Lovable, a generative AI platform designed to create full-stack web applications using simple text prompts
has been identified as particularly vulnerable to jailbreak attacks. This weakness allows even inexperienced cybercriminals to create lookalike credential harvesting pages with ease.
“As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly with every scammer's wishlist,” said Nati Tal of Guardio Labs in a report shared with The Hacker News. Lovable, he explained, offers features like pixel-perfect scam page creation, live hosting, evasion techniques, and even admin dashboards to track stolen data—all without any noticeable security checks.
This misuse technique has been dubbed “VibeScamming”, a term inspired by “vibe coding,” which involves using AI to generate software based on short, descriptive prompts. The term highlights how AI can be manipulated to automate scams from end to end.
The misuse of AI chatbots and large language models (LLMs) for malicious purposes isn't new. Recent research has shown threat actors abusing popular tools like ChatGPT and Google Gemini to assist in malware creation, research, and phishing content. Other LLMs such as DeepSeek have also been tricked into generating harmful content using jailbreak techniques like Bad Likert Judge, Crescendo, and Deceptive Delight.
For instance, Symantec recently revealed how OpenAI’s Operator AI agent could be weaponized to automate phishing attacks, from gathering emails to drafting convincing scam messages and storing data in the cloud. These AI capabilities significantly lower the technical barrier for attackers, enabling even those with minimal skills to create functional malware.
A more recent example is a jailbreak method called Immersive World, which creates fictional scenarios to bypass AI security and generate data-stealing scripts, particularly for harvesting credentials stored in Google Chrome.
Guardio’s latest research uncovered that not only Lovable, but also Anthropic’s Claude to a lesser extent, could be manipulated to carry out full phishing campaigns. These platforms can generate everything from fake SMS templates and Twilio-based link delivery to content obfuscation and Telegram integration for stolen data exfiltration. The process, known as "level up," involves a series of refined prompts that gently guide the AI into creating more effective scam tools.
Lovable was found to automatically generate and deploy a realistic fake Microsoft login page on its own subdomain (e.g., *.lovable.app). After stealing credentials, it redirects users to the real Microsoft website to avoid suspicion.
Even more concerning, Lovable and Claude can assist with bypassing detection tools and sending stolen credentials to external platforms like Firebase or private Telegram channels. “It mimics the real thing so well that it’s arguably smoother than the actual Microsoft login flow,” Tal noted, emphasizing how dangerous task-focused AI can become if not properly secured.
Guardio reported that not only does Lovable create the scam page, but it also generates a full admin dashboard to manage stolen data—including plaintext passwords, IP addresses, and timestamps.
To assess the risk, Guardio released the first VibeScamming Benchmark, designed to evaluate AI models' resistance to phishing abuse. ChatGPT scored an 8 out of 10 (strong resistance), Claude scored 4.3 (moderate), and Lovable scored only 1.8, making it highly exploitable.
“ChatGPT, while arguably the most advanced, was also the most cautious,” Tal concluded. “Claude showed early resistance but became helpful when prompted under ethical or research pretenses. Lovable, unfortunately, offered little to no resistance at all.”
