Get started

Remediation Guides

Step-by-step guides for fixing the most common vulnerabilities in AI-built apps.

Overview

These guides cover the most common vulnerabilities we find in apps built with AI coding assistants. Each guide explains what the issue is, why it matters, and exactly how to fix it.

Fixing Supabase RLS

Enable and configure Row Level Security

Fixing Exposed Secrets

Move credentials out of client-side code

Fixing Access Control

Prevent unauthorized data access

Why these three?

In our scanning data, these are the most frequent categories by a wide margin:

  1. Missing or misconfigured RLS — found in ~70% of Supabase apps built with AI tools
  2. Exposed secrets in JS bundles — found in ~60% of apps
  3. Broken access control (IDOR) — found in ~45% of apps with user data

Fixing these three categories eliminates the majority of real-world risk.

Billing & Credits

How credits, plans, and usage-based billing work.

Fixing Supabase RLS

Enable and configure Row Level Security to protect your database tables.

On this page

OverviewWhy these three?