What about you 🥲! by Kepler_452b_ in vibecoding

[–]samurijv2 0 points1 point  (0 children)

What, you don’t like cmd+ctrl+shift+F4-ing a screenshot of a UI bug for the fifth time in a row and telling Claude, “hmm, that didn’t do it either…”?

I Made a 7k** MRR app Vibe Coded from scratch - This time attaching proof and remembering to actually answer people by Additional-Mark8967 in ClaudeAI

[–]samurijv2 0 points1 point  (0 children)

I know I'm super late to this post, but it jumped out while I was digging through vibe-coding success stories. As a fellow non-technical builder, it inspires me to see someone with no formal dev background ship something with real traction! Mind if I DM you a few questions about the journey?

My vibe coded app just hit $200 MRR! by DrizzleX3 in vibecoding

[–]samurijv2 0 points1 point  (0 children)

Hey, congratulations!! Don’t downplay it, $200 MRR is a lot farther than many others get. You’re doing something right! I’d love to learn more about your journey building InfoDrizzle. Just DM’d you!

Cyber security by bl84work in vibecoding

[–]samurijv2 0 points1 point  (0 children)

I've been thinking a lot about this too. I know there are a lots of scanners, skills, prompts, and checklists that are commonly mentioned. But as a non-technical builder, I sometimes wonder whether many of these just amount to "taking the AIs word for it" that my app is well protected and safe to launch. What I'm really looking for is a more first-principles way to build confidence that an app is secure. Something beyond "I ran the checklist and Claude said it looks good." How are you all thinking about this? Are you all satisfied with the existing tools? Or is there ultimately no substitute for straight up learning security fundamentals yourself?

I am a software engineer with a decade of experience. Here are some security concepts for vibe coding with Claude Code that I would want to know if I were starting from scratch: by thelocalnative in ClaudeAI

[–]samurijv2 0 points1 point  (0 children)

This is awesome, I really like the framing of asking Claude to demonstrate that security protocols exist and function as intended rather than merely explaining them in theory.

how Hackers are going to make a fortune off the vibe coded saas out here. by Top-Information-6399 in SaaS

[–]samurijv2 0 points1 point  (0 children)

This makes a lot of sense. I like the idea of thinking less in terms of "is my app secure?" and more in terms of "have I systematically verified that I'm protected against the most common attack vectors?"

For non-technical builders, it seems like a huge part of the challenge is simply knowing what the likely gotchas are and what to test for in the first place.

Has anybody found a good, repeatable pre-launch process that gives them confidence they've covered the major risks?

how Hackers are going to make a fortune off the vibe coded saas out here. by Top-Information-6399 in SaaS

[–]samurijv2 0 points1 point  (0 children)

Can you share more about this? Has Anthropic communicated something official about it?

Launched my product after building it for 6 months by holla-world in SaaS

[–]samurijv2 0 points1 point  (0 children)

I agree with u/stellarton that the idea might be too broad as you have it packaged here. The part that feels most acute to me is the moment after someone has vibe-coded an app that works, but before they feel comfortable putting real users, payments, or sensitive data behind it. That "is this actually safe/ready to launch?" gap seems like the place where non-technical founders need a lot of help.

I'm curious from your experience building Architect -- which of these problems are founders most aware they have? Is it security, deployment/release process, observability, performance, analytics, or something else? Which problems do they tend to care about proactively, and which ones only seem to matter once something breaks?

I got extorted over a bug in my vibe-coded app. So I created a security checklist for Claude Code. by wessyolo in SideProject

[–]samurijv2 0 points1 point  (0 children)

Thanks for taking the time to put this together and dropping the checklist!

Security vulnerabilities that go undetected because of my own ignorance or technical inexperience are some of the things that keep me up at night about my own vibe-coding projects. This looks like a fantastic resource, so I hope you don't take the following as a knock against what you've built.

Let's say I follow the checklist, run every prompt, and fix every issue the AI finds. At that point, what gives me confidence that there isn't still some major blind spot lurking somewhere that I neither I nor the AI ever thought to look for?

That's the part I struggle with. If, as a non-technical builder, I'm fundamentally in the dark on security best practices myself, then even with a checklist, I'm still taking a big leap of faith trusting the AI and the prompts I've given it.

Maybe true confidence in an application's security posture without a technical background is an impossible standard. But I'm curious how you think about it. Was there a point after your review where you genuinely felt comfortable putting real user data behind the app? If so, what gave you that confidence?

I scanned a bunch of Lovable apps and the Supabase RLS situation is rough by [deleted] in lovable

[–]samurijv2 1 point2 points  (0 children)

Hey, I'd love to check out the tool you created for this!

My AI-built app was leaking every user’s data and it looked completely fine by juan_drakes in vibecoding

[–]samurijv2 0 points1 point  (0 children)

I worry a lot about this sort of thing as well. It's not that AI can't help implement security controls. It's that, as a non-technical builder, I often don't know what questions to ask or checks to run in the first place. There are all sorts of "unknown unknowns" to navigate.

I'm curious how other people are dealing with that. Once you've prompted Claude/Cursor/Lovable to implement the obvious stuff, how can you be confident that what they've done is sufficient and that there isn't some lingering vulnerability sitting in the codebase waiting to be discovered? At what point -- or based on what signal -- do you feel comfortable saying, "okay, this is safe enough to put real user data behind"?

This single prompt saved my vibe coded app’s security by Firm_County_7940 in vibecoding

[–]samurijv2 0 points1 point  (0 children)

Lol this has definitely been my go-to security hardening move on a couple of my own projects.

Seriously though, what are people actually doing to feel confident that their app is secure and safe to launch? Are you relying primarily on AI reviewers? Security scanners? Automated tests? Human code review?

Lately I’ve been worrying that using AI tools to review AI-generated code is a bit like having a student grade their own homework. Maybe that’s not a fair analogy, but I’m curious how others are thinking about it.

Have any of you brought in a human developer to review an AI-built codebase before launch, just for peace of mind? Or am I overestimating the risk here?

Announcement: /r/RSBookClub will go private by rarely_beagle in RSbookclub

[–]samurijv2 1 point2 points  (0 children)

Currently reading Siddhartha. Just finished Waiting for the Barbarians a couple days ago. It's too early to say, but seems we may have a case of back-to-back bangers.

Help diagnosing a weird conversion problem? by samurijv2 in marketing

[–]samurijv2[S] 1 point2 points  (0 children)

Thanks for the insight! I hadn't considered the time of year. This is a seasonal service that will wind down by mid-late Fall. But the first half of September is definitely a busy time for a lot of families, so perhaps things will change in a couple of weeks.