Author

VibeScan Founder

Independent Security Researcher

Independent Founder · Security Tools · AI App Security

I built VibeScan after noticing a recurring pattern: founders using AI coding assistants were shipping applications with serious, predictable security vulnerabilities. Exposed Supabase keys, missing Row Level Security, open admin routes, and weak CORS policies kept appearing in production apps.

VibeScan is the tool I wished existed — an automated scanner that catches the specific failure modes of AI-generated code before they reach real users. Not a generic compliance checker, but a focused scanner built around how vibe-coded apps actually fail.

I research security patterns in AI-scaffolded applications and publish findings publicly. My goal is to help the growing community of non-traditional developers ship products that are secure from day one.

Areas of expertise

Web App Security
OWASP Top 10, security headers, CORS policy, HTTPS enforcement
AI-Generated Code
Security patterns and failure modes in vibe-coded and AI-scaffolded apps
Supabase & RLS
Row Level Security configuration, service role key exposure, REST API access control
Secrets Detection
Static analysis of JS bundles for exposed API keys, tokens, and credentials
Security Tooling
Building automated scanners, scoring systems, and developer-facing security tools

Research & articles

Research ReportMay 20, 2025

We Scanned 50 AI-Built Apps. 89% Had at Least One Critical Issue.

Original security research analyzing 50 production apps built with AI coding assistants. Identified prevalence of exposed API keys, missing RLS, CORS misconfigurations, and open admin routes.

Read research →

Key research findings

89%
of AI-built apps had ≥1 critical issue
50+
production apps analyzed
6%
had service role keys publicly exposed
8
security checks in VibeScan scanner
Have a security question or tip?

Reach out directly at founder@vibescan.space

Get in touchAll articles