3 Security Checks Every AI-Built App Needs
See more in Coding Tools βExact instruction
- Never hardcode API keys β use environment variables (process.env). Tell your AI to use process.env, never literal strings.
- Use a real auth provider (Supabase, Clerk, or NextAuth) β never let AI invent a custom login system from scratch.
- After building, prompt AI: 'You are a hacker trying to break this app. Tell me every vulnerability and how to exploit it. Then tell me the fix.'
Suggested prompt
You are a security expert and hacker trying to break this app. Review all the code in this project and tell me: every vulnerability you can find, how a hacker could exploit each one, and the exact fix for each. Be thorough and specific.
Adopt?
Yes: All three checks apply directly to Claude Code projects. The hacker-prompt technique is immediately usable β paste it into any Claude Code session after building a feature to surface security gaps before shipping. General Claude Code practice.
show original captionhide original caption
Your AI built app probably has security holes you can't see πThree checks I run on every single project (each takes 2 minutes): 1οΈβ£ Never hardcode API keys - use environment variables. One leaked key and a hacker owns your entire app. 2οΈβ£ Stop letting AI invent auth - use Supabase, Clerk, or NextAuth. Auth is where 90% of data breaches start. 3οΈβ£ Prompt AI like a hacker - "You're a hacker trying to break this app. Tell me every vulnerability."