I've been scanning production Lovable apps for security issues. The same 5 problems show up every time.
Current Situation Analysis
The rapid adoption of AI-assisted development platforms has fundamentally shifted how applications are built. Tools optimized for rapid prototyping generate functional code by default, prioritizing feature completion over security hardening. This creates a dangerous gap between demo-ready applications and production-grade systems. The industry pain point is no longer about writing code; it's about securing code that was never designed with threat modeling in mind.
This problem is systematically overlooked because AI models are trained on public repositories and documentation that emphasize functionality. When a founder prompts an AI to "build a payment flow" or "create a user dashboard," the model returns working implementations that assume open network access, unverified inputs, and client-side execution. Security controls like row-level policies, webhook signature verification, and server-side validation are treated as optional enhancements rather than foundational requirements. Most non-technical founders lack the security literacy to recognize these gaps, and automated static scanners frequently miss contextual flaws like missing business logic guards or misconfigured cloud provider defaults.
Industry data confirms the scale of the exposure. Q1 2026 research indicates that 91.5% of AI-assembled applications contain at least one critical vulnerability. CVE-2025-48757 alone documented this exact exposure pattern across 170+ production deployments, carrying a CVSS severity score of 9.3. The vulnerability isn't in the underlying frameworks; it's in the default configuration gap between rapid generation and secure deployment. Without intentional architectural intervention, AI-generated applications ship with predictable attack surfaces that scale linearly with user adoption.
WOW Moment: Key Findings
The most critical insight isn't that AI-generated code is insecure; it's that the security debt follows a predictable, measurable pattern. Traditional development workflows naturally accumulate security controls through code reviews, CI/CD gates, and security team oversight. AI-generated workflows bypass these checkpoints entirely, resulting in a stark divergence in production readiness.
| Deployment Approach | Critical Vulnerability Rate | Remediation Complexity | Production Readiness |
|---|---|---|---|
| AI-Generated Prototype | 91.5% | High (requires architectural refactoring) | Low (demo-only) |
| Security-Hardened Pipeline | <4.2% | Low (automated enforcement) | High (production-ready) |
This finding matters because it shifts the remediation strategy from reactive patching to proactive architecture. Instead of hunting for isolated bugs, teams can implement a standardized hardening layer that addresses the five most common exposure vectors simultaneously. The data shows that applying defense-in-depth controls at the routing, database, and credential layers reduces critical vulnerability density by over 95%, while keeping development velocity intact.
Core Solution
Securing an AI-generated application requires replacing implicit trust with explicit verification at every network boundary. The following implementation uses a TypeScript-based Next.js App Router architecture paired with Supabase, demonstrating how to enforce least privilege, validate inputs, and isolate credentials without rewriting the entire codebase.
1. Database Access Control: Enforcing Row-Level Security
Supabase intentionally exposes the anon key to clients. Security relies entirely on PostgreSQL Row-Level Security (RLS) policies. AI generators leave RLS disabled by default, allowing unauthenticated REST queries to return full table contents.
Implementation:
-- Enable RLS on sensitive tables
ALTER TABLE user_profiles ENABLE ROW LEVEL SECURITY;
-- Policy: Users can only read their own profile
CREATE POLICY "Users view own profile"
ON user_profiles FOR SELECT
USING (auth.uid() = user_id);
-- Policy: Users can update their own profile
CREATE POLICY "Users update own profile"
ON user_profiles FOR UPDATE
USING (auth.uid() = user_id);
Rationale: RLS moves authorization from the application layer to the database engine. Even if a client bypasses frontend checks or leaks an API key, the database enforces ownership. This eliminates entire classes of data exfiltration attacks without requiring application-level middleware.
2. Third-Party Webhook Integrity: Signature Verification
Payment providers like Stripe sign webhook payloads. AI-generated handlers frequently parse the raw JSON body and execute business logic immediately, creating a free fulfillment vector.
Implementation:
import { NextRequest, NextResponse } from 'next/server';
import Stripe from 'stripe';
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!);
export async function POST(req: NextRequest) {
const body = await req.text();
const signature = req.headers.get('stripe-signature')!;
try {
const event = stripe.webhooks.constructEvent(
body,
signature,
process.env.STRIPE_WEBHOOK_SECRET!
);
if (event.type === 'checkout.session.completed') {
const session = event.data.object as Stripe.Checkout.Session;
await fulfillOrder(session);
}
return NextResponse.json({ received: true }, { status: 200 });
} catch (err) {
console.error('Webhook signature verification failed:', err);
return NextResponse.json({ error: 'Invalid signature' }, { status: 400 });
}
}
Rationale: constructEvent validates the HMAC signature against the payload and timestamp. This prevents replay attacks and forged events. The handler rejects unverified payloads before touching business logic, ensuring payment fulfillment only triggers on cryptographically authenticated events.
