Manaf

Introducing the world’s first penetration testing for vibe coding to Lovable. You can now prove the security of your Lovable-built apps through a swarm of AI agents that run comprehensive tests, checking for OWASP Top 10 vulnerabilities, privilege escalation, and data exposure, powered by @AikidoSecurity. This used to take weeks, require dedicated security teams, and cost $5k-$50k. All findings are validated to eliminate false positives and sync back into Lovable as actionable issues. This generates a formal pentest report for SOC 2, ISO 27001, client security questionnaires, or even investor due diligence.

Few months ago, @manaaaaaaaf and I decided to join @AikidoSecurity because there is no better place to build AI Pentest. A platform to cover all security aspects is the only way to achieve unhackability. Aikido is now a 🦄

Super proud to be part of @ProjectEurope_ ! We’re building truly special at @haicker_app with my co-founder @pilvar222, super excited for what’s next!

For my French-speaking friends: You can find the replay of the stream my co-founder @manaaaaaaaf and I were invited to, in which we talk AI stuff and present @haicker_app in action! 🔥 Thank you @TheLaluka for the invitation! ❤️

It's finally out! :D @manaaaaaaaf and I have been building @haicker_app for the last 6 months, putting all our knowledge and skills into it. We're releasing it to the market. Any organization can now secure their application using @haicker_app ! Very excited for what's next!

I’ve been working on this for a while with @pilvar222, happy that we are launch ! Book a demo with us to get access at haicker.app

Hey ! This is a combination of both SAST and DAST. The agent will have both the code and an isolated instance of the website. It will be able to identify the vulnerabilities better than traditional SAST thanks to increased context comprehension while maintaining a 0% false positive rate by testing its exploit on the instance

@pilvar222 @manaaaaaaaf @haicker_app Does this scan the code ? Like sast, sca etc ?

My friend @manaaaaaaaf and I have created an AI hacker! 👨‍💻 It can find 0-days in web applications with 0% false positives, and it also works on CTF challenges! What you see ⬇️ is @haicker_app solving a web challenge from UMassCTF 2025 (only 45/557 teams were able to solve it!)

Waitlist is open, sign up for early access 👀 👉haicker.app

@lovable We're building a tool to fix this ! haicker.app We're fixing vibe coding mistakes, you can now have your own AI hacker that finds the vulnerabilities before the code gets shipped in prod

Thread on vibe coding security and how we’re planning on making Lovable the safest place to build with AI. //1

“So is it over or, are we back? It can’t be both. You have to call it.“

@kuba_developer @peer_rich unfortunately, you can’t use components which start with a lowercase letter, because jsx will automatically assume this is an html tag even if you have a defined variable Example: <a/> will transpile to jsx("a", {}) instead of jsx(a, {}) just use LinkIcon lol

if you know you know

it may be that today's large neural networks are slightly conscious

@MarkusEicher70 @czue @Hetzner_Online Performances are also very unpredictable. During December, one of my vps was taking 30 seconds for an ssh login. I asked them about it and they said they were aware but did not do anything.

@MarkusEicher70 @czue @Hetzner_Online okay, random comment but contabo locked me out of my main vps for 2 days this weekend, and their support were silent, you should definitely change ASAP, they're very unhelpful I'm now moving everything to Hetzner, their dedicated (AX41-NVMe) are so affordable for what you get

The Hetzner box that I run multiple production apps (including place card me) on is so cheap they just decided not to bill me this month. 🤯

@BatkuEst @nyaathea @dx9er I went to a talk in September, they managed to bruteforce 2FA on an app in less than 24 hours, because it's not hard to do that many requests without rate limits.

@BatkuEst @nyaathea @dx9er The probability is 1 - (1 - 1/10^6)^tries. 500k tries and you have 39.34% chance of recovering If they do > 693,146 random tries, they have a 50% chance of getting their account back. Here, it really depends on the Discord rate limit and IP bans, to get it "under 20 years"

i will probably die of old age before i get an successful attempt

Research into a unique 0-click deanonymization exploit targeting Signal, Discord and hundreds of platform 🧵

@nathan___gage @idolmomentum you can store values before Unix epoch using signed ints (e.g. -2208988800 for 1st jan 1900). They are probably just using a signed int64 for timestamp

🇪🇺 The European Cybersecurity Challenge 2024 kicks off tomorrow in Turin, Italy 🇮🇹 👉 Read the opening press release on: ecsc2024.it/news/2024-10-0… #ECSC2024 #Cybersecurity #Challenge #CTF @CyberSecNatLab @csirt_it @enisa_eu