Static Analysis of 48 AI-Generated Apps: 90% Had Security Vulnerabilities
A developer recently shared results from running static analysis on 48 public GitHub repos built with Lovable, Bolt, or Replit. The findings: 90% had at least one security vulnerability. The breakdown of issues:
- 44% — authentication gaps: routes unprotected despite a login system
- 33% — Postgres functions marked
SECURITY DEFINER, bypassing row-level security - 25% — BOLA/IDOR: missing ownership checks in database queries
- 25% — committed .env or config files
The auth gap is instructive: AI tools generate working login flows (registration, email verification, sessions, password reset) but often fail to protect individual API routes or pages. The prompt was "build a dashboard with auth" — the LLM built both, but didn't implicitly verify every route is behind a guard. The pattern is systematic, not random.
SECURITY DEFINER is the hidden one: AI tools generate these to resolve permission errors locally. The function runs as DB superuser, bypassing all RLS policies. The app works perfectly locally but is exploitable in production — no error or warning.
The author notes this isn't a Claude-specific problem; it's a constraint of LLMs generating code from "write me a working app" prompts without adversarial thinking.
📖 Read the full source: r/ClaudeAI
👀 See Also

Wide OpenClaw: Security Risks from Loose Discord Bot Permissions
A security researcher demonstrates how OpenClaw can be exploited when users add the AI assistant bot to their Discord server with excessive permissions, targeting users who grant root/admin access without considering security controls.

OpenClaw's External Content Wrapper for Prompt Injection Defense
OpenClaw uses an external content wrapper that automatically tags web search results, API responses, and similar content with warnings that it's untrusted, priming the LLM to be skeptical and more likely to refuse malicious instructions.

Security Analysis of Extracting OpenClaw Components for Custom AI Agents
A developer analyzed OpenClaw's source code to determine which components can be safely extracted for use in custom AI agents, scoring each using the Lethal Quartet framework. The analysis reveals significant security risks in components like Semantic Snapshots and BrowserClaw.

AI Agent Exploits SQL Injection to Compromise McKinsey's Lilli Chatbot
Security researchers at CodeWall used an autonomous AI agent to hack McKinsey's internal Lilli chatbot, gaining full read-write access to its production database in two hours via an SQL injection vulnerability in unauthenticated API endpoints.