Blog

Security Insights

Research, analysis, and practical advice on securing web applications built with AI coding tools.

SecurityMay 19, 20267 min read

How to Pentest Your Own Web App Without Being a Security Expert

You don't need to be a hacker to test your app's security. A practical guide to finding real vulnerabilities using free tools and your browser's dev tools.

Read more
ResearchMay 5, 20269 min read

Lovable, Bolt, v0: What Security Research Reveals About AI App Builders

CVE-2025-48757 exposed 170+ Lovable apps. OX Security found Bolt's scanner misses vulnerabilities entirely. Here's what published research says about AI app builder security.

Read more
SecurityApr 21, 20268 min read

How to Secure Your Next.js App: The Complete Checklist

A practical security checklist for Next.js apps with copy-paste code. Covers security headers, API routes, middleware auth, environment variables, Server Actions, and deployment.

Read more
ResearchApr 7, 20268 min read

Cursor AI Security: Known Vulnerabilities and What Developers Should Know

From CVE-2025-54135 to MCP poisoning attacks, Cursor has real security risks. Here's what's been discovered, what's been patched, and what you should configure.

Read more
OpinionMar 24, 20267 min read

Is Vibe Coding Safe? Here's What the Research Actually Shows

Only 10.5% of AI-generated code is both functional and secure. A Wiz study found 20% of vibe-coded apps have serious vulnerabilities. Here's what the data says.

Read more
SecurityMar 10, 20266 min read

Security Headers: The 5-Minute Setup That Blocks Entire Attack Categories

Security headers are the lowest-effort, highest-impact security fix for any web app. Here's what each header does, why it matters, and the exact code to add them in Next.js and Express.

Read more
SecurityFeb 24, 20267 min read

The OWASP Top 10 in AI-Generated Code: Where Vibe Coding Goes Wrong

How each OWASP Top 10 vulnerability specifically shows up in code generated by AI tools like Cursor, Lovable, and Bolt — with real patterns and fixes.

Read more
ResearchFeb 10, 20265 min read

We Scanned 10 AI-Built Apps — Here's What We Found

We pentested 10 web apps built with AI coding tools. Every single one had at least one vulnerability. Here are the most common issues.

Read more
SecurityFeb 8, 20266 min read

The Most Common Vulnerabilities in Vibe Coded Apps

A breakdown of the security issues that show up most often in apps built with AI coding tools — and why AI keeps making the same mistakes.

Read more
OpinionFeb 6, 20264 min read

Why AI Coding Tools Don't Care About Security

AI coding assistants optimize for working features, not secure features. Here's why that's a problem and what to do about it.

Read more
Free Security ScannerAI App SecurityWhat We Test