Built this because I shipped an app with a security vulnerability I should've caught.
The issue? I asked Claude to "build an endpoint" but never specified that it should enforce access control. Claude generated working code, just not secure code.
So I tested 100+ prompts. Found 60 that force Claude to be secure by default.
What's the worst vulnerability you've found in AI-generated code? And did you catch it before or after shipping?
I shipped an app with Claude. Found out the hard way that working code isn't secure code. Claude defaults to insecurity: JWT in localStorage, hardcoded secrets, raw SQL strings, no RLS.
So I tested 100+ prompts to fix this. Found 60 that work. Three modes: Generate (build secure from scratch), Audit (find holes in existing code), Harden (fix shipped code safely). Then paste, verify, ship confidently. Works with Claude, Cursor, Lovable, v0, Bolt.
