I audited a Vibe-Coded SaaS and found 5 critical vulnerabilities in 5 minutes.

Ballaz — Sun, 26 Apr 2026 18:20:44 +0000

Hi, I’m Mr. Ballaz. I’ve spent the last 14 days building in public, and I just hit a major milestone: my first real-world customer story.

I recently connected with Juan, the founder of Besmeo - a SaaS that builds AI-powered digital menus for restaurants in Spain. Like many founders today, he’s moving fast using AI agents, but he wanted to make sure his security was solid before scaling.

I ran an audit using Ubserve, and the results were a wakeup call.

The Results
In under 5 minutes, the scan flagged 5 vulnerabilities. Most were common "vibe-coding" oversights, but one was a critical database issue (His database access key exposed in the frontend) that could have been disastrous if exploited.

Instead of just handing Juan a PDF with a list of vulnerabilities, I gave him beta access to my Ubserve MCP server.

This allowed his AI agent (Claude) to "see" the security report directly in the terminal. Because the MCP provided the necessary context, Claude was able to instantly locate the insecure RLS policies and missing headers, generate the patches, and remove the key without Juan having to manually hunt through the codebase.

We went from "vulnerable" to "patched" in record time.

I'm proud of myself for this because it’s not only about the revenue; it’s about seeing a tool I built actually protect another founder's hard work. If we’re going to build at the speed of AI, we need security that moves just as fast. How are you guys checking security while shipping?

DEV Community: Ballaz

I audited a Vibe-Coded SaaS and found 5 critical vulnerabilities in 5 minutes.