I Audited 21 Public Vibe-Coded Apps in 48 Hours. Here Are the 5 Patterns That Keep Showing Up.

Over the last 48 hours I've run VibeScan - my LLM-powered security audit for AI-generated SaaS - against 21 public apps built on Lovable, Bolt, v0, Cursor, Replit, and Windsurf. I wanted to check whether the 5 patterns I found in 9 apps earlier this week were a small-sample fluke or a real signal. At 21 apps the signal is unmistakable. Total findings across the corpus: 20 critical + 84 high + 58 medium = 162 real issues. Every single app had at least one. The most egregious had 13 (1 critical / 8 high / 4 medium). The "cleanest" still had 3 mediums.