13 verified data points · Updated May 2026

Lovable Statistics

Stockholm-based AI app builder founded 2023. The fastest-growing vibe-coding platform — and the one with the most-documented security incident in the space.

Every data point on this page is from a public source with a direct link. Cite freely.

Company & funding

2023

Founded

Originally launched as the open-source GPT Engineer project by Anton Osika before being commercialized as Lovable.

Source: Wikipedia · May 2026

Stockholm

Headquarters (Sweden)

Founded and headquartered in Stockholm by CEO Anton Osika and CTO Fabian Hedin.

Source: Wikipedia · May 2026

120

Employees (2025)

Headcount reported as of late 2025.

Source: Wikipedia · Nov 2025

$200M

Series A (Feb 2025)

Led by Accel at a $1.8B post-money valuation.

Source: Wikipedia · Feb 2025

$330M

Series B (Dec 2025)

Led by CapitalG and Menlo Ventures at a $6.6B valuation.

Source: Wikipedia · Dec 2025

$6.6B

Valuation (Dec 2025)

Post-money valuation at the Series B close in December 2025.

Source: Wikipedia · Dec 2025

Usage & adoption

~8M

Users (Nov 2025)

Approaching 8 million users globally as of late 2025.

Source: Wikipedia · Nov 2025

$200M

Annual recurring revenue

ARR reached $200M as of November 2025 — among the fastest in SaaS history.

Source: Wikipedia · Nov 2025

Security incidents & research

CVE-2025-48757

Critical RLS bypass disclosed May 2025

Lovable-generated projects using Supabase Row Level Security shipped with lax default policies that allowed unauthenticated attackers to read arbitrary database tables. Disclosed by Matt Palmer.

Source: Matt Palmer (CVE-2025-48757 statement) · May 2025

10.3%

Lovable apps affected by CVE-2025-48757

303 vulnerable endpoints across 170 projects out of 1,645 Lovable apps analyzed had insufficient RLS configuration at disclosure time.

Source: Matt Palmer (CVE-2025-48757 statement) · May 2025

March 2025

Earlier Supabase exposure incident

Before the formal CVE, a Replit employee documented misconfigured Supabase database access controls on Lovable-created websites that exposed user data publicly.

Source: Wikipedia · Mar 2025

89.5%

AI-built apps with vulnerabilities (industry-wide)

SusVibes peer-reviewed research found only 10.5% of vibe-coded apps were secure. Lovable apps were part of the analyzed cohort.

Source: SusVibes (arXiv:2512.03262) · Dec 2025

98%

AI-built apps missing basic protections

Tenzai research comparing secure-coding capabilities of popular AI agents found 98% of generated apps lacked basic security controls.

Source: Tenzai · 2025

Reports & research

Statement on CVE-2025-48757

Matt Palmer · 2025

RLS bypass in 10.3% of analyzed Lovable apps (303 endpoints across 170 projects).

SusVibes: Auditing the Security of Vibe-Coded Applications

arXiv preprint · 2025

Only 10.5% of vibe-coded apps are secure.

Bad Vibes: Comparing the Secure-Coding Capabilities of Popular AI Coding Agents

Tenzai · 2025

98% of AI-generated apps missing basic security controls.

Do Users Write More Insecure Code with AI Assistants?

Stanford University (arXiv:2211.03622) · 2023

Developers using AI assistants wrote significantly less secure code while believing their code was more secure.

Statistics for other platforms

Cursor statistics Replit statistics Base44 statistics Bolt.new statistics v0 statistics Claude Code statistics

Want your Lovable app scanned?

VAS finds the security gaps Lovable commonly leaves in shipped apps. Copy-paste fixes for your AI tool.

Run a scan All vibe-coding stats