Blog

AI code security, explained

Practical answers to the questions developers actually ask about vibe coded and AI-generated app security.

Meta just entered the AI coding race. Its benchmarks don't answer the security question.Read →We scanned 83 apps built with OpenAI's Codex. They weren't the apps we expected.Read →We tested OpenAI's Codex and three Claude models for security. None was safer.Read →A Semgrep alternative built for AI-generated codeRead →Snyk vs Prbl: which one catches AI-generated code bugs?Read →We scanned nearly 2,000 AI-built apps. The same secret kept leaking.Read →The 4 security holes Claude Fable 5 leaves in your app (and the 2-minute fix for each)Read →We scanned web apps from three Claude model generations. Newer did not mean safer.Read →We scanned 119 web apps built with Claude Fable 5. The model got smarter. The secrets still leaked.Read →One default file explains most of the security gap between Lovable and BoltRead →We fixed our scanner 11 times in one week. Here's every fix.Read →More than 1 in 4 apps built with Lovable or Bolt has a high-severity security flaw. We checked.Read →1 in 3 repos shipped to Hacker News has a high-severity security flaw. We checked.Read →Our scanner flagged its own marketing copy as a leaked passwordRead →How we test Prbl: 113 repos, 303 regression tests, under 10% false positivesRead →How do I secure my vibe coded app?Read →What security vulnerabilities does AI-generated code have?Read →Is Cursor-generated code secure?Read →What does JWT decode without verify mean?Read →How do I find hardcoded secrets in my codebase?Read →What is a fallback secret in environment variables?Read →How do I prepare my SaaS for a security audit?Read →What is BOLA in web security?Read →
Blog — Prbl