Never before has it been easier to launch a new website. Type a sentence, watch a chatbot spit out a Next.js app, click “publish.” Minutes. That’s not a complaint, it’s genuinely incredible. But I’ll say this plainly: it has also never been more dangerous to publish a website if you don’t know what you’re doing.
I’ve spent years warning small business owners away from Wix, Weebly, GoDaddy’s site builder, and the rest of that pile. Not because the tools themselves are evil. Most of them are fine at what they do. The problem is they let people ship a website without ever learning what a website actually is. You don’t know what’s under the hood. You can’t fix what breaks. And when something really goes wrong, you find out at the worst possible moment that you never really “owned” your site in the first place.
AI generated websites are the same trap, just amplified. The speed is higher, the guardrails are lower, and the failure modes have gotten scary. If you’ve been anywhere near the news in the last 12 months, you’ve probably seen the term “vibecoding” by now. That’s the practice of describing what you want, letting an AI write the code, and shipping the result without reading it. For hobby projects, fine. For a real business website that handles real customer data? It’s a loaded gun. The vibecoding website dangers are not theoretical anymore. They’re a weekly news story.
AI Generated Website Mistakes, Ranked By How Much They’ll Ruin Your Week
The majority of these are examples from real incidents, not hypothetical cases.
1. Leaking API keys to the entire internet
This is the really big one, there are stories all over X and social media about devs waking up with a $40,000 cloud bill. It scares the crap out of me.
Security researchers have been scanning the output of vibe-coding platforms at scale, and the numbers are ugly. Roughly 1 in 10 vibe-coded apps leak things like Supabase keys straight to the browser. Wiz’s research found exploitable security risks in 20% of the apps they audited. Other independent studies put the rate of AI-generated applications with at least one serious vulnerability as high as 80%. These aren’t obscure side projects. These are the same platforms, templates, and patterns that small businesses are using to spin up storefronts, booking pages, and lead capture forms this week.
Lovable is one of the most popular AI website builders right now, and it had a disclosed vulnerability (CVE-2025-48757) in 2025 that affected 170+ live apps across 303 vulnerable endpoints. Emails, payment data, subscription records, and developer tokens, all queryable by anyone who opened DevTools. A developer recently ran a casual audit on a friend’s Lovable app and found the same pattern: hardcoded Stripe and OpenAI keys sitting right in the frontend bundle.
Worst case scenario here: drain your bank account, use your account for fraud, lose customers.
Then there’s Moltbook…this is a really hot topic right now, a vibe-coded AI platform that had an exposed Supabase key sitting in its client-side JavaScript. Wiz researchers pulled down roughly 1.5 million API keys, around 30,000 user emails, and thousands of private conversations. Nobody had to log in. The key was just sitting there in the HTML. If you want the gory detail, the Moltbook post-mortem is worth a read.
The AI confidently writes code like a pro. But the AI does not understand that putting your Stripe secret in a JavaScript file visible to every browser is a career ending move. It has no sense of what is safe to ship. It will absolutely, cheerfully, hand you a website that exposes your customers’ data and smile while doing it.
If you’ve vibe-coded a website and you don’t know what a Row Level Security policy is, what a .env file is, or what “server-side vs. client-side” means, take your site offline today. I am not being dramatic.
2. Publishing the AI’s working directory to the public web
This one is so common and I’ve been so close to being guilty of many times. I’m from the “old era” where I am always thinking of permissions so it is LESS likely to happen to people like me, but it def can. When people use a CLI coding agent to build a site, a lot of them then commit the entire working directory to a public GitHub repo. Or worse, they zip the project up and leave the backup on the public web server. Now yoursite.com/backup.zip or yoursite.com/.git/ contains your whole project, secrets included.
Some of the biggest vibe-coding leaks happened this exact way. Not via a clever attack, just because the whole codebase, API keys and all, was sitting in a public repo. I’ve seen small business sites where the previous “AI built” website left /admin-backup.sql sitting in the webroot. That’s not a hack. That’s free data delivery. Any half-decent scanner finds these in seconds.
The really hard part is the more “access” you give AI’s the better they are, but the more access you give it the more dangerous it is.
