Skip to content

Tag

Vibe Coding & Security

Tutorials, guides, and deep dives on security for AI-assisted development.

65 articles

pulse·intermediate·11 min

Claude Code Adds Fallback Models and Tightens Agent Security

Claude Code v2.1.166 ships fallback models to survive API overloads automatically, and closes a SendMessage privilege gap affecting multi-agent orchestration.

Read
pulse·intermediate·11 min

Claude Code Security Plugin Scans for 25 Vulnerability Classes

Claude Code's new security plugin ships free on May 27. It scans edits and commits for 25 vulnerability classes using a fresh Opus 4.7 reviewer on all plans.

Read
pulse·intermediate·11 min

Why Claude Agents Now Run Inside Your Private Network

Claude Managed Agents shipped self-hosted sandboxes and MCP tunnels. Your code stays in your infrastructure and private APIs need no public firewall holes.

Read
pulse·intermediate·11 min

Mini Shai-Hulud npm Attack Targets Your Claude Code Config

Mini Shai-Hulud hijacked Claude Code's SessionStart hook as a persistence vector in May 2026. If you ran npm install recently, here is your cleanup checklist.

Read
pulse·intermediate·7 min

Getting AI Coding Tools Approved by Enterprise Security

Getting AI coding tools approved enterprise security. Four approval dimensions and what makes security approval sustainable for enterprise rollouts.

Read
grow·intermediate·6 min

Secrets Management Production Vault AWS SSM and Doppler

Secrets management production Vault AWS SSM Doppler comparison. Four criteria and what makes secrets management work for vibe coded production apps.

Read
grow·intermediate·8 min

Compliance Basics SOC 2 GDPR HIPAA Overview for Vibe Coders

Compliance basics SOC 2 GDPR HIPAA overview for vibe coders. Four key differences between frameworks, which applies to your product, and what to do first.

Read
ship·intermediate·7 min

Dependency Management Auditing and Updating Packages Guide

Dependency management for vibe coded projects. Four hygiene practices for auditing and updating packages and what AI generates that needs cleanup.

Read
ship·beginner·7 min

Gitignore Essentials What to Never Commit Checklist

Gitignore essentials checklist. Four file categories you must never commit and what AI coding tools commonly forget to add to .gitignore.

Read
foundations·intermediate·8 min

Privacy Considerations When Using AI Coding Tools 2026

Privacy considerations for AI coding tools in 2026. Four exposure categories, how tools handle your data, and how to protect code and customer information well.

Read
pulse·advanced·8 min

Vibe Coding for Government FedRAMP and Security 2026

Vibe coding government FedRAMP security 2026. Four compliance patterns and what makes AI coding work for FedRAMP and government contexts.

Read
ship·intermediate·11 min

A Practical Code Review Checklist for AI-Generated Code

A practical code review checklist for AI-generated code covering security, logic bugs, performance, and quality issues that automated tools consistently miss.

Read
grow·intermediate·12 min

Security Patching to Stay Ahead of Vulnerabilities

Stay ahead of security vulnerabilities in AI-built apps. Automate npm audit, prioritize CVEs, patch Node.js dependencies, and set up GitHub security alerts.

Read
grow·intermediate·10 min

SSL Certificate Renewal for Apps That Must Stay Online

SSL certificate renewal for AI-built apps. Set up auto-renewal with Let's Encrypt, monitor expiry dates, and fix common certificate errors on Vercel and Cloudflare.

Read
ship·intermediate·14 min

Testing Authentication Flows Thoroughly and Correctly

Test authentication flows at every layer: unit tests for token logic, integration tests for login and signup, and E2E tests for the full browser experience.

Read
ship·advanced·10 min

Content Security Policy Configuration for AI-Built Web Apps

Configure Content Security Policy for AI-built web apps. Practical guide to CSP headers, common directives, and testing without breaking your app's features.

Read
ship·intermediate·11 min

Debugging Authentication Flows in AI-Built Web Applications

Debug authentication flows in AI-built apps. Fix login bugs, redirect loops, expired tokens, OAuth failures, and session issues with systematic approaches.

Read
ship·beginner·10 min

HTTPS and SSL Certificates for Your AI-Built Web Application

HTTPS and SSL/TLS explained for vibe coders. Why the padlock matters, how Vercel and Cloudflare handle certificates, and what to do when HTTPS breaks on you.

Read
ship·intermediate·10 min

The Lovable CVE That Exposed 170 Apps and What It Teaches Us

The Lovable CVE-2025-48757 case study explained. How AI-generated code exposed 170+ app databases and the security checks every vibe coder needs to perform.

Read
ship·intermediate·10 min

The Moltbook Leak That Exposed 1.5 Million Auth Tokens

The Moltbook security leak case study. How 1.5M auth tokens were exposed through a public API and the token management lessons every vibe coder needs to learn.

Read
ship·advanced·11 min

DIY Penetration Testing for Your AI-Built Web Application

DIY penetration testing for AI-built apps. Find security vulnerabilities before attackers do using OWASP ZAP, Burp Suite, and a structured testing checklist.

