Every AI coding assistant is shipping the same security bugs.

Aleksei — Wed, 13 May 2026 09:38:01 +0000

*Not a promo.. I mean why would anyone promote something free, actually looking to get some contributors to help us seal sone holes of ai-coded products and encourage founders of ai-written products to respect security and privacy.
*

So, here it goes.. Nowadays many of us are building with Claude Code, Copilot, Cursor, Codex, Gemini, or any AI coding assistant, this is worth running against your project. - To be honest, I did think of building a tool around this, but it doesn't sound nice to monetize on vulnerabilities for me, nor do I see much logic having a 'blackbox' that allegedly scans your projects. We're talking about security here, so IMO such things should be open source and allow contributions.

And of course - my good friend AI helped me speed up the shipment of this repo :)

Some of most common things that appear :

JWT secrets set to "secret" or "changeme"
API keys in NEXT_PUBLIC_ env vars, fully exposed to the browser
User input going directly into system prompts via string interpolation
Vector databases using one shared namespace for all users — any user's RAG query can surface another user's documents
Agents handed child_process access with no scope restrictions

These aren't obscure edge cases, this is how most of AI-generated code comes out, if you allow it to produce HUGE chunks instead of targeted and controlled ai-coding. Even knowing tons about security and vulnerabilities, having AI write code might still expose you to some common cases.

The problem with existing references

OWASP, NIST, and CWE are good. They were written for a world where developers wrote most of their code by hand. They don't cover MCP tool poisoning, cross-agent prompt injection, or what happens when your agent's long-term memory accepts unsanitized writes. Ok, that's not entirely true - today AI-generated code is allover the place, so we see more and more tools to review the code, etc, but many are paid and/or complicated which is an entry barrier for a vibe coder.

What I and few AIs shipped

A 258-item checklist across 17 categories, with a detection method for every item: static grep or AST pattern, runtime test, or config inspection. Severity rated. 33 items in Category 6 specifically cover LLM integration vulnerabilities that don't appear elsewhere.

More usefully: a companion prompt.md that turns the full checklist into a structured codebase scan you can run in one command.

Running it

From your project root, with Claude Code installed:

claude "$(curl -s https://raw.githubusercontent.com/a-leks/genai-app-security-checklist/main/prompt.md)"

With Gemini CLI:

gemini "$(curl -s https://raw.githubusercontent.com/a-leks/genai-app-security-checklist/main/prompt.md)"

The model reads your codebase, runs all 258 checks, and returns a markdown report with severity, file path, line number, code snippet, and a specific remediation for each finding.

What the output looks like

### [6.1] Prompt injection — user input in system prompt
- Severity: Critical
- File: app/api/chat/route.ts
- Line: 34
- Snippet:
    const systemPrompt = `You are a helpful assistant. User context: ${req.body.userBio}`
- Remediation: Move user-supplied content to the user message role, never system.
  Strip prompt control characters before passing any user string to the model.

The LLM-specific items worth knowing

6.26 — MCP tool poisoning. If your agent uses third-party MCP servers, tool results from those servers enter the agent's context as trusted input. An attacker who controls one of those servers can inject instructions through it.

6.27 — Agent memory poisoning. Whatever your agent writes to long-term memory gets read back in future sessions. If malicious content reaches that memory store, it executes next time the agent retrieves it.

6.30 — Cross-agent prompt injection. In multi-agent systems, output from Agent A becomes input to Agent B. If an attacker can influence Agent A's output, Agent B processes the attack payload without knowing its origin is untrusted.

Where to find it

https://github.com/a-leks/genai-app-security-checklist

Apache 2.0. Contributions welcome — especially new LLM attack patterns with detection methods and real-world references.

Reasonable Link Management (shortener) Service

Aleksei — Wed, 08 Oct 2025 09:40:21 +0000

Hey, I’m Aleks

I’m building a link management service because I’m tired of getting squeezed by tools that should be straightforward but end up costing way too much for what they actually do.

You know how Bitly and similar services start off simple, then suddenly you’re hitting limits on everything unless you fork over $30, $50, $100+ a month? Yeah, that’s the problem I’m trying to solve.

What I’m Building

A link shortening and management tool that doesn’t treat basic features like they’re premium luxuries. The idea is simple: give you what you actually need without the artificial restrictions that exist purely to push you into higher tiers.

Why I’m Asking for Feedback

I’m at the stage where I want to make sure I’m building something people actually want to use. Not what I think is cool, but what would genuinely make your life easier when managing links.

So if you’ve ever used Bitly, Short.io, Rebrandly, or any similar service and thought “this should be easier” or “why am I paying for this?” – I want to hear about it.

What features matter to you? What pricing would feel fair? What makes you rage-quit a link management tool?

I’m not looking to build another bloated SaaS that costs a fortune. I’m looking to build something useful that doesn’t feel like a ripoff.

Let me know what you think.

DEV Community: Aleksei