Lovable, a Stockholm-based AI app builder valued at $6.6 billion, is frequently cited as proof that Europe can build globally competitive AI companies. Founded in 2023, the company lets anyone build websites and apps by chatting with an AI, and it has grown into one of the fastest-growing software startups in history. Yet beneath this success story lies a troubling pattern that reveals how Europe's AI strategy may be setting itself up for long-term dependence on American tech giants.

Why Is Lovable's Business Model Risky?

Lovable's rise depends entirely on technology built by others. Instead of developing its own AI models or creating a proprietary technology stack, the company routes user prompts to models made by Anthropic and Google, then distributes the results through existing hyperscaler ecosystems. In June 2026, Lovable announced a deepened partnership with Google Cloud designed to increase its Google Cloud footprint fivefold, with integration into Google Workspace products.

This reliance on external suppliers creates a vulnerability that the tech industry knows well. In April 2026, images posted on social media appeared to show that Anthropic had created its own in-chat app builder, essentially competing directly with Lovable's core product. Weeks later, Anthropic launched Claude for Legal, a specialized offering that put legal AI startups on the defensive, including companies like Harvey, Legora, and Robin AI that had built their entire products around Claude models.

This pattern, known in tech circles as getting "sherlocked" (named after Apple introduced a feature that made a popular third-party tool obsolete), represents a fundamental risk for application-layer companies. The supplier becomes the competitor, and the smaller company loses its defining advantage overnight.

How Are Enterprise Leaders Responding to AI Governance Gaps?

While Lovable and similar tools have made it easier for non-developers to build applications, enterprise leaders are growing increasingly concerned about the governance and security implications. Retool, a platform that manages AI-coded applications, surveyed 307 chief technology officers, chief information security officers, and chief information officers about their concerns with AI-generated code.

The findings paint a picture of widespread anxiety. According to the survey, 93% of respondents expressed concern about "vibe-coded" tools (applications built through conversational AI prompts) running in production environments, and 38% called it a top operational risk. Even more troubling, 59% of respondents could not confirm whether they had experienced an AI-caused production incident, and only 19% could definitively say they hadn't had one because they had monitoring in place.

• Visibility Crisis: Only 5% of leaders surveyed reported being "very confident" they have full visibility into all production internal tools, while 43% acknowledged they are "not very confident" or "not at all confident." Approximately 95% of leaders acknowledged at least some gaps in visibility.
• Governance Weakness: Only 8% of respondents described their organization's governance as "strong." The majority reported governance as requiring "significant manual effort" (40%), being "uneven across teams" (37%), or remaining "reactive" (10%).
• Business Pressure: 90% of respondents said pressure from their business to enable AI building has increased in the past 12 months, with 31% saying tolerance for friction is "near zero."

"AI is transforming how software gets built, but it hasn't solved how software gets governed and shipped, and that gap is exactly where enterprises get exposed," said David Hsu, CEO and founder of Retool.

David Hsu, CEO and Founder of Retool

What Are the Broader Strategic Implications for Europe?

Lovable's situation reflects a deliberate bet that European policymakers have made about the continent's role in AI. Rather than investing billions in building frontier AI models or competing with US hyperscalers on compute infrastructure, European policy has focused on the "application layer," where companies build user-facing tools on top of existing models.

The logic is financially appealing. Building applications requires less capital than training large language models, and the profit margins can be substantial. This strategy pattern-matches to how the internet era played out, with companies like Booking.com and Netflix becoming major winners by operating at the application layer rather than building underlying infrastructure.

However, AI fundamentally differs from earlier software eras. Companies like Salesforce and Adobe built lasting franchises because their suppliers sold commodity inputs and had no interest in competing at the application layer. AI application companies, by contrast, rent their defining capability from a handful of firms that are actively expanding into applications themselves and control the marginal cost of every customer interaction.

"Succeeding at the application layer and achieving independence turn out to be different things," noted the analysis in TechPolicy.Press.

TechPolicy.Press

Europe's most celebrated consumer tech champion, Spotify, illustrates this dynamic. The company runs on someone else's cloud infrastructure, hands most of its revenue to rights holders it cannot do without, and has spent years fighting Apple over App Store fees and market competition. Lovable and similar European AI startups face an even harder version of this problem, with rigid marginal costs set upstream by model providers.

How Can Organizations Build Responsibly With AI Tools?

For enterprises navigating this landscape, governance has become critical. Retool's announcement of a new platform addresses this challenge by allowing teams to build with any AI coding tool, whether Lovable, Replit, Cursor, or others, while enforcing enterprise governance automatically.

• Unified Permissions Model: Organizations can attach permissions to data sources and enforce them universally across applications, regardless of which AI tool was used to build them or where the code originated.
• Automatic Audit Trails: Applications immediately inherit the organization's existing audit trails and resource-level policies the moment they land in a governed platform, creating visibility into who accessed what and when.
• Production-Ready Security: By routing all AI-generated applications through a governance layer before deployment, enterprises can ensure that security and compliance standards are met automatically, reducing manual review overhead.

"We want teams to be able to build responsibly without creating new risk. The challenge is not just speed; it is making sure the right governance, permissions, and auditability are built into how AI-enabled applications move into production," explained Iraklis Pappas, Global Head of AI at Colgate-Palmolive.

Iraklis Pappas, Global Head of AI at Colgate-Palmolive

The broader AI development ecosystem continues to evolve rapidly. A 2026 guide to AI coding agents and platforms identified over a dozen tools now in active use, from autonomous engineers like Devin to design-to-code platforms like Lovable Dev, each serving different needs in the development workflow. Yet the governance challenge remains consistent across all of them: how to capture the speed benefits of AI-assisted development without sacrificing security, compliance, and organizational control.

For Europe, the Lovable story serves as both inspiration and warning. The company has achieved remarkable growth and global recognition, proving that European founders can build world-class AI products. But its dependence on American models and infrastructure underscores a strategic vulnerability that no amount of application-layer success can fully resolve. As enterprises race to adopt AI development tools, the real competitive advantage may not lie in building faster, but in building with governance built in from the start.