frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

I built a scanner to find common vulnerabilities in AI-generated apps

https://securemyvibes.com
1•baptisteallain•1h ago

Comments

baptisteallain•1h ago
I kept seeing the same pattern when I check vibe coded site (what I do every day) founders ship apps built with Cursor, Lovable or Bolt, get their first users, celebrate and have exposed API keys, broken auth, and injectable endpoints sitting in production... I have found at least 30+ API key... I like shipping fast but I don't like that kind of behavious with security.

The LLMs are great at making things work. Indeed they're not optimized for making things safe. And most vibe coders don't have a security background, so they don't know what to look for.

So I built a scanner (before Claude does it) specifically for this: you drop your URL, it runs a set of checks, and returns a prioritized list of vulnerabilities with severity levels. The idea is to make it actionable not just "you have a problem" but "here's the exact prompt to fix it in Cursor/lovable."

Free to scan. First vulnerability shown for free, full report behind a paywall.

What's your current approach to security when you vibe code something and push it live? Tbh I am really curious if this is a problem people are actually solving or just ignoring.

Mflavien01•1h ago
Honestly I see this all the time too. People are super excited to ship fast, get their first users, post the launch… and meanwhile their keys are sitting in the frontend or the auth logic is basically optional I think the problem isn’t that founders don’t care, it’s more that when you’re vibe coding you’re focused on “does it work?” not “is it safe?”. And since the LLM makes everything feel easy, you don’t always realize what you just exposed to the internet.

My current approach is pretty simple: I assume everything I ship is public and hostile by default. So I try to move secrets server-side, use environment variables properly, add basic rate limiting, and at least test endpoints manually before pushing. It’s not perfect, but it prevents the obvious disasters.

Your scanner idea actually makes a lot of sense, especially if it gives concrete fixes instead of just scary warnings. Most builders won’t read a security report, but they will paste a prompt into Cursor to fix the issue.

Curious to see how people react to it, because right now it really feels like security is the thing everyone knows matters… but postpones until something breaks.

CrossOver Preview is our thank YOU

https://www.codeweavers.com/blog/jschmid/2026/2/24/crossover-preview-is-our-thank-you
1•speckx•2m ago•0 comments

Precisely understand complex AI behaviors

https://transluce.org/docent
1•mooreds•3m ago•0 comments

I freaking love the new tools I built for myself

https://bastiangruber.ca/posts/i-freaking-love-the-new-tools-i-built-for-myself/
1•recvonline•4m ago•0 comments

Researchers build ultra-efficient optical sensors shrinking light to a chip

https://www.colorado.edu/ecee/researchers-build-ultra-efficient-optical-sensors-shrinking-light-chip
1•giuliomagnifico•4m ago•0 comments

Builders Unscripted: Ep. 1 – Peter Steinberger, Creator of OpenClaw

https://www.youtube.com/watch?v=9jgcT0Fqt7U
1•doppp•5m ago•0 comments

Homeownership Is Out of Reach for Many Americans, Despite a Buyer's Market

https://www.nytimes.com/2026/02/23/business/home-buying-market-real-estate-economy.html
1•mooreds•5m ago•0 comments

Show HN: SQL Crack – Local-first SQL visualizer with column lineage

https://github.com/buva7687/sql-crack
1•buva•5m ago•1 comments

Nimble gets $75M to build web datasets for AI agents

https://twitter.com/nimble_data/status/2026288589735403716
1•blef•5m ago•0 comments

Time to Move On – The Reason Relationships End

https://steveblank.com/2026/02/24/time-to-move-on-the-reason-relationships-end/
2•MindGods•6m ago•0 comments

The Day Moltbook's Agents Started Doing SEO

https://growtika.com/blog/the-day-moltbooks-agents-started-doing-seo
1•Growtika•6m ago•0 comments

Be Careful with LLM "Agents"

https://maurycyz.com/misc/sandbox_llms/
2•speckx•7m ago•0 comments

Nobody Wants to Use Your Software (and That's the Point)

https://www.runproper.com/blog/nobody-wants-to-use-your-software
1•rsanaie•8m ago•0 comments

The Agent Times: OpenHands hits 68K stars in the agent economy

https://theagenttimes.com/articles/68107-stars-is-openhands-the-rocket-fuel-the-agent-economy-needs
1•Ross00781•9m ago•0 comments

Cardiorespiratory fitness is associated with lower anger and anxiety

https://linkinghub.elsevier.com/retrieve/pii/S000169182600171X
3•PaulHoule•10m ago•1 comments

Free Font: Times New Resistance

https://www.abbyhaddican.com/times-new-resistance
3•AlexandrB•10m ago•1 comments

EU: ECR rapporteur Wiśniewska is fighting to EXTEND scanning of private messages

https://digitalcourage.social/@echo_pbreyer/116119256928189485
1•nickslaughter02•10m ago•0 comments

Show HN: If Discord, Reddit, X, IRC and 4chan had a baby

2•ignasheahy•10m ago•0 comments

Replacing Anthropic's API with 2x 3090s. Claude Code on a local 80B Qwen model

https://twitter.com/sudoingX/status/2026297110141018122
1•ianlpaterson•10m ago•0 comments

Japan Pushes to Make Snowball Fighting an Olympic Event

https://www.chosun.com/english/sports-en/2026/02/24/H67UMP7OSNE7NOB6XR2JX4W7KY/
1•woldemariam•11m ago•0 comments

Show HN: Digital Janitor – A 1-click Python script to auto-sort messy downloads

https://github.com/Radhesh20/digital-janitor
1•radhesh20•11m ago•0 comments

Tell HN: GitHub Actions is falling over again

1•drcongo•12m ago•0 comments

Tethered – Runtime network egress control for Python

https://github.com/shcherbak-ai/tethered
1•sergiishcherbak•12m ago•1 comments

The New Panopticon: How AI Changes Accountability

https://florinandrei.substack.com/p/the-new-panopticon-how-ai-changes
1•Florin_Andrei•13m ago•1 comments

Racket 9.1 Is Available

https://blog.racket-lang.org/2026/02/racket-v9-1.html
2•owl_vision•13m ago•0 comments

Bulgarian Teacher with 38 International Medalist Students

https://www.youtube.com/watch?v=Zn0ZVxHGFC0
1•dzink•14m ago•0 comments

USRP X420 10MHz – 20 GHz SDR

https://www.ni.com/en-us/shop/model/ettus-usrp-x420.html
1•fadedsignal•14m ago•0 comments

Is AI Good for Democracy?

https://www.schneier.com/blog/archives/2026/02/is-ai-good-for-democracy.html
1•speckx•14m ago•0 comments

Show HN: Open-source LLM and dataset for sports forecasting (Pro Golf)

https://huggingface.co/LightningRodLabs/Golf-Forecaster
6•bturtel•14m ago•0 comments

PersonaLive Expressive Portrait Image Animation for Live Streaming

https://arxiv.org/abs/2512.11253
2•tamnd•14m ago•0 comments

People Are Worried About Blue Owl Liquidity

https://www.bloomberg.com/opinion/newsletters/2026-02-23/people-are-worried-about-blue-owl-liquidity
1•mooreds•14m ago•1 comments