Sweden’s fastest-growing AI unicorn, Lovable, is under fire. Once hailed as the Nordic region’s most promising “vibe coding” startup, the company is now scrambling to contain a wave of cybercrime that has weaponized its platform — and Denmark has become a key target.
According to cybersecurity researchers at Proofpoint, Lovable’s AI-powered website builder has been increasingly used by cybercriminals to create and host phishing pages, malware drop sites, and financial fraud portals. Since February 2025, tens of thousands of malicious URLs hosted on the `lovable.app` domain have been detected in phishing campaigns across Europe — with a notable concentration in Denmark.
A Tool for Innovation — or Exploitation?
Lovable allows users to build fully functional websites using only natural language prompts. It’s fast, intuitive, and accessible — exactly what makes it dangerous in the wrong hands.
Proofpoint’s research shows that even novice attackers can now spin up convincing replicas of Microsoft login pages, UPS tracking portals, or DeFi platforms like Aave in minutes. These fake sites are then used to harvest credentials, drain crypto wallets, or install malware such as the zgRAT trojan.
In one campaign, a fake UPS website created via Lovable tricked Danish users into entering credit card details and SMS verification codes. The stolen data was then posted directly to a Telegram channel controlled by the attackers.
Denmark in the Crosshairs
While Lovable’s abuse is global, Denmark has emerged as a hotspot. Proofpoint has traced multiple campaigns targeting Danish banking users and logistics customers. These scams often begin with SMS or email lures in Danish, leading to Lovable-hosted sites that mimic local brands or public services.
- “The ease of use is the problem,” says Tommy Madjar, a threat researcher at Proofpoint.
- “You don’t need to know how to code. You just describe what you want — and Lovable builds it. That includes phishing sites, crypto drainers, or fake login portals.”
Lovable’s Response: Too Little, Too Late?
Lovable has acknowledged the issue. In July 2025, the company introduced AI-driven real-time detection to block malicious prompts and began daily scanning of published projects. It claims to block 1,000+ malicious projects per day and has removed hundreds of phishing domains within hours of detection.
Still, critics argue the safeguards are reactive. In tests conducted by Guardio Labs, researchers were able to create a fully functional phishing site using just two prompts — with no warnings or blocks.
- “Lovable scored just 1.8 out of 10 on our VibeScamming resilience test,” says Nati Tal, a researcher at Guardio.
- “It’s not just vulnerable — it’s the most vulnerable platform we’ve tested.”
The Nordic Dilemma: Innovation vs. Security
Lovable’s meteoric rise is a point of national pride. Backed by Swedish tech giants like Klarna’s Sebastian Siemiatkowski and Supercell’s Ilkka Paananen, the company recently raised $200 million, making it one of Europe’s best-funded AI startups.
But with great scale comes great responsibility — and Lovable’s security model hasn’t kept pace.
- “Vibe coding empowers new developers,” says Amjad Masad, CEO of rival platform Replit.
- “But if you make it easy to deploy an app, you must also make it hard to accidentally expose sensitive data or enable fraud.”
What’s Next?
Lovable says it is now working with European cybersecurity agencies and has begun proactive account flagging to prevent repeat abuse. The company is also pursuing SOC 2 Type 2 and ISO 27001 certifications — a step toward regaining trust.
Still, for Danish businesses and consumers, the threat is real and immediate. The Danish Business Authority has yet to issue formal guidance, but cybersecurity firms are urging companies to block or monitor traffic from `lovable.app` domains until stronger safeguards are in place.
Conclusion:
Lovable may have built a revolutionary tool — but without stronger guardrails, it risks becoming a revolutionary weapon for scammers. And right now, Denmark is on the front lines.
For more Nordic tech security coverage, subscribe to the Nordic Business Journal’s weekly briefing.