Anton Osika, CEO of Swedish vibe-coding startup Lovable, has apologised after a security incident sparked concerns that users’ data had been exposed.
Earlier this week, an anonymous X user claimed they could access other customers’ chat histories and personal information after creating a free account. The post — viewed more than 500k times — alleged “every conversation” with Lovable’s AI was “stored and readable”.
The company subsequently denied suffering a data breach, but admitted shortcomings in how it communicated the visibility of users’ data. The issue, which allowed chat messages tied to public projects to be viewed, has now been fixed.
In a statement posted on LinkedIn on Wednesday, Osika said the company first learned of the problem via social media because its vulnerability disclosure process had “broken”, delaying its response. He acknowledged that some product decisions now appeared “out of touch with user expectations”.
“We’ve done a lot of work on this in the last year, and when things like this incident happen, it shows me there is more to do,” he wrote. “So we’re going to do more and we’re going to communicate about it better.”
The incident caps a turbulent few weeks for the Stockholm-based startup, which recently rushed out a desktop product update amid signs US AI company Anthropic was building a rival.
Osika said Lovable will now prioritise strengthening its security processes and communication. “Lovable should be the safest place to build,” he wrote.
