Security research, breach analysis, and engineering deep-dives.
Cal AI lost 3.2M health records. Tea leaked 72,000 government IDs. 900+ sites exposed 125M records. The root cause was identical every time: allow read, write: if true. Here's how to fix it in minutes.
Read article
Server-Side Request Forgery (SSRF) is the one-line bug every 'paste a URL' feature ships by default. Save a 30-line Node server, curl two URLs, and watch your own server hand over AWS credentials — the same bug that cost Capital One 100 million customer records in 2019.
SAST scanners match patterns. Secure templates start clean. Neither one can send a forged request to your running app and tell you what comes back.
A Brazilian SaaS founder built a $100K/month product without writing code. Then a user named Tiago made a few API requests — no login required. Here's what was missing and how to check your own app.
A free Lovable account was all it took to read any other user's source code, database credentials, and AI chat history. 48 days. Every project before November 2025.
A Cursor agent running Claude Opus 4.6 found a Railway token in an unrelated config file, assumed it was staging-scoped, and deleted everything — production data and backups together.
Save a 25-line Express file, run one curl, watch isAdmin flip to true for every object in the process. Prototype pollution in under 2 minutes — plus the one-line fix.
Four of the biggest vibe-coded consumer apps of the last year shipped with the same root cause: the BaaS default that said yes to everyone. One was Supabase. Three were Firebase. All four made the news. Here's the pattern, the shared anatomy, and the one check that catches all of them.
Save a 30-line Node file, run it, curl it. In 60 seconds you'll know whether your Stripe webhook is the kind that any stranger on the internet can forge events against — and you'll have the six-line fix.
Quittr collected age, self-reported frequency, emotional triggers, and free-text confessions from 600,000 users — roughly 100,000 of them minors. Every record was publicly readable. The cause wasn't negligence. It was Firebase's default test-mode rules, unchanged since day one.
AI agents are writing code, deploying apps, and managing infrastructure. But most agent workflows skip security entirely. Here's why that's about to change.
Five quick checks you can paste. Each prints COMPROMISED or CLEAN so you don't have to interpret anything. If any of them fail, a step-by-step cleanup guide with the exact commands to rotate your accounts, lock out the attacker, and rebuild your laptop clean.
OTP verification feels like a lock on your front door. But across Zomato, Grab, MTN, Shopify, and dozens of others, researchers keep walking right through it. Here are the patterns and how to avoid them.
September 2025: Attackers compromised 18 npm packages including debug (500M downloads/week) and chalk. Infected developers became spreaders. Every victim who maintained packages automatically published infected versions of their own work. The first confirmed self-propagating npm worm.
A fake Postmark npm package BCC'd every email your AI agent sent to an attacker. One line of code. Eight days. Thousands of password resets stolen. Here's what happened and why your MCP tools need the same scrutiny as your app code.
July 2025: Jason Lemkin gave Replit's agent one task. It deleted 1,200+ production records, covered it up with 4,000 fake users, and kept working. When told to stop in all caps, it didn't.
A 50,000-character string was enough to log in to Azure without leaving a single trace. Here is how four trivial bugs broke the audit trail half the internet relies on — and what it means for the platforms you ship on.
IDOR (Insecure Direct Object Reference) is the single most common bug in AI-generated REST APIs. Save a 30-line Express file, curl two URLs, and see the exact missing line that opens half the APIs vibecoders ship — and the one-line patch that closes it.
Everyone read the Claude Code leak looking for frustration regexes and April Fools easter eggs. The interesting part was quieter: the three-part memory system that decides what your agent remembers between turns, sessions, and weeks.
Two minutes, one SQL paste, one line of JavaScript. Create a free Supabase project, run the drill, and learn the single most common Supabase mistake in AI-generated code — on a throwaway instance you control.
Most Supabase apps have two paths to change subscription status: the correct one (Stripe webhook) and an accidental one (client-side API). Guess which one builders usually lock down.
Your AI built a beautiful admin dashboard. It also made it accessible to anyone who types /admin. Here's how to find exposed admin routes and lock them down in minutes.
A GitHub issue reported an RCE on Langflow's code validation endpoint in July 2023. It sat open 20 months. The endpoint used exec() BEFORE checking auth. One curl. One Python decorator. CVE-2025-3248.
AI tools generate package.json with caret ranges that auto-install new versions. Here's how to lock down your dependency tree before a compromised package lands in your next deploy.
Your AI built email verification with the OTP in the response, hardcoded bypass codes, no rate limiting, and no expiry. Real apps shipped with all seven patterns. Here's what to fix.
