← Back to videos

3 Security Checks Every AI-Built App Needs

@itsthatlady.devCapturedCoding Tools
See more in Coding Tools β†’

Exact instruction

  1. Never hardcode API keys β€” use environment variables (process.env). Tell your AI to use process.env, never literal strings.
  2. Use a real auth provider (Supabase, Clerk, or NextAuth) β€” never let AI invent a custom login system from scratch.
  3. After building, prompt AI: 'You are a hacker trying to break this app. Tell me every vulnerability and how to exploit it. Then tell me the fix.'

Suggested prompt

You are a security expert and hacker trying to break this app. Review all the code in this project and tell me: every vulnerability you can find, how a hacker could exploit each one, and the exact fix for each. Be thorough and specific.

Adopt?

Yes: All three checks apply directly to Claude Code projects. The hacker-prompt technique is immediately usable β€” paste it into any Claude Code session after building a feature to surface security gaps before shipping. General Claude Code practice.

show original caption

Your AI built app probably has security holes you can't see πŸ‘€Three checks I run on every single project (each takes 2 minutes): 1️⃣ Never hardcode API keys - use environment variables. One leaked key and a hacker owns your entire app. 2️⃣ Stop letting AI invent auth - use Supabase, Clerk, or NextAuth. Auth is where 90% of data breaches start. 3️⃣ Prompt AI like a hacker - "You're a hacker trying to break this app. Tell me every vulnerability."