My personal rule: if I am using a command line agent to work on a website, don’t do it inside the live / working dir /var/www/html/etc and always look at the live directory after publishing. It is really scary out there.
3. Shipping whatever the AI wrote, without reading it
Microsoft a company with entire buildings full of editors, published an AI-generated Ottawa travel guide in 2023 that recommended visiting the Ottawa Food Bank as a top tourist attraction. It concluded with the line “Consider going into it on an empty stomach.” It sat live until a journalist caught it.
The Economic Times, a major global business paper, ran an AI-generated “Word of the Day” series where the graphic for “Kafkaesque” spelled it “Kafkaesliue” on a blackboard. Another entry for “pensive” labeled a coffee cup “celffee.” See Futurism’s writeup for the screenshots. These aren’t tiny blogs. These are outlets with style guides older than I am. And they still published nonsense because nobody looked before hitting publish.
Now imagine you’re a local HVAC contractor who let an AI write all 40 of your service-area pages. How confident are you that none of them say something embarrassing, factually wrong, or actively damaging to your brand? How many have you actually read?
4. Deindexing yourself from Google by accident
A classic mistake, and AI makes it faster. An AI agent (or the builder’s default template) drops a <meta name="robots" content="noindex"> tag on your whole site, or pushes your staging robots.txt to production, or writes canonical tags that point every page at the homepage. Six weeks later someone asks why you’re not showing up on Google anymore.
I’ve cleaned up after this exact mistake more times than I can count with traditional developers. AI agents make the same mistake faster and more silently, because there’s no human in the loop to notice the red flag during a code review. A noindex tag you didn’t mean to ship is a months-long recovery. Check your source code before you launch.
5. AI agents publishing content in your name that you never authorized
This one is genuinely wild, and I think it’s the preview of a much bigger problem. An autonomous AI agent recently published a fabricated hit piece accusing a matplotlib open source maintainer of “gatekeeping” and personal insecurity, after the maintainer rejected the AI’s pull request. The agent had been handed publishing access by its operator, and it used that access to retaliate with hallucinated accusations. Full blog post. Written, formatted, published.
Now translate that to the small business world. You give a coding agent write access to your WordPress. A week later it “helpfully” pushes a blog post, or edits your “About” page, or changes a price on a product, or invents a testimonial from a customer who doesn’t exist. Who’s liable when that hallucinated claim turns into a legal letter? You are. It was your website.
Why This Scares Me More Than Wix or Sitebuilders Did
With a Wix or a GoDaddy site, the worst realistic outcome was: your site looked bad, loaded slow, or hit a plan limit. The blast radius was small. You looked unprofessional. Moving off the platform later was painful. Fine. Survivable.
With an AI generated website, the blast radius is: every credit card that touched your checkout, every email in your customer list, your SEO for the next 18 months, and possibly your brand’s reputation when the AI invents a quote from a customer who never existed. The ceiling of “how bad can this get” has moved up by two floors.
To be clear: I am not against DIY website building. I’ve always respected the people who roll up their sleeves and learn how this stuff actually works. That’s how I started. What I am against is shipping software when you don’t understand what you just shipped. An AI generated website is software. AI didn’t change that rule. It just made it easier to break.
If you’ve already built something with Lovable, Bolt, v0, a Claude or Cursor agent, whatever, that’s fine. But before you point a real domain at it and start taking customers’ money, do three things:
- Open your browser DevTools, go to the Network tab, and look at what your site sends to the client. If you see an API key, an auth token, or a database URL, you have a problem.
- Try loading
yoursite.com/.git/config,yoursite.com/.env, andyoursite.com/backup.zipin a browser. If any of those return content, you have a bigger problem. - View source on your homepage and search for
noindex. If it’s there and you didn’t put it there on purpose, yeah.
That’s not a full audit. That’s a five-minute “am I immediately on fire” check. If you can’t do those three things, or the results make no sense to you, hire someone who can. It’ll cost you less than one leaked Stripe key.
I’m not telling anyone to avoid AI for building websites. I’m telling you: ship it like a professional, or don’t ship it.
