Introduction
In late July 2025 Wiz Research disclosed a critical security flaw in Base44, an AI powered application development platform recently acquired by Wix for eighty million dollars. The vulnerability allowed unauthorized access to private applications built via Base44 simply by knowing a publicly visible application ID. Attackers could bypass authentication controls including Single Sign‑On. Though the issue was patched within twenty‑four hours and no malicious use was detected, the incident raises urgent concerns about platform design flaws in tools that enable nontechnical users to build internal tooling through natural language prompts (Wiz Research eton)).
This post analyzes the vulnerability chain, the risks inherent in AI‑based development platforms, how the flaw bypassed SSO, and lessons for enterprise adoption.
What Is Base44 and the Promise of Vibe Coding
Base44 gained traction in early 2025 with a vision of democratizing software engineering by allowing users to build apps via “vibe coding.” Coined by OpenAI cofounder Andrej Karpathy, vibe coding describes a workflow where the user interacts with natural language rather than code. Users could describe tools, automations or chatbots in plain English. The platform translated prompts into functional application logic.
Its ease of use and rapid prototyping capabilities made Base44 popular among startups and corporate teams alike. Base44’s acquisition by Wix followed its success in enterprise settings. Wix executives touted the platform as a seamless way to empower internal teams to build AI assistants or custom software without traditional engineering resources.
The Vulnerability: Public IDs and Undocumented API Endpoints
Wiz researchers identified a critical gap in Base44’s authentication model. App creators received app IDs tied to individual applications. Many of these IDs were exposed in publicly accessible contexts such as URLs or swagger UI exports. Attackers could take a valid app ID and submit it to open registration endpoints documented in Base44 public interfaces.
By exploiting those undocumented endpoints, attackers were able to create verified user accounts on private applications. This applied even when Single Sign‑On was enabled. The flaw stemmed from a mismatch between intent and implementation. The platform assumed app registration logic was behind secure APIs. In reality endpoints allowed onboarding without verifying authorization.
The flaw emphasized a fundamental security oversight in design rather than an exotic threat vector like model poisoning. According to Wiz researchers, it reflected insecure default assumptions rather than advanced hacking tactics.
Timeline and Company Responses
Wiz Research disclosed the issue to Base44 and Wix on July 9. Both companies confirmed the issue had been fixed within twenty‑four hours following notification. According to their statements no evidence was found that the vulnerability was exploited maliciously. The investigation remains ongoing.
Company officials emphasized user security and pledged continued investment in reinforcing platform integrity. Base44 reaffirmed vulnerability management as a priority. Wiz highlighted that the flaw stemmed from missing access checks rather than malicious payloads or external adversaries. The incident caused no public customer impact or reported breaches.
Technical Breakdown of the Flaw
Discovery Method
Researchers discovered that registration endpoints for app users did not validate authorization tokens or SSO claims. Instead they accepted valid app IDs and created authenticated sessions directly.
Authentication Bypass
By using app IDs visible in swagger documentation or URL parameters, attackers could assume authorized roles. This bypassed authentication entirely. SSO systems users employed did not control access because the registration logic ignored tokens issued by identity providers.
Platform Design Assumptions
The flaw originated in fundamental design assumptions: developers had not enforced API access boundaries consistent with user role privileges. Public documentation tools like swagger‑UI exposed endpoint definitions inadvertently. The root cause was lack of input validation and missing server side authorization logic for endpoint requests.
Broader Risks in AI‑Driven Development Platforms
Base44 represents a class of platforms that enable AI generated tools or automations via prompts. These platforms dramatically lower the barrier to entry for nontechnical users. But they also expand the attack surface:
- Automated code generation may bypass standard security reviews.
- Rapid provisioning of applications raises questions about access control hygiene.
- Endpoint discovery via introspection tools can expose undocumented interfaces.
- Default configuration for enterprise features such as SSO may not secure backend operations unless validated centrally.
As a result AI assisted low‑code or no‑code tools require the same security rigor as traditional platforms plus additional layers of validation.
Lessons for Enterprises and Platform Providers
Secure Endpoint Exposure
Platforms employing interactive documentation must treat swagger or API explorers as untrusted input sources. Exposed endpoints must enforce authorization and rate limits regardless of outdoor UI indications.
Enforce Auth Checks on All APIs
Access to endpoint logic for creating users or modifying app data must validate credentials or identity claims even when UI components assume authentication. SSO integration is insufficient unless enforced server side.
Instance Isolation and App Scoping
Each application instance must be scoped by org or user context. A valid app ID should not serve as privilege. Tokens or claims associated with identity providers should be enforced for each request.
Incident Response and Bug Bounty Culture
Companies should implement rapid disclosure and patching protocols. Bug bounty programs or partnership with external security firms like Wiz help improve the trustworthiness of next generation platforms.
Case Comparisons
Several similar incidents reveal how low‑code platforms can misconfigure security:
- A 2023 breach in an internal app builder allowed user provision by manipulating public URL parameters.
- An enterprise low‑code CRM tool once exposed admin endpoints unintentionally via CLI interfaces.
In each case oversight involved unsecured default assumptions about user state rather than deliberate adversary exploitation.
Why the Risk Was Discovered Now
The vulnerability emerged post‑acquisition. Companies under pressure to scale rapidly often prioritize product delivery. In Base44’s case integration with Wix infrastructure may have diverted attention from API security assumptions. Wiz researchers connected discovery to incomplete SSO logic and missing API validation—weaknesses possibly induced by rapid growth and integration demands.
Security Design Checklist for AI‑Powered Platforms
| Area | Recommendation |
| Public documentation tools | Require authentication to view swagger or API menus |
| Unknown endpoints | Apply authorization checks even for undocumented internal APIs |
| SSO integration | Validate identity tokens on server side rather than relying on front‑end logic |
| App instance ID usage | Do not assume IDs provide or restrict privilege |
| Endpoint discovery risk | Review auto generated endpoints periodically to ensure none are dangerous |
| Rapid bug mitigation | Establish coordinated responsible disclosure and patching processes |
Enterprise Risk Mitigation
Organizations adopting AI development tools such as Base44 should establish internal controls:
- Conduct penetration tests specifically targeting automated code generation and admin APIs.
- Monitor usage of app IDs and user invitation flows.
- Evaluate default access controls before enabling enterprise features in production.
- Require partner platforms to demonstrate threat modeling and secure coding audits.
Conclusion
The Base44 vulnerability detected by Wiz last month underscores the risk profile of AI assisted application development platforms. A flaw in endpoint validation allowed unauthorized access to private apps via merely possessing a public application ID. The incident highlights a broader issue in low‑code tools: simplicity can obscure insecure design assumptions around authentication and access control.
Though the flaw was patched rapidly and no malicious exploitation was confirmed, the event serves as a cautionary case. Platforms promoting natural language driven app generation must be built with rigorous identity enforcement across all endpoints. Enterprises adopting these tools need to demand transparent security practices and verify backend enforcement in addition to UI level controls.
The future of vibe coding depends not only on usability but also on resilient security design. Enterprises and users must recognize that behind the promise of democratized development lies an expanded surface for access misconfiguration and unauthorized control.
Works Cited
CTech News. “Wiz finds major security flaw in Base44, one month after Wix acquisition.” Calcalistech, 29 July 2025, https://www.calcalistech.com/ctechnews/article/s17pjsivge.