3. Credential Isolation: Server-Side API Routing
AI models frequently embed API keys directly in React components or client-side configuration files. These keys compile into the JavaScript bundle and become publicly accessible via browser developer tools.
Implementation:
// app/api/chat/route.ts
import { NextRequest, NextResponse } from 'next/server';
export async function POST(req: NextRequest) {
const { prompt } = await req.json();
const response = await fetch('https://api.openai.com/v1/chat/completions', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.OPENAI_API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({
model: 'gpt-4o',
messages: [{ role: 'user', content: prompt }],
}),
});
const data = await response.json();
return NextResponse.json(data);
}
Rationale: Server-side route handlers keep secrets in environment variables that never reach the client. The frontend calls /api/chat, and the server proxies the request to the external model. This eliminates client-side key leakage while maintaining the same user experience.
4. API Consumption Throttling: Rate Limiting
Unprotected AI endpoints are vulnerable to automated request loops that can generate thousands of dollars in compute costs within hours.
Implementation:
import { Ratelimit } from '@upstash/ratelimit';
import { Redis } from '@upstash/redis';
import { NextRequest, NextResponse } from 'next/server';
const ratelimit = new Ratelimit({
redis: Redis.fromEnv(),
limiter: Ratelimit.slidingWindow(10, '1m'),
prefix: 'ai_chat_limit',
});
export async function POST(req: NextRequest) {
const ip = req.ip ?? 'anonymous';
const { success } = await ratelimit.limit(ip);
if (!success) {
return NextResponse.json(
{ error: 'Rate limit exceeded. Try again later.' },
{ status: 429 }
);
}
// Proceed with AI call...
}
Rationale: Sliding window rate limiting prevents burst abuse while allowing legitimate usage patterns. Tying limits to IP or authenticated user IDs ensures fair resource distribution. Redis-backed storage guarantees consistency across serverless instances.
5. Input Sanitization: Server-Side Schema Validation
Client-side HTML validation (required, pattern, minlength) improves UX but provides zero security. Direct API calls bypass the browser entirely.
Implementation:
import { z } from 'zod';
import { NextRequest, NextResponse } from 'next/server';
const submissionSchema = z.object({
email: z.string().email(),
amount: z.number().positive().max(10000),
role: z.enum(['viewer', 'editor']).default('viewer'),
});
export async function POST(req: NextRequest) {
const body = await req.json();
const parseResult = submissionSchema.safeParse(body);
if (!parseResult.success) {
return NextResponse.json(
{ error: 'Invalid payload', details: parseResult.error.flatten() },
{ status: 400 }
);
}
const { email, amount, role } = parseResult.data;
// Safe to proceed with database write
}
Rationale: Zod enforces type safety and business constraints at the network boundary. Rejecting malformed payloads before database interaction prevents injection attacks, type coercion exploits, and logical errors. Server-side validation is the only reliable security control for input data.
Pitfall Guide
1. The "Service Role" Shortcut
Explanation: Developers temporarily enable Supabase's service_role key to bypass RLS during development, then accidentally deploy it to production. This key ignores all database policies and grants full admin access.
Fix: Never expose service_role in client environments. Use it exclusively in server-side scripts or CI/CD pipelines. Enforce environment variable separation with build-time checks.
2. Webhook Replay Attacks
Explanation: Verifying the Stripe signature without checking the timestamp allows attackers to capture a valid webhook and replay it hours or days later, triggering duplicate fulfillments.
Fix: Configure Stripe webhook tolerance (tolerance: 300) and validate the event timestamp server-side. Reject events older than the tolerance window.
3. Over-Permissive RLS Policies
Explanation: Writing policies like USING (true) or USING (auth.role() = 'admin') without scoping to specific resources grants broader access than intended.
Fix: Always scope policies to auth.uid() or explicit foreign keys. Test policies using Supabase's policy simulator with multiple user roles before deployment.
4. Client-Side Validation as Security
Explanation: Relying on React form validation libraries or HTML attributes to protect endpoints. Attackers use curl, Postman, or custom scripts to send arbitrary JSON directly to API routes.
Fix: Treat client validation as UX only. Implement identical schema validation on every server route that accepts external input. Never trust the client boundary.
