DEV Community

ridhika Goel
ridhika Goel

Posted on • Originally published at open.substack.com

5 Security Holes Every Vibe Coded App Ships With (and the Fix)

#vibecoding #security #ai #webdev

Vibe coded apps do not fail because the AI writes broken code. They fail because the AI writes the happy path and silently skips the adversarial one. Here are the five holes I see most, mapped to what they actually are and how to close them.

1. Wide open data access (broken object level authorization)

Builders that sit on Supabase or similar often ship with row level security off or permissive. The UI scopes per user, the database does not.

Wrong: rely on client side filtering to keep data private.

Right: enable RLS and write policies so user_id = auth.uid() is enforced at the database, not in the query.

2. Missing function and object level authZ (IDOR)

Authentication is present, authorization is not. The classic tell is an endpoint that trusts a path or body parameter without checking ownership.

Wrong: if (loggedIn) return record(id)

Right: if (loggedIn && record.owner === user.id) return record(id) on every route, including the ones you think nobody will find.

3. Secrets in the client or in git

API keys land in client bundles or get committed. Once public, they are scraped within minutes.

Wrong: keys in frontend env vars shipped to the browser, or committed .env files.

Right: secrets live server side only, in a secrets manager, with the key rotated if it was ever exposed. Proxy third party calls through your backend.

4. Unvalidated input and prompt injection

User input flows straight into the model or the data layer. That is prompt injection on the AI side and injection or XSS on the classic side.

Wrong: concatenate user text into the prompt or query and trust it.

Right: validate and constrain input, parameterise queries, and separate system instructions from user content so user text cannot override your rules.

5. No rate limiting or spend cap (denial of wallet)

Unmetered AI endpoints are a billing time bomb. One script can cost you thousands overnight.

Wrong: assume organic, human traffic.

Right: per user and per IP rate limits, plus a hard spend cap and alerting, configured before launch.

The throughline

Every one of these is the gap between "works when used nicely" and "holds when attacked." No builder closes them for you. They are architecture and ownership decisions, which is the part no 20 minute demo makes.

Full prompt to production checklist coming next.

Ridhika | Prompt to Production

Top comments (0)