Fetching latest headlines…
I Built a Security Scanner for AI Apps — Then I Ran It on My Own Site
NORTH AMERICA
🇺🇸 United StatesJuly 5, 2026

I Built a Security Scanner for AI Apps — Then I Ran It on My Own Site

0 views0 likes0 comments
Originally published byDev.to

I built VibeSafe — a 24-check security scanner for apps made with AI coding tools (Cursor, Lovable, Bolt, v0, Replit).

The idea came from a pattern I kept seeing: AI tools produce code that works, but rarely code that's secure. Hardcoded API keys, disabled Row Level Security, missing CSP headers, exposed .env files. Same issues, different apps.

Before writing a line of scanner code, I manually audited 5 real vibe-coded apps:

  • 5/5 had at least one critical vulnerability
  • 3/5 had exposed API keys in frontend JavaScript
  • 4/5 had Row Level Security completely disabled
  • 1/5 had their entire database publicly readable

Every founder was shocked. None of them knew.

The Dogfood Test

So I built the scanner — 24 checks across pre-launch source code and post-launch live URLs.

Then I ran it on my own site. The worst possible outcome:

Zero issues. Clean scan. Trust badge earned.

Not because I'm a security expert. Because I built the scanner to catch exactly what I knew AI tools get wrong — and I fixed each issue before shipping.

What the Scanner Checks (24 total)

Pre-launch (10 checks — source code):

  • Exposed secrets, SQL injection, Supabase RLS, Firebase rules
  • Hardcoded credentials, unprotected API routes, Stripe webhook verification
  • Dependency CVE audit, DB config exposure

Post-launch (14 checks — live URL):

  • SSL/TLS, security headers, exposed files, JS bundle secrets
  • CORS, rate limiting, data breach check, source map exposure
  • Cookie security, robots.txt analysis, subdomain discovery
  • Supply chain / SBOM check, trust badge

Why I'm Posting This

I'm running a launch week. Everything is 40% off with code LAUNCH40:

Product Regular Launch Price
Post-Launch Scan (14 URL checks) $19 $11
Pre-Launch Audit (10 repo checks) $39 $23
Full Bundle (all 24 checks) $49 $29
Continuous Protection (weekly) $39/mo $23/mo

One-time pricing, plain-English reports with exact fixes.

vibesafe.store

Quick check for your own codebase:

grep -r "eyJ" --include="*.js" --include="*.ts" .     finds JWT tokens
grep -r "api_key\|password\|secret" --include="*.js" .finds hardcoded creds

You might be surprised what you find.

Comments (0)

Sign in to join the discussion

Be the first to comment!