Blog

Security Insights

Research, analysis, and practical advice on securing web applications built with AI coding tools.

OpinionMar 24, 20267 min read

Is Vibe Coding Safe? Here's What the Research Actually Shows

Only 10.5% of AI-generated code is both functional and secure. A Wiz study found 20% of vibe-coded apps have serious vulnerabilities. Here's what the data says.

Read more
SecurityMar 10, 20266 min read

Security Headers: The 5-Minute Setup That Blocks Entire Attack Categories

Security headers are the lowest-effort, highest-impact security fix for any web app. Here's what each header does, why it matters, and the exact code to add them in Next.js and Express.

Read more
SecurityFeb 24, 20267 min read

The OWASP Top 10 in AI-Generated Code: Where Vibe Coding Goes Wrong

How each OWASP Top 10 vulnerability specifically shows up in code generated by AI tools like Cursor, Lovable, and Bolt — with real patterns and fixes.

Read more
ResearchFeb 10, 20265 min read

We Scanned 10 AI-Built Apps — Here's What We Found

We pentested 10 web apps built with AI coding tools. Every single one had at least one vulnerability. Here are the most common issues.

Read more
SecurityFeb 8, 20266 min read

The Most Common Vulnerabilities in Vibe Coded Apps

A breakdown of the security issues that show up most often in apps built with AI coding tools — and why AI keeps making the same mistakes.

Read more
OpinionFeb 6, 20264 min read

Why AI Coding Tools Don't Care About Security

AI coding assistants optimize for working features, not secure features. Here's why that's a problem and what to do about it.

Read more
Free Security ScannerAI App SecurityWhat We Test