PolyDefender

Vibe-coding is fun until your Supabase table leaks customer data. Common AI-built app issues we keep seeing: -RLS disabled -exposed API keys -open Firebase rules -users accessing other users’ data -admin access protected only in the UI “Built with AI” is not a legal defense.

@SuhailKakar We find such issues on a daily basis..

watching people vibe code apps with zero security sense is crazy exposed api keys, no auth, prod secrets in client code - one push from a 40k openai bill and a leaked db i spent 6 years building apps used by millions, packaged my non-negotiables into 20 skills for claude code + codex - link below

@Aakashroy32 @mscode07 Following up here since our previous messages may have been missed we’re still seeing what appears to be a publicly accessible data exposure affecting your application. We’re intentionally not sharing details publicly, but it would be worth reviewing as soon as possible.

@mscode07 Growbro.ai

Distribution is where most founders struggle!! Drop your product👇, build momentum, and watch what happens

@Udit060 @anupamrjp Following up here since our previous messages may have been missed — we’re still seeing what appears to be a publicly accessible data exposure affecting your application. We’re intentionally not sharing details publicly, but it would be worth reviewing as soon as possible.

@anupamrjp BuildTrail — one public page for your startup journey. Track milestones, revenue, users, and updates in one place. 👉 buildtrail.app 🚀

What are you building right now? 👀 Not ideas. Not “coming soon.” Something real. Drop your project 👇🚀

@WendellSou_ Please check your DMs when you get a chance

Who is working on the app on a Saturday night…??

@Aakashroy32 Can you please send a DM there are some critical issues you might want to fix and your DMs are turned ofd

@Aakashroy32 Quick heads up, we ran it through a security check and it flagged a potential database exposure that might be worth reviewing before wider use. Happy to share details privately if helpful.

200 people visited a client's website last week. 0 got an instant reply. They had live chat. A contact form. A phone number. But nobody was watching at 11pm when the leads came in. Here's what happened when we plugged in an AI agent 🧵

@imgabrielonx @victor_bigfield Hi Gabriel . Seems like you fixed the issues . There were no false positives.

@imgabrielonx @victor_bigfield This looks awesome ,quick heads up, we ran it through a security check and it flagged a potential database exposure that might be worth reviewing before wider use. Happy to share details privately if helpful.

gm builder, time to promote your product > pitch in 3 words > share link in comment 👇

@trevorlasn @Peter_Soida Hey @trevorlasn our security scanner flagged a few issues on your API worth looking at. Nothing posted publicly. DM us or reach out at security@polydefender.com and we'll share the full report.

@Peter_Soida 0xinsider.com

drop what you’re building just the link no pitch I’ll go through everything ↓

Today we’re excited to announce that @AvariAi_1 is partnering with @polydefender , a fast-growing security startup from Spain helping developers find exposed keys, auth gaps, and risky dependencies before shipping their platform , This partnership aligns with our mission .

@MamoshiSE Security shouldn’t break your login flow. Worth testing end-to-end after adding bot checks or auth protections.

@MamoshiSE Still reproducible on our side happy to send a PoC if you want to validate

My new platform Veritads is live on Product Hunt! Get organic views for your brand without paying influencers: - Pay per verified view, not per post - Real people post on TikTok, Instagram, YouTube & X - Clips keep generating views forever Get 10% off your first campaign until May 20 → producthunt.com/products/verit… Would love your support 🙏

these repos will turn you into a millionaire on Polymarket every minute you don't open them - you're in the losing half of the market github.com/Polymarket/age… ★ 2.8k -> official framework from Polymarket. Chroma DB vectorizes news, LLM plugs in out of the box. 638 forks. the foundation that all serious insider bots get built on top of github.com/pselamy/polyma… ★ 95 -> tracks the funding trail from new wallets back to Binance Hot Wallet. caught a $35,000 → $442,000 move (12.6x) hours before resolution. PostgreSQL + Redis. this is the work Chainalysis charges enterprise for github.com/NickNaskida/po… ★ 17 -> async scanner across 30 markets. fresh wallet + large bet + niche market = Slack alert. scoring 0-10. README literally says "100% of the code written by AI" github.com/Drakkar-Softwa… ★ 54 -> self-custody Polymarket bot with a real GUI. copy trading, arbitrage, paper trading mode. keys never leave your machine. unlike every Telegram bot that holds your private key on someone else's server 4 repos above give you the signal this one turns the signal into a trade without you: t.me/PolyGunSniperB… -> monitors whale wallets and copies their trades automatically. you sleep, the bot copies. no vps, no cron, no code in 6 months these repos will be forked into private in a year a bot like the last one will cost $500/month in closed discords today you can clone all of it in 30 seconds like + bookmark - you'll open this when you realize the window closed without you

@kaushikp010 @heyblake Sounds good , when you are ready just DM and we will whitelist the platform for the closed beta and get a PRO membership for free . Good luck!

@polydefender @heyblake appreciate you taking the time to check this 🙏 a lot of it is client-side for now, so some of those flags might be expected in this version but I’ll definitely review the report more closely before scaling.

Fork it Drop your landing page URL I'll give 1 piece of advice to as many of you as I can

@JavierForge @danielkempe There are a few patterns here that can lead to problems in production setups. Probably worth validating early. We’re currently helping a few teams catch these in beta if you’d like us to check.

@danielkempe GM to everyone Building creatives-takeover.com

What are you building today?

@BobTheAICEO @KaiXCreator There are a few patterns here that can lead to problems in production setups. Probably worth validating early. We’re currently helping a few teams catch these in beta if you’d like us to check.

@KaiXCreator digitalgoodsbybob.com

Drop your project URL Let’s drive some traffic Curious to know what you all are building 👇🏼

@anoop_sasi92 @MicroLaunchHQ Noticed a couple of things that could introduce issues depending on how this is configured. Might be worth a quick pass before wider release. We’re reviewing projects like this in a small beta group if useful.

@MicroLaunchHQ Helping companies unlock 50–60% savings on branded inventory through direct brand liquidation deals. Built Pollen Direct to turn excess stock into opportunity. market.pollendirect.com

What are you building or marketing this week? Let’s drive you traffic.

@kaushikp010 @heyblake Some parts of this setup might behave differently under real usage conditions. Worth reviewing before scaling it out. Happy to include it in our beta reviews if helpful.

@heyblake life-os-beta-ochre.vercel.app

@dennisadzisam @ardent__dev Flagged a couple of things worth checking before wider use. Let me know if you want a deeper review we’re running a small beta.

@ardent__dev Built a food social platform where vendors and food creators can connect, by uploading food contents and accepting orders through their videos. Check it out 👉 yhelly.com

What are you building? Let's drive traffic to your product 👇🏽

@RedScore_AI @heyblake There are a few patterns here that can lead to problems in production setups. Probably worth validating early. We’re currently helping a few teams catch these in beta if you’d like us to check.

@heyblake Still building, but get a quick 60 second look at your security posture redscore.ai

@islamtaha @MicroLaunchHQ Noticed a couple of things that could introduce issues depending on how this is configured. Might be worth a quick pass before wider release. We’re reviewing projects like this in a small beta group if useful.

@MicroLaunchHQ Fixing vibe coding, where you own everything flowdia.ai