California
New York
Illinois
Connecticut
Maine
Delaware
Twenty-five compliance professionals. Ninety minutes inside Lovable. By the end of the session, the cohort had built regulatory trackers, conflict-of-interest screeners, even a flashcard game one of our team had made for new hire onboarding. One participant published a working app to the open internet for the first time. The chat sidebar was full of questions.
Here are the five worth your time, whether you've vibe coded before or just want to know what the right questions are.
If everyone writes the same prompt, are we all exposed to the same risks?
One of the first questions of the session came from a compliance officer thinking out loud about scale. If twenty-five people in a class type the same prompt into Lovable, do they get twenty-five identical apps? And if so, what does that mean about security when an entire compliance team starts vibe coding?
Two answers, both useful. First: each person gets their own separate app instance. Glitches in one person's build won't show up in someone else's. Lovable, Claude, and similar tools spin up new environments for each user. There's no shared application surface to compromise.
The second answer is the one that matters. The security question isn't really about the app. It's about what data goes into it. The risks are consistent across everyone: don't feed real employee or customer information into a prototype, and route anything that touches a login or internal system through IT before sharing it with anyone else. The app itself is harmless. The data you put into it is where the conversation with your security team starts.
Once I build something, does it just live in Lovable forever?
Another early question, asked while the cohort was watching a regulatory tracker get built in real time. Lovable hosts your app by default, so what happens if you want to move it? Can you publish it to SharePoint, or hand it to your IT team for a proper internal launch?
Yes to both, and the path is shorter than you'd think. Inside Lovable, every app has a "Code" button that shows the source files. You can download the entire codebase to your computer, independent of Lovable, and hand it to your IT team to host wherever your organization prefers: SharePoint, an internal subdomain, an existing intranet.
This is the move that turns vibe coding from a personal sandbox into a real internal tool. One Ethena client built his compliance team's intranet site this way. Prototype in a vibe coding tool, hand the code to IT, go live. The prototype made the IT conversation faster, not slower, because IT had a working artifact to react to instead of a Word doc full of requirements.
If users start entering data and I change the app, does the data break?
About halfway through, someone asked the question that comes up the moment a prototype starts looking real. What happens if I deploy this, people start entering data, and then I need to change something? In a traditional dev shop, you'd have a staging environment, a backup, a migration plan. What does that look like in Lovable?
The tools are smarter about this than you'd expect. When you ask Lovable to change something structural, like adding a new field or changing how data is stored, it pauses and asks you what to do with the existing data. Roxanne, one of our session leads, described it from her own weightlifting tracker: "It basically asked me, hey are you okay keeping the database as is, knowing your previous lifts won't have this new data?"
That's the right behavior for a prototype. For anything serious, anything where you've collected information you actually care about, the conversation with your IT team about hosting becomes a conversation about backups, version control, and migration paths. Vibe coding tools handle the basics. Production-grade reliability is still IT's territory.
Can these tools reference our actual policy documents?
This came up when the cohort was watching Erin, our sales engineer, demo a Claude project loaded with internal policy docs. The implication was the part the room actually wanted to know about: can the tool you're prototyping in read your real policies, your real disclosures, your real onboarding materials, and respond accurately based on them?
Yes, with the right tool and the right setup. Claude's Projects feature lets you upload documents like policies, procedures, training materials, and regulatory guidance, then use them as the knowledge base for everything you ask. Erin showed her own setup live: a Claude project that handles SOC 2 questionnaire responses by referencing the actual policies and previous answers Ethena has on file.
This is what takes a vibe-coded app from "demo of a concept" to "actually useful for compliance work." It's also where the data governance conversation gets real, since you're now feeding policy documents into a third-party tool. The same rule applies as before: prototype with sample or publicly available content first, then bring IT into the conversation when you're ready to use the real thing.
Our company has Claude but not Lovable. Can I do all of this in just Claude?
Toward the end of the session, a compliance officer raised a practical question that anyone evaluating tools should think about. Her company has Claude licenses but no procurement path to Lovable. Could she do everything she'd just seen demo'd, all in Claude?
Mostly yes, with a steeper learning curve. Claude Code can build apps, agents, and tools, and many of Ethena's own internal builds happen there. It does more of the heavy lifting in plain English and less in a visual interface, which makes it more powerful and more intimidating at the same time. Even seasoned builders sometimes find Claude Code daunting at first.
If your company has Claude but not Lovable, you can still vibe code, prototype, and ship. You just need to be ready to learn a little more of the technical vocabulary, and to lean on Claude itself as your translator. One prompt Erin shared with the cohort is worth saving:
"You are my engineering partner on this project and I am your business partner. Explain what this means in non-technical terms as well as the implications of taking action."
That one works in both Claude and Lovable.
Compliance professionals ask the right questions about new tools faster than most. Where does the data go. Who owns the code. What happens when I need to change something. These five came up in one ninety-minute session. They'll come up again in your team's first vibe coding conversation, whether that happens in a class or over Slack with your IT director.
If you'd like to work through them live, alongside the Ethena team building inside these tools every day, check out the AI in Compliance Certification. Otherwise, save this post for the next time someone in your organization says, "I've been hearing about vibe coding..."
