TL;DR
Security depends on your stack. Find guides below based on which AI coding tool you used (Cursor, Bolt, Lovable), where you're deploying (Vercel, Netlify), and which database you're using (Supabase, Firebase). Start with the 5-minute checklist, then read your platform-specific guide.
You built something. Congratulations. Now you're worried about security and don't know where to start. That's completely normal. Every founder who's vibe-coded an app faces the same question.
The good news: you don't need to learn everything. You need to learn the right things for your specific setup. This page helps you find exactly which guides to read.
What AI Coding Tool Did You Use?
Different tools have different defaults and common issues. Pick the guide that matches your primary tool:
Cursor
Built your app using Cursor IDE with AI code generation. Common issues include exposed API keys and authentication gaps.
Bolt.new
Used Bolt to generate and deploy your app. Often includes Supabase backend that needs RLS configuration.
Lovable
Built with Lovable (formerly GPT Engineer). Typically includes Supabase integration and Vercel deployment.
v0 by Vercel
Used v0 to generate components or full apps. Frontend-focused with Vercel deployment.
Where Are You Deploying?
Your hosting platform needs security configuration too. These guides cover environment variables, security headers, and platform-specific settings:
Vercel
Environment variables, security headers in vercel.json, and edge function security.
Netlify
Headers configuration, environment variables, and form security settings.
Railway
Database connections, environment management, and production settings.
Replit
Secrets management, deployment security, and going from prototype to production.
Which Database Are You Using?
If your app stores data, database security is critical. Most vibe-coded apps use one of these:
Supabase
Row Level Security (RLS), authentication setup, and common Supabase vulnerabilities.
Firebase
Security rules, Firestore configuration, and Firebase Authentication best practices.
The Recommended Reading Path
If you're not sure where to start, follow this path:
5-Minute Security Checklist
Quick wins that apply to every app. Takes 5 minutes, catches the critical issues.
Not Sure What You Used?
If you're not sure which tools your app uses, here are some clues:
- Check your project files: Look for vercel.json (Vercel), netlify.toml (Netlify), or supabase folder (Supabase).
- Check your package.json: Dependencies like @supabase/supabase-js or firebase indicate your backend.
- Check your deployed URL: If it ends in .vercel.app, you're on Vercel. If it's .netlify.app, you're on Netlify.
Still not sure? Just start with the 5-Minute Security Checklist. It covers the universal issues regardless of your stack.
What If I Used Multiple Tools?
Many vibe-coded apps combine multiple tools. For example, you might have used Cursor to write code, Supabase for your database, and Vercel for deployment. In that case:
- Start with the checklist (covers everything)
- Read your primary AI tool guide (Cursor)
- Read your deployment guide (Vercel)
- Read your database guide (Supabase)
The guides are designed to be read independently. Each one covers what you need for that specific piece of your stack.
Where should I start with security for my vibe-coded app?
Start with a basic security scan to identify obvious issues like exposed API keys and missing HTTPS. Then read the platform-specific guide for the AI tool you used (Cursor, Bolt, Lovable, etc.) and the deployment platform guide (Vercel, Netlify, etc.). Focus on the quick wins first before diving into advanced security.
Do I need different security steps for different AI coding tools?
Yes, different tools have different default configurations and common issues. For example, Bolt.new apps often have Supabase backends requiring RLS setup, while Cursor projects might need different attention depending on your framework choice. Each tool has specific security considerations covered in our platform guides.
Which security guide should I read if I used multiple tools?
Read the guide for your primary AI coding tool first, then check the deployment platform guide (Vercel, Netlify, etc.), and finally the database guide if you're using Supabase or Firebase. The 5-Minute Security Checklist covers the universal issues regardless of which tools you used.