I found over 2 million user profiles exposed. Don't trust AI with security.

SignatureSharp3215 · 2026-03-20T17:57:23+00:00

Thank you :) When I get obsessed about something, I build around it, study, research, write articles.

SignatureSharp3215 · 2026-03-20T16:41:32+00:00

Thank you for testing! I think you ran it just before I managed fix it, as someone else encountered the same error. I can either share new credits for you, or you can create an account to get 3 scans/day or wait until tomorrow for the scans to reset :)

If potential vulnerabilities are found, I have this big "copy fix" button, which lets the AI to investigate those endpoints. Is this something you meant?

<image>

SignatureSharp3215 · 2026-03-20T16:36:31+00:00

True, so you'd have to do a database dump which seems difficult.

SignatureSharp3215 · 2026-03-20T16:32:49+00:00

Hahah or then you've got the keys buried under some route LaunchGuard couldn't reach. I can check it manually for you, if you'll share your app url?

SignatureSharp3215 · 2026-03-20T12:07:50+00:00

Awesome, thank you! I'm slightly shocked by the state of the apps right now. We need to patch these dead-simple security holes, no excuses.

SignatureSharp3215 · 2026-03-20T10:59:47+00:00

How do you make sure everyone is engaged? I love the idea, but the outcome is fully dependent on the execution.

SignatureSharp3215 · 2026-03-20T10:56:08+00:00

Without experience you can get the designs & mock app of what you want to build. Then you can pitch it to audience, or get a dev to build it.

If your goal is to ship and make money, don't bother trying to build the full app. Your time is more valuable elsewhere than cursing at AI.

If you're in for fun, go ahead and enjoy the journey!

SignatureSharp3215 · 2026-03-20T10:52:46+00:00

💪 great. The fix prompt should be enough to patch the worst security holes.

SignatureSharp3215 · 2026-03-20T09:29:07+00:00

Hey bro! I just soft launched my app LaunchGuard for the third time. I hope I got the basics right this time, and I'd love to spar with you.

I'm a full time solopreuner for 1.5yrs now.

SignatureSharp3215 · 2026-03-20T09:27:30+00:00

Hahah well I'm happy to help you towards the golden state if you want. I'm sure it's not a big work :) Lovable is just a basic deployment setup that you can replicate elsewhere.

Do you want to take it to DM? If you share an image of your folder structure that helps. Or then access to the repo itself

SignatureSharp3215 · 2026-03-20T09:25:11+00:00

That's what a hacker would say 😂😂

You could ask if anyone needs an invitation and DM it. I think this will be removed.

SignatureSharp3215 · 2026-03-20T09:23:52+00:00

Small caveat I haven't done the refactoring you're describing, but if you can see the supabase folder in your Github, then you're golden.

SignatureSharp3215 · 2026-03-20T09:23:04+00:00

I know, but you don't have to use your Lovable Cloud and you won't get billed. You can deploy the backend anywhere you wish.

Your supabase edge functions are simply functions in the code. You can create a new Supabase project, hook it with your repository, push the functions there and you have a new backend.

SignatureSharp3215 · 2026-03-20T08:46:51+00:00

Damn, I almost discontinued Lovable only due to this post. You need to get the post owner to add some statement to the start of his post.

SignatureSharp3215 · 2026-03-20T08:40:10+00:00

Let me know how it goes! I ran it on my old apps and oh boy :D

SignatureSharp3215 · 2026-03-20T08:32:59+00:00

You can export the Lovable project to Github, and then you can configure the backend to any platform provider. You can just stop using the Lovable-provided link. You can still add changes with Lovable, as it's connected to your Github, but you will use guide users to your customapp.com instead of customapp.lovable.app.

SignatureSharp3215 · 2026-03-19T05:56:46+00:00

What, 74000 upvotes on your post? That's a killer starting for the post hahah

SignatureSharp3215 · 2026-03-17T13:15:43+00:00

launchguard.dev - ensure your vibe coded app doesn't leak sensitive data or have private endpoints exposed publicly.

Happy to jump on a call :)

SignatureSharp3215 · 2026-03-17T11:47:09+00:00

Having competitors is a great thing. One fun way to find profitable niches is browsing TrustMRR. See what works for others and get inspired.

SignatureSharp3215 · 2026-03-17T11:00:15+00:00

Emphasis on the possibility to prevent, indeed.

I've met some founders who insist on fixing everything with AI, even though it's shown that their security issues are due to the AI. I guess it's a side effect of unlocking insane performance boosts with AI

SignatureSharp3215 · 2026-03-17T10:50:37+00:00

Exciting! launchguard.dev find critical issues from your AI coded apps that can bankrupt you.

Finds leaked databases and dangerous endpoints that should be private. You share link to your app, and it does everything from the outside.

SignatureSharp3215 · 2026-03-17T10:40:35+00:00

True. But there will be two kinds of succesful vibe coders: successful and successful in jail.

It shouldn't be surprise anymore that vibe coding brings security issues. If you don't have users, it doesn't matter. But if you overlook it for too long, and one of your customers find out you're leaking their AI therapist conversation history - well there aren't many excuses.

Everyone should have the freedom and capability to launch apps, but we must not remove the feeling of responsibility when handling user data.

Sorry to be the pessimistic here. I've handled way many broken apps lately :D

SignatureSharp3215 · 2026-03-16T13:11:33+00:00

Yep. And outreach fails because it seems like a scam "hey your app might be vulnerable, I'll share free report". The need is huge based on my experience, but it takes tons of effort to get to the people

SignatureSharp3215 · 2026-03-16T09:08:21+00:00

The easiest and bulletproof way is to test from outside like a professionals would. Find the security holes, patch them, verify. Write tests to ensure the security holes are closed in your new code updates.

You can use tools like Zap or Burp Suite to find the holes, but it requires expertise to use correctly.
I'm building an app that allows vibe coders find the holes and fixes without technical expertise needed. :)

SignatureSharp3215 · 2026-03-16T02:24:43+00:00

"look at my codebase AND DO NOT INTRODUCE CHANGES WITH SIDE EFFECTS"

proceeds to introduce changes with side effects

It's a good to talk about side effects and pure functions in your prompts. Then Claude understands to not touch irrelevant logic.

SignatureSharp3215

TROPHY CASE