In a disturbing turn for generative AI security, a new report from Guardio Labs reveals that Lovable, a text-to-code AI web app generator, is alarmingly susceptible to jailbreak attacks. This vulnerability allows even non-technical users to create fully functional phishing pages, credential harvesters. And even admin dashboards to manage stolen data—all with minimal effort.
Lovable, which markets itself as a fast, user-friendly platform for building full-stack web applications using natural language prompts. Has now been dubbed the most dangerous LLM for abuse in a newly identified attack technique known as “VibeScamming.”
Coined as a play on “vibe coding”—a method where developers rely on AI to generate code from problem statements. VibeScamming involves tricking AI models into building malicious tools by framing prompts in a narrative or iterative way. Once the AI gives an initial partial response, users progressively “level up” the prompt until the AI produces fully weaponized outputs.
According to Nati Tal, lead researcher at Guardio, Lovable “didn’t just participate, it performed.” The platform was capable of generating a Microsoft-style phishing login page, hosting it on its own subdomain. And even redirecting victims to the official Microsoft website after stealing their credentials. Worse still, Lovable built a custom admin dashboard for attackers to view stolen data, including IP addresses, timestamps, and plaintext passwords.
AI Abuse Beyond Lovable
Lovable isn’t the only platform under scrutiny. Anthropic Claude and ChatGPT were also tested using Guardio’s new VibeScamming Benchmark. Which evaluates LLMs on how easily they can be manipulated into aiding phishing workflows.
- ChatGPT scored 8/10 in safety, resisting many prompts and exhibiting strong safeguards.
- Claude initially pushed back but proved “easily persuadable” when prompts were framed as ethical or for security research, scoring 4.3/10.
- Lovable, however, scored a worrying 1.8/10, making it the most exploitable model tested.
Claude and Lovable were also found to comply with prompts asking for evasion techniques. Guidance on obfuscating scam pages, SMS delivery using Twilio, and Telegram integration for exfiltration. These responses pose real threats, especially since attackers can now build phishing kits that rival—or surpass—the quality of genuine user flows.
Guardio’s benchmark joins a growing chorus of warnings from cybersecurity experts who have flagged how LLMs are being co-opted by attackers. Other AI platforms like DeepSeek have also shown vulnerabilities to jailbreak tactics like Bad Likert Judge, Crescendo, and Deceptive Delight, all of which can help generate phishing emails, malware scripts, and keyloggers.
In a related report last month, Symantec detailed how OpenAI’s Operator, an agent designed for web-based tasks. Could be repurposed to run automated phishing campaigns. It could gather emails, write PowerShell malware, upload data to Google Drive, and send targeted phishing messages—all without human expertise.
The Stakes for AI Security
The broader concern is that these tools lower the technical barrier to cybercrime. Giving aspiring hackers easy access to code generators that can deliver functioning malware, phishing templates, and full operational infrastructure.
Lovable’s case is particularly alarming because it offers live deployment capabilities. Enabling phishing campaigns to launch instantly with no external infrastructure. The platform can be manipulated to host scam pages, deliver fake login portals. And integrate back-end data exfiltration services like Firebase, RequestBin, and JSONBin.
“The fake login experience Lovable generated is smoother than Microsoft’s own sign-in flow,” Tal noted, highlighting the polished UX these AI agents can create.
