How many apps did you scan?

61 apps scanned in the first two weeks after VibeScan launched publicly. These are real-world apps built with AI tools like Lovable, Bolt, Cursor, and Vercel v0.

What was the most common critical vulnerability?

Twilio Account SID and Auth Token hardcoded in client-side JavaScript — found in 9 separate apps. These credentials allow an attacker to make calls, send SMS, and rack up charges on the app owner's account.

Were any apps at immediate financial risk?

Yes. Two apps had live Stripe secret keys exposed in their JavaScript bundle. A Stripe secret key allows creating charges, issuing refunds, modifying subscriptions, and reading full customer data. These were disclosed to the owners.

Does this mean AI tools are insecure?

The tools themselves are not insecure — the patterns they generate are. AI code generators optimize for 'works on my machine' and often copy patterns that include credentials, skip security headers, or generate overly permissive database policies. The responsibility is on the developer to catch these before shipping.

I Scanned 61 AI-Built Apps — Here's What I Found

VibeScan launched two weeks ago. In that time, 61 apps were scanned. No synthetic data, no cherry-picked examples — this is what the scanner found across a real sample of AI-built apps in the wild.

The patterns are consistent enough to publish.

The numbers

61 apps scanned
879 findings across all scans (~14 per app on average)
14 critical findings, 6 high findings
53 of 61 apps (87%) missing all standard security headers
62 instances of publicly exposed API documentation

Critical finding #1: Twilio credentials hardcoded in JavaScript

The single most common critical finding was Twilio Account SID and Auth Token embedded directly in client-side JavaScript — found in 9 separate apps.

This happens because AI tools scaffold phone/SMS features by adding credentials to a frontend config file or .env.local, then include them in a client component where they become visible in the browser.

// Found in production bundle of multiple apps
const client = twilio('ACxxxxxxxxxxxxxx', 'your_auth_token');

A Twilio auth token exposed like this lets anyone:

Make phone calls billed to the account
Send SMS at the owner's expense
Read call logs and message history
Modify phone number configurations

The fix is to move all Twilio API calls to a server-side route. The credential never touches the browser.

Critical finding #2: Live Stripe secret keys in the bundle

Two apps had live Stripe secret keys (sk_live_...) visible in their JavaScript bundles.

A Stripe secret key is unrestricted by default. With it, an attacker can:

Create charges against any saved payment method
Read full customer data including email, address, and card details
Issue refunds (and redirect them)
Cancel active subscriptions

Both owners were contacted and rotated their keys before this post was published.

The pattern that causes this: AI tools sometimes generate Stripe integration code that calls the Stripe API from the frontend using the secret key rather than the publishable key. The publishable key (pk_live_...) is safe in the browser. The secret key (sk_live_...) is not.

Critical finding #3: Database tables readable without authentication

Two apps had Supabase tables returning data to unauthenticated requests — an employees table and a profiles table.

This is the same class of vulnerability as CVE-2025-48757. Row Level Security was either disabled or configured with USING (true), which evaluates as permissive for anonymous requests.

The near-universal problem: missing security headers

87% of scanned apps were missing all standard HTTP security headers. These aren't optional hardening steps — they're baseline protections that every web app should ship with.

The specific headers missing from most apps:

| Header | What it prevents | |---|---| | Strict-Transport-Security | Protocol downgrade attacks | | Content-Security-Policy | XSS, script injection | | X-Frame-Options | Clickjacking | | X-Content-Type-Options | MIME sniffing attacks | | Referrer-Policy | Referer header leakage | | Permissions-Policy | Browser feature abuse (camera, microphone, etc.) |

AI tools don't add security headers by default. They generate a working app. Headers require explicit configuration in next.config.ts, vercel.json, or equivalent — a step that never makes it into the AI's default output.

62 apps exposed their API documentation publicly

/swagger, /api-docs, /openapi.json, /docs — these endpoints were publicly accessible on 62 of the scans. For most apps, this is a low-severity information disclosure. For apps with any sensitive operations, it's a roadmap for attackers.

AI scaffolding tools commonly generate Swagger/OpenAPI documentation as part of the backend setup and don't restrict access to it.

67 vulnerable dependency matches

Across all scans, 67 findings matched packages in the OSV (Open Source Vulnerability) database with known CVEs. Most were medium or low severity — outdated packages with published patches. A handful were high severity.

The pattern: AI tools generate package.json with specific version pins that were current when the training data was collected. By the time you ship, some of those versions have CVEs against them.

What this means

These aren't edge cases or exotic attack chains. They're credential misplacement, missing configuration, and overly permissive policies — the kind of issues that appear in first drafts and never get caught because there's no security review step.

AI tools make it faster to build. They don't make it safer to ship. The gap between "works" and "secure" is where most AI-built apps currently live.

Run a free scan on your app →