Launching today
OpzyAI
Finds what your AI-built app leaks — your editor fixes it
7 followers
Finds what your AI-built app leaks — your editor fixes it
7 followers
OpzyAI is a security scanner for apps built with AI coding tools like Cursor, Lovable, v0 and Bolt. Paste a URL for a free Vibe Check — a Launch Readiness score that catches leaked API keys, exposed source and config, and the security holes AI quietly ships — with plain-English fixes. Connect your repo for deep scans of secrets, dependencies and code, then get fixes your AI editor applies for you over MCP — exact dependency upgrades and secret-rotation runbooks.










Love that you're tackling the "AI shipped it without me noticing" problem. One thing that would make the Vibe Check way more useful for me would be a built-in way to whitelist known-safe findings (like specific public demo keys or third-party tokens I intentionally expose) so I'm not drowning in noise every scan. Right now it'd feel like alert fatigue city.
@yaar12288923445 ha, "alert fatigue city" is exactly what I was trying to avoid building. publishable keys (stripe pk_, supabase anon etc) are already allowlisted so those never get flagged — only stuff that actually grants access shows up. but you're right, there's no way yet to mark a finding as "intentional, stop showing me this". fair point, going on the roadmap.
A free Vibe Check is a smart hook for AI-built apps, nice move. One thing that would help me a lot is a public badge or embed widget showing the latest scan score, so founders can put proof of security right on their landing page. Would also make sharing fixes with teammates way easier than copying a report link.
@serpilyg9s Good news: this exists! 🎉 Every scan report with a score of 80+ has an "Add the badge to your README" section — copy-paste Markdown or HTML, and the badge is a live SVG showing your score. We deliberately made 80 the bar so the badge actually means something (below that, the report nudges you to fix the findings and re-scan to earn it).
Ran the Vibe Check on a Lovable app and it actually caught an exposed Supabase key I'd forgotten about. The plain-English fix suggestions were clear enough that I could hand them to my non-technical cofounder.
@koglu5218 oh this is great to hear. a forgotten supabase key on a lovable app is basically the exact reason this exists. and "could hand them to my non-technical cofounder" might be the best thing anyone's said about the plain-english findings. thanks for actually running it and coming back to tell me!