Blog
Security for AI-built apps
Practical, plain-English writing on AI code security, vibe coding risks, and what to check before launch — no jargon, no fear-mongering.
Vibe Coding
Is Vibe Coding Safe? An Honest Answer
What actually goes wrong in AI-built apps, how often, and the 30-minute routine that removes most of the risk.
Lovable
How to Secure a Lovable App Before Launch (Step by Step)
Supabase RLS, exposed keys, the stranger test, and edge functions — one hour of checks before you share the link.
Guides
How to Check If Your AI-Built App Is Secure (Without Being a Developer)
Four checks that don't require a security background — and how often to re-run them.
Supabase
Supabase RLS Explained for Founders
The filing-cabinet mental model, why AI tools leave RLS off, and the two-step fix in plain English.
Secrets
How to Find Exposed API Keys in Your Code (Before Bots Do)
Where keys hide in AI-built apps, the exact search patterns, and the three-step fix most founders get wrong.
Secrets
What Actually Happens When Your API Key Leaks (Hour by Hour)
The realistic timeline from leak to exploitation, and the response checklist if it happens to you.
Replit
Replit App Security: What to Check Before You Deploy
Replit Secrets, project visibility, database rules, and the pre-deploy checklist for Replit Agent apps.
Vercel
Vercel Deployment Security Checklist for AI-Built Apps
The NEXT_PUBLIC trap, security headers, preview deployment leaks, and the pre-deploy checks.
Supply Chain
Hallucinated Packages: The AI Coding Risk Nobody Checks For
AI tools invent package names — and attackers register them. What slopsquatting is and how to protect yourself.
Founders
The Launch-Week Security Checklist for Non-Technical Founders
Seven checks, one hour — the routine that prevents the most common AI-built app disasters.
Security
Why AI-Generated Code Has More Security Bugs Than You Think
AI coding tools optimize for "it runs," not "it's safe." Here's exactly why that gap exists and what it means for your app.
Case Studies
5 Real Exposed API Key Disasters (And How to Avoid Being Next)
From drained Stripe accounts to $50k AWS bills — real incidents caused by one hardcoded key, and how each one was preventable.
Comparison
Lovable vs Bolt vs Cursor vs Replit: Whose Default Output Is More Secure?
We compared the security posture of code generated by four popular AI builders. Here's what's consistently missing across all of them.