I scanned 100 AI-generated apps for security vulnerabilities. Here's what I found.

I've been building a security scanner for the past few months, specifically designed for apps built with AI coding tools like Cursor, Lovable, Bolt.new, and v0. To validate whether the tool was actually useful, I scanned 100 real GitHub repos - all built primarily with AI assistance. The results were worse than I expected. The numbers 67 out of 100 repos had at least one critical vulnerability 45% had hardcoded secrets (API keys, JWT secrets, database URLs in source code) 38% had missing authentication on sensitive API routes 31% had SQL injection or XSS vulnerabilities 89% of Lovable apps were missing Supabase Row Level Security policies This isn't a theoretical exercise. These are real apps, some already deployed with real users. The most common vulnerabilities by AI tool Cursor The biggest issue with Cursor-generated code is IDOR (Insecure Direct Object References) . Cursor loves to use sequential IDs and often skips ownership checks: javascript // Cursor generates this — anyone can

I scanned 100 AI-generated apps for security vulnerabilities. Here's what I found.

Related Articles

Crusoe makes big battery buys for its data centers

What Your Engineering Manager Actually Does All Day

The Lego Game Boy makes for a great gift, and it’s $10 off today

How To Apply Global Filters With EF Core Query Filters

Pokémon Champions is coming to the Nintendo Switch on April 8th

Related Articles

How-To
Crusoe makes big battery buys for its data centers
TechCrunch • 2h ago

How-To
What Your Engineering Manager Actually Does All Day
Medium Programming • 3h ago

How-To
The Lego Game Boy makes for a great gift, and it’s $10 off today
The Verge • 4h ago

How-To
How To Apply Global Filters With EF Core Query Filters
Medium Programming • 4h ago

How-To
Pokémon Champions is coming to the Nintendo Switch on April 8th
The Verge • 7h ago