What is Vibescamming?
The term was introduced by Guardio Labs in April 2025 to describe how platforms like Lovable, Replit, Bolt.new, and Vercel’s v0 can be prompted to build functional phishing campaigns. Unlike traditional phishing kit deployment—which requires understanding HTML, JavaScript, server configuration, and credential exfiltration—vibescamming allows attackers to describe what they want in plain English and receive a fully functional attack in minutes. In Guardio’s testing, Lovable scored 1.8 out of 10 on resistance to malicious prompts.
Business Impact
Vibescamming collapses the skill barrier that historically limited who could launch sophisticated phishing attacks. Because attacks are hosted on legitimate, high-reputation platforms (lovable.app, vercel.app, replit.dev), they bypass domain-based detection, email security filters, and reputation scoring. Allure Security’s SPOOF ’26 threat report documented 376 alerts from vibe coding platforms in 2025—a category that didn’t exist in 2024 data. Vercel alone accounted for 341 alerts.
Allure Security's Approach
Vibescamming exemplifies why Allure Security’s detection architecture prioritizes content analysis over infrastructure signals. When phishing pages are built on Lovable and hosted on Vercel with valid SSL certificates and established domain reputation, infrastructure tells you nothing—content tells you everything. Allure’s computer vision and NLP-based scanning identifies brand impersonation regardless of hosting platform.