Blog

Security for AI-built apps

Practical, plain-English writing on AI code security, vibe coding risks, and what to check before launch — no jargon, no fear-mongering.

Is Vibe Coding Safe? An Honest Answer
What actually goes wrong in AI-built apps, how often, and the 30-minute routine that removes most of the risk.
How to Secure a Lovable App Before Launch (Step by Step)
Supabase RLS, exposed keys, the stranger test, and edge functions — one hour of checks before you share the link.
How to Check If Your AI-Built App Is Secure (Without Being a Developer)
Four checks that don't require a security background — and how often to re-run them.
Supabase RLS Explained for Founders
The filing-cabinet mental model, why AI tools leave RLS off, and the two-step fix in plain English.
How to Find Exposed API Keys in Your Code (Before Bots Do)
Where keys hide in AI-built apps, the exact search patterns, and the three-step fix most founders get wrong.
What Actually Happens When Your API Key Leaks (Hour by Hour)
The realistic timeline from leak to exploitation, and the response checklist if it happens to you.
Replit App Security: What to Check Before You Deploy
Replit Secrets, project visibility, database rules, and the pre-deploy checklist for Replit Agent apps.
Vercel Deployment Security Checklist for AI-Built Apps
The NEXT_PUBLIC trap, security headers, preview deployment leaks, and the pre-deploy checks.
Hallucinated Packages: The AI Coding Risk Nobody Checks For
AI tools invent package names — and attackers register them. What slopsquatting is and how to protect yourself.
The Launch-Week Security Checklist for Non-Technical Founders
Seven checks, one hour — the routine that prevents the most common AI-built app disasters.
Why AI-Generated Code Has More Security Bugs Than You Think
AI coding tools optimize for "it runs," not "it's safe." Here's exactly why that gap exists and what it means for your app.
5 Real Exposed API Key Disasters (And How to Avoid Being Next)
From drained Stripe accounts to $50k AWS bills — real incidents caused by one hardcoded key, and how each one was preventable.
Lovable vs Bolt vs Cursor vs Replit: Whose Default Output Is More Secure?
We compared the security posture of code generated by four popular AI builders. Here's what's consistently missing across all of them.