Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key โ†’
โ† Back to dashboard
clawsmith.com/signal/vibe-coded-saas-ships-with-critical-vulnerabilities
โš  IssueUnderservedSaaS Web AppLive

Vibe-Coded SaaS Ships with Critical Vulnerabilities and No Security Review

Cluster of high-engagement HN threads (Apr 2026, 616+213+132 pts combined) exposing that vibe-coded web apps built with Lovable, Bolt.new, and Cursor are shipping OWASP Top-10 vulnerabilities, exposed secrets, and leaked personal data to production. 5,600 scanned apps had 2,000+ vulnerabilities, 400 exposed secrets.

Product Idea from this Signal

A web app that scans vibe-coded and AI-generated apps for OWASP Top-10 vulnerabilities and exposed secrets before they ship to production

1.1k โ–ฒ

Developers building with Lovable, Bolt.new, Cursor, and other AI coding tools routinely ship apps with critical vulnerabilities baked in: SQL injection, broken auth, exposed secrets, insecure direct object references. A scan of 5,600 vibe-coded apps found 2,000+ vulnerabilities and 400+ exposed secrets, yet no dominant SaaS-grade security platform has emerged for this specific audience. This web app lets builders paste a repo URL or deploy link, runs an automated OWASP Top-10 + secrets scan with no source code upload required, and returns a prioritized fix report with remediation prompts they can feed directly back into their AI coding tool.

SECURITYVIBE-CODINGAI-GENERATED-CODESASTOWASPSECRETS-SCANNINGDEVTOOL
Competitive482 leadsView Opportunity โ†’

Score Breakdown

HN
1,088

Social Proof 3 sources

HN
The cult of vibe coding is dogfooding run amok
drob518 ยท 4/6/2026
672HN
An AI Vibe Coding Horror Story
teichmann ยท 4/14/2026
259HN
The Vibe Coding Wall of Shame
wa5ina ยท 3/29/2026
157

Existing Solutions 3 competitors

VAS (Vibe App Scanner)Pre-revenue, launched 2026

Security scanner built specifically for vibe-coded apps; no source code needed; $9-99/mo

VibeSecVery early, minimal traction

AI-powered GitHub repo security scanner for AI-generated code

SafeVibeNon-commercial, open community project

Collaborative observatory for tracking vulnerabilities in AI-generated apps, non-commercial

Gap Assessment

UnderservedExisting solutions leave gaps

VAS, VibeSec, SafeVibe all pre-revenue or very early; Lovable scanner only covers Lovable apps; no dominant SaaS-grade audit platform

Frequently Asked Questions

Virality Score
1,088
across 0 platforms
Details
Signalissue
EcosystemSaaS Web App
Sources3
Platforms0
Updated3h ago
Trendโ†’ stable
Top ideas
All ideas โ†’
0A mobile app that saves articles fully offline with a one-time purchase and no cloud subscription0A CLI tool that benchmarks AI coding agents against a team's own real production tasks and codebase0An MCP server that gives AI agents a production-grade browser session with built-in anti-bot bypass, CAPTCHA resolution, and stateful session recovery
Related signals
All signals โ†’
833B2B SaaS Opaque Pricing Stalls Deals and Kills Buyer Velocity782AI Is Killing B2B SaaS: The Displacement Wave Founders Cannot Ignore609Vertical SaaS for Trade and Field Service Businesses Is Still Underbuilt