Lovable had an incident this week, and I’m proud of our team for deploying a fix within hours of lea...

The team learned about the incident on X because our own" / X

Post

Conversation

Lovable had an incident this week, and I’m proud of our team for deploying a fix within hours of learning about it. But things shouldn’t have gone this way in the first place, and I take accountability. I’m sorry. The team learned about the incident on X because our own vulnerability disclosure process was broken. That’s not because of our partners at HackerOne. It’s on us. We could’ve reacted much sooner and I never want people to think that the only time we care about an issue is if it goes viral. We care that everyone who uses Lovable can trust it, and trust us, to do right by them. We appreciate and need ethical hackers to help us make the product safer, and security researchers should know we value them. We also made decisions in our product that might’ve felt logical when we launched but feel really out of touch with user expectations now. It doesn’t matter what the intent was, it matters that we make decisions that keep customer trust at the forefront at all times. We’ve done a lot of work on this in the last year, and when things like this incident happen, it shows me there is more to do. So we’re going to do more and we’re going to communicate about it better. Lovable should be the safest place to build. Full write-up from the team and me below, including everything we're changing immediately.

Quote

Lovable

@Lovable

5h

We have an update on this week's incident, including what happened, what's fixed, and what we're changing: lovable.dev/blog/our-respo