5. Unbounded AI Model Calls
Explanation: Calling external LLM APIs without token limits, budget caps, or response size constraints. A single prompt can trigger massive token consumption, resulting in unexpected billing spikes.
Fix: Set max_tokens on every API call. Implement server-side budget tracking per user. Use streaming responses to monitor consumption in real-time and abort if thresholds are exceeded.
6. Environment Variable Propagation
Explanation: Prefixing secrets with NEXT_PUBLIC_ in Next.js applications automatically bundles them into client-side JavaScript. This is a common misconfiguration when developers copy-paste configuration snippets.
Fix: Reserve NEXT_PUBLIC_ exclusively for non-sensitive configuration (API base URLs, feature flags). Keep all keys, tokens, and secrets in server-only environment variables. Audit next.config.js for accidental public exposure.
7. Missing Security Audit Trails
Explanation: AI-generated applications rarely include logging for authentication failures, permission denials, or rate limit triggers. Without audit trails, breaches go undetected until financial or reputational damage occurs. Fix: Implement structured logging for security-critical events. Store logs in a separate, append-only system. Set up alerts for anomalous patterns like repeated RLS denials or webhook signature failures.
Production Bundle
Action Checklist
- Audit all Supabase tables: Enable RLS on every table containing user, financial, or PII data.
- Verify webhook handlers: Confirm
constructEventor equivalent signature validation is present on all third-party endpoints. - Scan client bundles: Search deployed JavaScript for
sk_,service_role, orNEXT_PUBLIC_prefixes containing actual key values. - Implement rate limiting: Apply sliding window or token bucket limits to all external API proxies and AI endpoints.
- Enforce server-side validation: Replace client-only form checks with Zod/Yup schema validation on every POST/PUT route.
- Rotate exposed credentials: Immediately revoke and regenerate any keys found in client-side code or version control.
- Add security logging: Instrument authentication failures, RLS denials, and rate limit triggers with structured observability.
Decision Matrix
| Scenario | Recommended Approach | Why | Cost Impact |
|---|---|---|---|
| Internal admin tools | Supabase service_role key |
Bypasses RLS for trusted backend operations | $0 (infrastructure only) |
| Public user-facing APIs | Supabase anon key + RLS policies |
Enforces least privilege at the database layer | $0 (native PostgreSQL feature) |
| Low-traffic SaaS (<1k MAU) | In-memory rate limiting | Simpler setup, no external dependencies | $0 |
| High-traffic SaaS (>10k MAU) | Redis-backed sliding window | Consistent limits across serverless instances, survives restarts | ~$5β$15/mo |
| Payment webhooks | HMAC signature + timestamp tolerance | Prevents forgery and replay attacks | $0 (Stripe native) |
| AI model integration | Server proxy + max_tokens + budget caps | Prevents cost explosion and key leakage | ~$0.002β$0.03 per 1k tokens |
Configuration Template
// lib/security.ts
import { Ratelimit } from '@upstash/ratelimit';
import { Redis } from '@upstash/redis';
import { z } from 'zod';
export const redis = Redis.fromEnv();
export const apiRateLimiter = new Ratelimit({
redis,
limiter: Ratelimit.slidingWindow(30, '1m'),
prefix: 'prod_api_limit',
});
export const securePayloadSchema = z.object({
action: z.enum(['create', 'update', 'delete']),
resourceId: z.string().uuid(),
metadata: z.record(z.string(), z.unknown()).optional(),
});
export function validateSecurityHeaders(req: Request): boolean {
const origin = req.headers.get('origin');
const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(',') ?? [];
return allowedOrigins.includes(origin ?? '');
}
Quick Start Guide
- Initialize security middleware: Create a
lib/security.tsfile containing rate limiting, schema validation, and header checks using the template above. - Wrap API routes: Import the rate limiter and schema validator into every
app/api/*/route.tsfile. Reject requests that fail validation or exceed limits before executing business logic. - Enable database policies: Open your Supabase dashboard, navigate to Database β Policies, and enable RLS on all tables. Generate ownership-based policies using
auth.uid()as the primary filter. - Isolate credentials: Move all API keys to server-only environment variables. Replace client-side API calls with Next.js route handlers that proxy requests server-side.
- Verify webhook integrity: Update payment and notification handlers to validate cryptographic signatures and reject unverified payloads. Test using provider-specific CLI tools or mock endpoints.
Mid-Year Sale β Unlock Full Article
Base plan from just $4.99/mo or $49/yr
Sign in to read the full article and unlock all tutorials.
Sign In / Register β Start Free Trial7-day free trial Β· Cancel anytime Β· 30-day money-back