Read
build·intermediate·11 min

Rate Limiting and API Throttling for Your AI-Built App

Implement rate limiting and API throttling in your AI-built app. Token bucket, sliding window, and Upstash Redis patterns that protect against abuse and costs.

Read
ship·intermediate·10 min

The Replit SaaStr Database Disaster and Its Key Lessons

The Replit SaaStr database disaster explained. How an AI agent deleted production data, faked replacements, and the guardrails that would have prevented it.

Read
build·intermediate·10 min

Role-Based Access Control for Your AI-Built Application

Implement role-based access control in AI-built apps. Practical RBAC guide with Supabase RLS and Next.js middleware for founders and developers building apps.

Read
ship·intermediate·12 min

Security Auditing Tools for AI-Generated Code Compared

Compare security auditing tools for AI-generated code. Snyk, Semgrep, npm audit, and more reviewed for finding vulnerabilities before they reach production.

Read
ship·advanced·10 min

SOC 2 Considerations When Your Product Is Built With AI Tools

SOC 2 compliance for AI-built products. What startups need to know about the five trust criteria, AI-specific challenges, and practical steps to get certified.

Read
build·intermediate·10 min

User Authentication From Scratch With Email and Password

Build user authentication from scratch with email and password. Step-by-step guide using Supabase Auth or NextAuth with secure password handling and sessions.

Read
ship·advanced·12 min

WebSocket Security for Authentication and Message Validation

Secure WebSocket connections with proper authentication and message validation. Prevent injection, unauthorized access, and the gaps AI code commonly leaves open.

Read
ship·intermediate·11 min

The AI Can't Delete This Database Configuration Checklist

Configure your database so AI agents cannot delete data. Seven settings covering RLS policies, read-only roles, deletion triggers, and automated backups.

Read
ship·beginner·10 min

How AI Accidentally Commits Your API Keys and Secrets

AI coding tools regularly expose API keys and secrets in your code. Learn how it happens, how to check your repos, and how to rotate compromised keys.

Read
ship·intermediate·12 min

Authentication Security for Every AI-Built App in 2026

AI tools generate insecure authentication patterns by default. Learn how passwords, sessions, and tokens should work and what to fix in your codebase.

Read
ship·intermediate·10 min

Authorization Patterns Every Vibe Coder Must Implement

AI tools build apps where every user can see everything. Learn authorization patterns that control access properly, from RBAC to row-level policies.

Read
ship·intermediate·10 min

Cookie Security Flags That Protect Your Users from Common Attacks

Cookie security flags explained for vibe coders. Learn SameSite, HttpOnly, and Secure attributes with copy-paste configs for Next.js, Express, and Supabase.

Read
ship·intermediate·11 min

Cross-Site Scripting in AI Code and How to Prevent It

AI-generated code is 2.74x more likely to have XSS vulnerabilities than human-written code. Learn why AI creates them and how to fix every pattern.

Read
ship·intermediate·10 min

CSRF Protection Explained and How to Implement It in Your App

CSRF protection explained for vibe coders. Learn what cross-site request forgery is, why AI skips it, and how to implement CSRF tokens in Next.js and Express.

Read
ship·intermediate·11 min

Database Encryption at Rest and in Transit for Vibe-Coded Apps

Database encryption explained for vibe coders. Learn what Supabase, Neon, and PlanetScale encrypt automatically and what you must configure for full protection.

Read
ship·intermediate·10 min

Environment Variables in Production and How to Manage Them Safely

Environment variables in production explained for vibe coders. Learn to manage secrets safely across Vercel, Railway, and Cloudflare without exposing API keys.

Read
ship·intermediate·11 min

File Upload Security That Prevents Malicious Uploads in Your App

Secure file uploads in your vibe-coded app. Learn file type validation, size limits, malware prevention, and safe storage patterns that AI tools always skip.

Read
ship·intermediate·10 min

Input Validation and Why You Should Never Trust User Data

Input validation explained for vibe coders. Learn why AI skips validation, how to use Zod for runtime checks, and the patterns that prevent injection attacks.

Read
ship·intermediate·10 min

Payment Security and PCI Compliance for Vibe-Coded Apps

PCI compliance for vibe-coded apps explained. Learn what Stripe handles, what you must do yourself, and the payment security mistakes AI tools always make.

Read
pulse·intermediate·11 min

Post-Mortem of the Lovable CVE That Exposed 170+ Apps

The Lovable CVE-2025-48757 exposed 170+ production apps due to missing Row Level Security. A detailed breakdown of what happened and how to prevent it.

Read
pulse·intermediate·10 min

Post-Mortem of Moltbook and the 1.5 Million Token Leak

The Moltbook leak exposed 1.5M auth tokens and 35K emails from an app built entirely with AI. A breakdown of what went wrong and what every builder must learn.

Read
pulse·intermediate·12 min

Post-Mortem of the Tea App Leak That Exposed 72K Images

The Tea App leak exposed 72K images and 1.1M private messages through an open Firebase bucket. A detailed breakdown of what went wrong and how to prevent it.

Read
ship·intermediate·11 min

How to Protect Your Database From AI Agents That Can Delete It

Protect your database from AI agents. Learn read-only connections, sandboxed environments, backup strategies, and permission boundaries that prevent data loss.