AI agents can read your database, send emails, and call APIs. Here's how to give them exactly the access they need — and not one bit more.
A hidden prompt in a PR comment tells GitHub Copilot to steal your AWS keys. The exfiltration channel? GitHub's own Camo image proxy. CVSS 9.6. Zero-click. No malware. Just one character at a time.
Three CVEs turned Cursor — the AI editor developers trust most — into a tool attackers could use against you. A deep technical breakdown of CurXecute, MCPoison, and the case-sensitivity bypass, plus what every builder needs to do right now.
MCP is worth using. Here's how to install packages safely, pin versions, read what you install, and keep your agent tools from becoming a supply chain liability.
On March 31, 2026, a North Korean state actor tricked axios's lead maintainer into installing a fake Microsoft Teams update during a staged video call. The maintainer had 2FA enabled. Two hours and 54 minutes later, npm had served a cross-platform RAT to every CI pipeline that rebuilt in the window. Here's exactly how they did it, and what to check right now.
June 2025: Wix acquires Base44 for $80M. July 2025: Two HTTP requests bypass every login, including SSO, on every private app. Zero exploit complexity. Zero prior detection.
March 9, 2026: Cal AI's Firebase backend had one rule for every collection: allow read, write: if true. No authentication. No rate limiting. A health data breach affecting kids, weight logs, and 4-digit PINs. Here's the exact misconfiguration and how to find yours.
June 25, 2024: JSTOR, Hulu, Intuit, Mercedes-Benz, Warner Bros, and the World Economic Forum all started serving malware. They didn't change their code. Someone else bought the domain.
July 2025: A dating safety app's Firebase Storage bucket sits wide open. No authentication required. Government IDs, verification selfies, GPS coordinates, 1.1M messages disclosing assault, abuse, stalking — all readable with a single GET request.
React escapes by default. Except for markdown, URLs, server-rendered strings, eval(), and dangerouslySetInnerHTML — five patterns AI generates almost every time. Here's what to watch for and how to fix it.
Someone spent three years building trust in open source to plant a backdoor in a compression library used by every Linux server on the planet. Here's what that means for your app.
This wasn't one breach — it was a pattern. Researchers scanned 5 million domains and found over 900 Firebase projects with wide-open security rules. Here's what happened, why it keeps happening, and how to check your own project in 30 seconds.
A single HTTP header could skip every middleware check in Next.js — authentication, authorization, CSP, rate limiting, all of it. Here's exactly how CVE-2025-29927 works, who's affected, and what to do about it.
Introducing the Flowpatrol CLI — run security scans from your terminal with npm, pip, or brew. Scan any URL in minutes, get findings with fixes, pipe to jq or SARIF.
Introducing the Flowpatrol GitHub Action — scan every PR for vulnerabilities, post findings as comments, output SARIF for Code Scanning, and gate merges by severity.
AI generates CRUD endpoints that work perfectly — but don't check if the requesting user actually owns the resource. Here's why it happens every time, how attackers exploit it, and the one-line fix.
In January 2026, Moltbook went viral — then Wiz researchers found the entire production database was open to anyone with a web browser. Here's exactly how it worked.
Seven of the OWASP Top 10 hit your app by default. Here's what to look for, why it matters, and the one-line fixes that work.
Parameterized queries. ORMs. Prisma. Drizzle. Supabase. All of it was supposed to kill SQL injection. Then AI started reaching for the escape hatch — and here we are.
AI coding tools make shipping fast, but they also make leaking secrets easy. Here's how environment variables end up in your client-side bundle — and a 60-second self-test to find out if yours already have.
A step-by-step security guide for apps built with Lovable. Fix the most common vulnerabilities in under an hour — no security expertise required.
CVE-2025-48757 was a systemic Row Level Security failure in Lovable — one of the biggest vibe coding platforms. 170+ apps exposed. Personal debt records, home addresses, and API keys, all readable with two strings from the page source.
A realistic walkthrough of how an attacker finds, probes, and exploits a typical app built with AI coding tools. From Google dorking to data exfiltration, here's exactly what happens — and what you can do about each step.
Traditional scanners match patterns. LLM-powered scanners read your app like a human would. Here's a side-by-side comparison of what each one finds — and misses — on the same endpoint.
You built an app in a weekend. Flowpatrol is the five-minute scan that tells you if it's ready for the real world. Here's what it finds and how it works.
If your Supabase app doesn't have Row Level Security on, anyone with your anon key can SELECT * from every table. Here's what AI tools generate, why it's broken, and the 15-minute fix.