Blog

Security writing for people
building real software.

Field notes from auditing AI-generated codebases. Patterns we see, fixes that work, and what the next wave of code is doing to security.

SecurityJun 4, 20267 min read

Why AI Struggles with Authentication: Securing Trust Boundaries in Vibe-Coded Apps

AI builds the frontend and forgets the server. Here is why vibe-coded apps ship with broken trust boundaries, missing auth middleware, and BOLA flaws.

Read article

Why AI Struggles with Authentication: Securing Trust Boundaries in Vibe-Coded Apps

3 posts

SecurityJun 4, 20267 min read
Why Traditional Static Analysis Fails Vibe-Coded Apps
Traditional static analysis passes AI code that compiles but behaves insecurely. Here is why SAST tools like Semgrep miss the logic flaws in vibe-coded apps.
SecurityJun 3, 20269 min read
5 Common Security Hallucinations in Cursor and Bolt.new
AI security hallucinations are the hidden flaws Cursor and Bolt.new leave behind, from slopsquatting to open API routes. Here are the five we see most often.
SecurityMay 25, 20265 min read
The Vibe-Coder's Manifesto: Why Vibe-Coding Security is the New Standard
Vibe-coding security is a branch of AI-coding security. It focuses on finding logic-based flaws in apps made by AI agents like Cursor or Bolt.new.

Security writing for people building real software.

Why AI Struggles with Authentication: Securing Trust Boundaries in Vibe-Coded Apps

More articles

Why Traditional Static Analysis Fails Vibe-Coded Apps

5 Common Security Hallucinations in Cursor and Bolt.new

The Vibe-Coder's Manifesto: Why Vibe-Coding Security is the New Standard

Security writing for people
building real software.