Lovable CEO apologises after security scare: ‘I take accountability’

2026-04-22 · Source: Sifted · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Project & Product Management · Depth: Fundamental Awareness, quick

Summary

Lovable CEO Anton Osika issued an apology following a security incident where an anonymous X user claimed access to other customers' chat histories and personal information. The Swedish vibe-coding startup denied a data breach but acknowledged poor communication regarding data visibility, specifically that chat messages linked to public projects were viewable. The issue has since been resolved. Osika stated the company learned of the problem via social media due to a "broken" vulnerability disclosure process, admitting some product decisions were "out of touch with user expectations." This incident follows a period where Lovable rushed a desktop product update amid competition from US AI company Anthropic. Lovable plans to prioritize strengthening security processes and communication.

Key takeaway

For product managers overseeing user data, this incident underscores the importance of clear data visibility communication and a functional vulnerability disclosure process. Ensure your product's default settings and user-facing explanations align with privacy expectations, especially for public-facing features. Proactively audit your security reporting mechanisms to prevent delays in incident response and maintain user trust.

Key insights

Security incidents highlight the critical need for robust vulnerability disclosure and transparent data visibility policies.

Principles

• Proactive vulnerability disclosure is essential.
• Product decisions must align with user expectations.

In practice

• Implement clear data visibility policies.
• Strengthen security communication channels.

Topics

• Lovable
• Anton Osika
• Security Incident
• Data Visibility
• Vulnerability Disclosure

Best for: Product Manager, CTO, VP of Engineering/Data, AI Product Manager, Director of AI/ML, Tech Journalist

Related on AIssential

• Lovable denies mass data breach — Unclear data visibility settings can lead to perceived breaches, even without external system compromise.
• Heimdal Survey: Executives Four Times More Confident About AI Risk Than The Teams Managing It — Executives significantly overestimate AI risk control compared to practitioners, as AI adoption outpaces security measures.
• Where Claude Mythos can help — Prioritize vulnerability remediation by validating exploitability to focus on critical security gaps.
• Minimi — Websites deploy security services to verify users are human, protecting against malicious bots.
• Another customer of troubled startup Delve suffered a big security incident — Security certification quality directly impacts downstream organizational and customer data integrity.
• Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program — Bug bounty programs are adapting to AI-driven volume by prioritizing validated, high-impact submissions and clarifying shared security responsibilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Sifted.