Tagged: security
12 posts · all posts
- How Claude Code projects leak API keys
7 July 2026
AI-generated projects often hardcode secrets or commit .env files by accident. Here's how to scan your Claude Code project for leaked keys in a few minutes.
- Keeping dependencies updated in AI-written code
7 July 2026
AI-built apps ship with dozens of packages you never chose. Here's how to find the vulnerable ones and keep them patched without breaking your app.
- Check for exposed API keys in 5 minutes
7 July 2026
A copy-pasteable, 5-minute self-check for whether your Lovable or backend-as-a-service app is leaking a privileged key to anyone who opens the page.
- My Lovable app got hacked: what to do in the first hour
7 July 2026
A calm, ordered playbook for the first 60 minutes after your Lovable app is compromised: contain, rotate, assess, and recover without making it worse.
- Lovable environment variables: what's secret
7 July 2026
Not every value in your Lovable env is a secret, and some things you think are safe aren't. Here's how to tell which is which before you ship.
- Postgres row-level security exposed: an audit
7 July 2026
A copy-pasteable SQL audit that finds every Postgres table with RLS off or protected by a policy that lets everyone in, in about 15 minutes.
- Postmortem: an exposed API key and a surprise bill
7 July 2026
How a single API key left in frontend code turned into a four-figure bill overnight, and the checks that stop it.
- The production checklist for Lovable apps
7 July 2026
A 15-point checklist for Lovable, Bolt, and Claude Code apps: real commands to check leaked keys, missing backups, open admin routes.
- Rate limiting, CORS, and debug mode: 20 minutes
7 July 2026
Three config fixes that stop the most common attacks on AI-built backends: a rate limit, a locked-down CORS policy, and debug mode turned off.
- Secrets management for vibe-coded apps
7 July 2026
A .env file is fine on your laptop and a liability in production. Here's how to run a real secrets setup without a heavyweight vault.
- The vibe coding security checklist basics
7 July 2026
A plain-English security checklist for AI-built apps. Learn what SSL, env vars, and RLS mean, and the seven things to check before real users show up.
- Securing webhooks in an AI-generated app
7 July 2026
Your webhook endpoint trusts anyone who knows the URL. That's a payment-fraud risk. Here's how to verify signatures properly.