Blog

Security for the way you build now.

Practical guides on securing AI-built and vibe-coded SaaS - the flaws that ship by default, and how to fix them before they ship you.

Latest

How to Secure a Next.js App Built with AI

v0, Bolt, and Cursor ship Next.js - and AI rarely respects its security model. The 7 Next.js security gaps in AI-built apps, from the CVE-2025-29927 middleware bypass to unguarded Server Actions.

Next.jsJun 20, 20269 min read

Read the guide

Security reviews02

How to Pass an Enterprise Security Review as an Indie SaaS Founder

The deal is moving, then a 100-question security questionnaire lands. Here is how an indie SaaS founder clears an enterprise security review - and closes the deal - without a SOC 2 yet.

Jun 18, 2026 · 8 minRead

Secrets03

API Keys & Secrets: How Vibe-Coded Apps Leak Them (and How to Stop)

Millions of secrets leak from public repos every year, and AI-built apps are prime offenders. How vibe-coded apps expose API keys - in front-end code and git history - and the habits that stop it.

Jun 16, 2026 · 8 minRead

Supabase04

The Supabase Security Checklist for Vibe-Coded Apps

Supabase powers most vibe-coded apps - and its defaults are a trap. A plain-English checklist to lock down RLS, your keys, storage, and auth before you put real users behind it.

Jun 13, 2026 · 8 minRead

Vibe coding05

Vibe-Coded App Security: 7 Flaws AI Coding Tools Ship by Default

AI coding tools ship insecure code nearly half the time. Here are the 7 security flaws vibe-coded apps ship by default - exposed databases, leaked keys, broken auth - and how to fix each before you launch.

Jun 6, 2026 · 9 minRead