AI security: audits and teardowns

We audit AI-built apps for what AI didn't think to check.

An AI tool writes you a login flow, an API, and a Stripe webhook in fifteen minutes. None of those pieces, by default, knows the others exist. Same pattern across Lovable, Bolt, Cursor, and v0. We audit that code, and we tear down the bigger AI security failures when they hit the news, the same way.

Book a free audit Services & pricing
How it works

Start free. Pay only for the work you ask us to do.

There are three tiers, and each one is a place you can stop. Pay for the audit, take the findings, and walk away if that's all you needed.

The sprint is there for the times when reading the list isn't enough and you want the pull requests sitting in your repo.

1
Free audit call $0
30 min

Scoping call plus read-only repo access. One-page list of findings within 48 hours.

2
Express audit $750
2 days

Written report, severity-ranked. Code excerpts and recommended fixes for each finding.

3
Audit + fix sprint $3,500
1-2 weeks

We ship PRs against your repo. Top 5-10 issues, with the negative tests AI didn't write.

Pattern catalog

The patterns we read for.

The happy path always works. You sign up, the dashboard loads, the demo goes fine. Then a payment fails, or two requests land at once, or someone hits an API route the UI never links to, and the gaps show.

Below are the twelve patterns we run into most. Each one gets its own teardown on the blog.

  1. 01

    Page-vs-API split

    CRIT

    Middleware protects /dashboard. The API routes the dashboard calls have no such check.

  2. 02

    Open-database default

    CRIT

    Supabase RLS off. The database doesn't refuse cross-tenant reads.

  3. 03

    Unsigned webhooks

    CRIT

    request.json() trusts whatever arrives. Anyone with the URL can mark invoices paid.

  4. 04

    Service-role keys in the client bundle

    CRIT

    Supabase admin keys imported into client components. They ship to every browser.

  5. 05

    Unmetered AI endpoints

    HIGH

    OpenAI key, called once per click. One bad actor runs your bill to four figures in an afternoon.

  6. 06

    Wildcard CORS

    HIGH

    Any site can make authenticated requests on behalf of a logged-in user.

  7. 07

    Body-spread inserts

    CRIT

    Mutation routes pass req.body to .insert(). Users write any column. Self-promotion to admin via one POST.

  8. 08

    Error responses leak internals

    MED

    Stack traces returned to clients. Table names, file paths, env var names visible on any 500.

  9. 09

    Schemas changed by hand

    MED

    No migration history. No rollback path. Production drift you can't reproduce locally.

  10. 10

    N+1 queries everywhere

    MED

    Loops that hit the database once per item. Fine at ten users. Times out at a thousand.

  11. 11

    No idempotency on payments

    HIGH

    Double-clicking the checkout button charges the card twice.

  12. 12

    No logging, no monitoring

    MED

    When something breaks in production, you find out from an angry customer email.

12 patterns 5 critical 3 high 4 medium

Read the teardowns →

By tool

Each tool has its own worst habit.

The catalog is the same everywhere. What changes is which patterns dominate, depending on the tool that wrote the code.

Each landing page below lists the ones we see most in code from that tool, with example fixes.

Lovable
Signature · Page-vs-API split

Auth lives on the page; the API stays open. Appears in nearly every audit.
Bolt.new
Signature · Unsigned webhooks

Migrations missing, AI endpoints unmetered. Production-readiness gaps dominate.
Cursor
Signature · Refactor drift

Race conditions in optimistic UI. Tests that pass without testing what matters.

The call takes thirty minutes, and the written list reaches you within two days. We don't chase you afterwards. What you do with it is entirely your call.

Book a free audit