Incident 1016: Jailbroken Lovable AI Allegedly Used to Generate and Host Phishing Pages, Steal Credentials, and Bypass Security

Description: The generative AI platform Lovable, which is used for building web apps, was reportedly jailbroken to create and host full phishing campaigns. These campaigns allegedly included credential-harvesting login pages, evasion techniques, and real-time exfiltration via services like Telegram and Firebase. The AI system was reportedly used for generating the phishing content and and then deploying it live on a URL hosted under its own subdomain.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: Loveable AI developed an AI system deployed by Unknown actors , Cyber criminals and Cyber criminal networks, which harmed General public , Users targeted by phishing attacks , Impersonated organizations and Microsoft.

Alleged implicated AI systems: Lovable AI , Firebase , RequestBin , JSONBin , Twilio , Telegram , Office.com and Microsoft login systems

Incident Stats

Incident ID

1016

Report Count

Incident Date

2025-04-09

Editors

Daniel Atherton

Incident Reports

Reports Timeline

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

thehackernews.com

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side

labs.guard.io

thehackernews.com · 2025

Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring…

labs.guard.io · 2025

With the rise of Generative AI, even total beginners can now launch sophisticated phishing scams --- no coding skills needed. Just a few prompts and a few minutes. To fight back, Guardio Labs introduces the VibeScamming Benchmark v1.0, a s…

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.

Seen something similar?

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Incident 1016: Jailbroken Lovable AI Allegedly Used to Generate and Host Phishing Pages, Steal Credentials, and Bypass Security

Tools

Entities

Incident Stats

Incident Reports

Reports Timeline

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side

Variants

Similar Incidents

By textual similarity

Game AI System Produces Imbalanced Game

Wikipedia Vandalism Prevention Bot Loop

Biased Sentiment Analysis

Similar Incidents

By textual similarity

Game AI System Produces Imbalanced Game

Wikipedia Vandalism Prevention Bot Loop

Biased Sentiment Analysis