SECURITY BLOG
Practical security for builders
How to ship AI-built apps that don't get you hacked. No jargon, just fixes.
AllAiAi Code SecurityAi Generated Code SecurityAntsApi securityAuthentificationAuthorizationAwsBlackcatBroken access controlChecklistCi CdCloud SecurityCnilCpanelCveCybersecuriteData breachData BreachDependency ConfusionDevops SecurityÉduconnectFranceFrance titresFuite De DonneesGdprGolangIdorIncident ResponseInfrastructure SecurityMfa FatigueNextjsOauth SecurityOwaspRansomwareRgpdRlsRubyS3 MisconfigurationSaas SecuritySecure Vibe CodingSecurityShopify SecuritySso AbuseSupabaseSupply ChainVibe CodingVibe Coding SecurityVishingWeb App SecurityWeb Hosting SecurityZero Day
IDOR
ÉduConnect Breach: 7.2M School Records via IDOR
An IDOR flaw in ÉduConnect's API exposed 7.2 million school report cards. Incrementing a number in the URL was enough to access any student's data.
May 1, 2026 · 4 min readRead article →
SUPABASE
Why Supabase RLS Is the #1 Security Mistake in AI-Generated Apps
Row-level security (RLS) is your last line of defense when the anon key is exposed in the browser. Here's how teams get it wrong — and how to audit your policies.
Mar 28, 2026 · 1 min readRead article →
NEXTJS
The 8 Essential Security Checks Before Launching a Next.js App
From HTTP headers to environment variable leaks and Server Actions — a practical pre-launch checklist for Next.js teams building with AI.
Mar 28, 2026 · 1 min readRead article →