share with others. Originally created in 2005, YouTube is now one of the most popular sites on the Web, with visitors watching around 6 billion hours of video every month.
