Incident 1016: Jailbroken Lovable AI Allegedly Used to Generate and Host Phishing Pages, Steal Credentials, and Bypass Security

Description: The generative AI platform Lovable, which is used for building web apps, was reportedly jailbroken to create and host full phishing campaigns. These campaigns allegedly included credential-harvesting login pages, evasion techniques, and real-time exfiltration via services like Telegram and Firebase. The AI system was reportedly used for generating the phishing content and and then deploying it live on a URL hosted under its own subdomain.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: Loveable AI developed an AI system deployed by Unknown actors , Cyber criminals and Cyber criminal networks, which harmed General public , Users targeted by phishing attacks , Impersonated organizations and Microsoft.

Alleged implicated AI systems: Lovable AI , Firebase , RequestBin , JSONBin , Twilio , Telegram , Office.com and Microsoft login systems

Incident Stats

Incident ID

1016

Report Count

Incident Date

2025-04-09

Editors

Daniel Atherton

Incident Reports

Reports Timeline

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

thehackernews.com

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side

labs.guard.io

thehackernews.com · 2025

Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring…

labs.guard.io · 2025

With the rise of Generative AI, even total beginners can now launch sophisticated phishing scams --- no coding skills needed. Just a few prompts and a few minutes. To fight back, Guardio Labs introduces the VibeScamming Benchmark v1.0, a s…

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Incident 1016: Jailbroken Lovable AI Allegedly Used to Generate and Host Phishing Pages, Steal Credentials, and Bypass Security

Tools

Entities

Incident Stats

Incident Reports

Reports Timeline

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side

Variants

Similar Incidents

By textual similarity

Game AI System Produces Imbalanced Game

Wikipedia Vandalism Prevention Bot Loop

Biased Sentiment Analysis

Similar Incidents

By textual similarity

Game AI System Produces Imbalanced Game

Wikipedia Vandalism Prevention Bot Loop

Biased Sentiment Analysis