Read
ship·intermediate·10 min

Read-Only Connections and AI Guardrails for Safe Development

Set up read-only database connections and sandboxed environments for AI agents. Practical guardrails that prevent data loss while keeping AI tools useful.

Read
ship·intermediate·13 min

Row Level Security in Supabase for Vibe-Coded Apps

Row Level Security is what the Lovable CVE missed. Learn how to configure Supabase RLS policies correctly so users only see their own data, step by step.

Read
ship·intermediate·10 min

Secrets Management Beyond Env Vars with Vaults and Key Rotation

Secrets management for vibe coders who have outgrown .env files. Learn when to use vaults, how key rotation works, and tools like Doppler and Infisical.

Read
ship·intermediate·10 min

Secure Coding Patterns AI Should Generate but Consistently Skips

AI tools skip critical security patterns. This checklist covers input sanitization, parameterized queries, CSRF tokens, and 10 more patterns to add yourself.

Read
pulse·intermediate·10 min

The Security Crisis in AI-Generated Code in 2026

AI-generated code has a security crisis. 45% contains OWASP vulnerabilities, 2.74x higher vuln rates. A data-driven look at the problem and what comes next.

Read
ship·beginner·11 min

The Security Checklist Every Non-Technical Founder Needs

Security checklist for non-technical founders launching AI-built apps. Ten checks you can do yourself to protect user data and avoid the most common breaches.

Read
ship·intermediate·11 min

Security Headers Every Vibe-Coded App Needs and How to Add Them

Add essential security headers to your vibe-coded app. Copy-paste configurations for Next.js and Vercel covering CSP, HSTS, X-Frame-Options, and more.

Read
ship·intermediate·10 min

Security Incident Response When Your Vibe-Coded App Gets Hacked

Security incident response for vibe coders. The step-by-step playbook for when your app gets hacked, from containment to recovery to preventing it next time.

Read
ship·intermediate·10 min

Security Logging for Vibe-Coded Apps and What You Must Track

Set up security logging for your vibe-coded app. Learn which events to track, how to store logs safely, and how to spot attacks before they become breaches.

Read
pulse·intermediate·10 min

Security Researchers Sound the Alarm on AI Code Vulnerabilities

Security researchers warn about AI code vulnerabilities. Data from Veracode, real breaches, and expert recommendations for building safely with AI tools.

Read
ship·intermediate·12 min

SQL Injection in AI Code and Why It Keeps Happening

AI coding tools generate SQL injection vulnerabilities at alarming rates. Learn why it happens, how to spot it in your codebase, and the fixes that work.

Read
ship·intermediate·10 min

Third-Party Dependency Security and How to Audit npm Packages

Audit your npm dependencies for security risks. Learn to spot vulnerable packages, detect slopsquatting attacks, and keep your vibe-coded app's supply chain safe.

Read
ship·intermediate·10 min

Two-Factor Authentication Implementation for Vibe-Coded Apps

Implement two-factor authentication in your vibe-coded app. Step-by-step guide for TOTP with authenticator apps, backup codes, and recovery flows that work.

Read
pulse·intermediate·10 min

What cURL Shutting Down Bug Bounties Teaches Every Builder

cURL shut down bug bounties because AI-generated reports overwhelmed maintainers. What this teaches about AI quality, open-source sustainability, and trust.

Read
ship·intermediate·11 min

OWASP Top 10 for AI-Generated Code Explained Simply

AI-generated code is 2.74x more likely to contain XSS flaws. Learn the OWASP Top 10 vulnerabilities specific to vibe-coded apps and how to prevent each one.

Read
ship·beginner·10 min

The Vibe Coder Security Survival Guide You Need in 2026

45% of AI-generated code has security flaws. This survival guide covers the essential security checks every vibe coder must run before shipping to production.

Read
foundations·intermediate·11 min

What Is Rate Limiting and How It Protects Your App

Rate limiting controls how many requests your app handles per user. Learn why this protection is essential and how AI-built apps often leave the door wide open.

Read
foundations·beginner·11 min

What Is Security and the Basics Every Builder Must Know

Security is the practice of protecting your app and users from attacks. Learn the basics every vibe coder must know, especially when AI writes your code.

Read
foundations·beginner·11 min

What Is HTTPS and SSL and Why the Padlock Icon Matters

HTTPS encrypts the connection between users and your app. Learn what SSL certificates do, why browsers warn without them, and how to set them up for free.

Read
foundations·beginner·10 min

What Are Environment Variables and Why Your App Needs Them

Environment variables are the private settings your app needs to connect to services and run correctly. Learn why they matter and how to manage them safely.

Read
foundations·beginner·9 min

What Is Authentication? How Apps Know Who You Are

Authentication verifies who a user is before granting access. Learn how login systems work and why this is the most security-critical part of any vibe-coded app.

Read

The Tuesday Shipping Report

Every Tuesday, one focused email:

  • - The tool or technique that's actually working right now
  • - A real problem from the community (and how to solve it)
  • - What changed this week in the vibe coding landscape

Read by 1,000+ founders, developers, and creators building with AI. Free forever. No spam.