Launching today

Perfai Security
Find & fix live vulnerabilities in Vibe Apps with 1-prompt.
306 followers
Find & fix live vulnerabilities in Vibe Apps with 1-prompt.
306 followers
Autonomous access control security for Vibe-coded apps. Our platform finds and fixes live vulnerabilities in your vibe-apps built on Replit, Lovable, Claude Code, Cursor, and other AI-coding tools. 1-prompt makes your app production-ready in minutes without requiring security expertise.










If UI hides an admin route that's still live on the backend, does Vision Agent even catch it?
Perfai Security
@calvin_russell1 yes, that's what it's built for. The Vision Agent doesn't just click the UI — it maps the underlying API surface (every endpoint it can discover), so a route that's hidden from the interface but still live on the backend gets found and attacked anyway. That "hidden-but-live admin function" is a class we explicitly hunt, known as shadow functionality (and broken function-level authorization (BFLA)). If the backend still honors it, we'll call it, prove it with a reproducible request, and hand you the fix.
Release AI
@calvin_russell1
Yes, and this is one of our favorite bugs to catch!
Hidden-but-live routes are classic access control gaps. The UI hides the admin page from regular users, but the backend never checks who's asking. Code review misses it, and clicking around the app misses it, because the door is invisible to the eye.
Here's how we catch it: our Vision Agent maps your app from higher-privilege views too, so it knows the admin routes exist. Then the Security Agent tries reaching those routes and APIs as lower roles. If a viewer account can hit a live admin endpoint the UI never showed them, that's a finding, with the exact request that proved it.
Hiding a button isn't security. The backend has to enforce it, and we test that it does. And with drift detection, if a new route ships next week without protection, we catch that too.
Try it free at perfai.ai and get a full pentest-style report. We're giving away 50% discount codes for the launch too. Need extra credits or help onboarding your app? Just reach out. Happy to help!
this is a real gap. so many vibe-coded apps ship with auth or row-level security completely missing because the tool never surfaced it as a decision point. curious how deep the "fix" side goes though - does it actually patch broken access control rules in the code, or mostly flag the issue and leave the fix to you
Release AI
@omri_ben_shoham1
You nailed the root cause. The tools never surface auth as a decision point, so builders never make the decision. The gap ships silently.
On the fix side: it goes deeper than flagging. Every finding comes with a ready-to-run fix for your code agent. One prompt like "Fix All", "Fix Critical", or "Fix #2" and the patch gets applied where the flaw actually lives, whether that's your API authz logic or a data-layer rule. You don't need to figure out the fix yourself or be a security expert.
You stay in control though. You review what changes before it ships, so nothing load bearing gets touched blind. Find, fix, verify, done.
And with drift detection, we keep testing as your app changes, so new gaps get caught too.
Try it free at perfai.ai and get a full pentest-style report. We're giving away 50% discount codes for the launch too. Share your app URL and I'll get you a free report personally. Need extra credits or help onboarding? Just reach out. Happy to help!
Voquill
Congratulations! Does this work with any deployed web app, or is it mainly built for apps created with AI coding tools?
Perfai Security
@henry_habib It works with any deployed web app that has a URL. We test black-box from the outside, so we're fully stack-agnostic. It doesn't care whether you hand-wrote it, vibe-coded it, or inherited it. The "vibe-coded" framing is where our solution is needed most right now, but the engine tests any app with roles, APIs, and a database. The only place the AI-coding tool matters is the fix handoff... our Fix Agent delivers remediation through an MCP server you drop into any IDE (Cursor, VS Code, Claude Code…), and it works even if you just want the exact patch to apply yourself. Point it at any URL and see. You can sign up for free or get 50% off our pro plan using the discount code (in pinned comment).
Release AI
@henry_habib
Thank you!
It works with any deployed web app. If it runs in a browser and has a URL, we can test it. Doesn't matter if it was built by AI agents, a dev team, or ten years ago by a contractor nobody remembers.
We talk a lot about vibe-coded apps because they're the most at risk: shipped fast, often with no security review, and full of access control gaps. But the testing itself doesn't care who wrote the code. Our agents test the running app across UI, API, data, and roles, so any stack works: React, Rails, PHP, whatever.
Same simple flow for everyone: paste your URL, our agents explore, sign up their own test accounts, and get to work. Drift detection keeps coverage fresh as the app changes.
Try it free at perfai.ai and get a full pentest-style report. We're giving away 50% discount codes for the launch too. Need extra credits or help onboarding your app? Just reach out. Happy to help!
Perfai reduces the barrier to security testing as the workflow is as easy as pasting the URL. Congrats on launching today.
Perfai Security
Much appreciated @himani_sah1
That’s exactly what we’re trying to solve. With so many vibe-coded apps going live, security testing needs to fit the builder’s workflow. Perfai Security makes it possible for solo founders and small teams to deep-test access controls in live apps without needing enterprise security teams, long setup cycles, or manual testing expertise.
Release AI
@himani_sah1
Thank you! That's exactly the goal.
Security testing has always had a high barrier: expensive pentests, complex tools, or needing an expert on the team. Most builders just skip it. So we made the barrier one paste. Drop in your URL, and our agents explore your app, sign up their own test accounts, and test everything across UI, API, data, and roles.
No setup project, no security background needed. And with drift detection, coverage stays fresh as your app changes, so it's not a one-time check.
Try it free at perfai.ai and get a full pentest-style report. We're giving away 50% discount codes for the launch too. Need extra credits or help onboarding your app? Just reach out. Happy to help!
EverTutor AI
Vibe coding made building apps 10x faster, but security has become the biggest blind spot. Love that you're solving this with a single prompt approach. This could save builders countless hours of manual audits. Congrats on the launch
Perfai Security
@suryansh_tiwari2 thank you!! 🙏 and you framed it exactly right: vibe coding made building 10x faster, but nothing made to secure at that same speed. That's a gap we close, and aim to improve. Those "countless hours of manual audits" are the real cost... enumerating 6,000+ access controls across UI, API, and DB by-hand takes a pentest team weeks, but our agents run the same matrix autonomously in minutes.
Since EverTutor's likely handling real student data, I'd love for you to try it out. You can sign up free or get 50% off on the pro plan at perfai.ai
Release AI
@suryansh_tiwari2
Thank you! You said it perfectly. Building got 10x faster, but security didn't keep up. That gap is where all the trouble lives.
The wild part is most builders don't even know what they're missing. Gartner reports access control issues drive about half of all breaches, and those bugs are invisible when you're just clicking around your app. That's why we made testing as easy as building: paste your URL, our agents do the rest, and every finding comes with a one-prompt fix like "Fix Critical".
No manual audits, no thousands spent on pentests, and drift detection keeps you covered as your app grows.
Try it free at perfai.ai and get a full pentest-style report. We're giving away 50% discount codes for the launch too. Need extra credits or help onboarding your app? Just reach out. Happy to help!
Creatium
As someone who watches teams ship fast with AI tools, closing the security gap before production without needing a dedicated security hire is exactly the kind of operational leverage I want.
Release AI
@kelly_king3
This is exactly the leverage we're going for. Thank you!
A security hire costs $150K+ a year, and most fast-moving teams can't justify one until something breaks. Pentests cost thousands per run and go stale after the next deploy. So the real choice for most teams has been: pay a lot, or ship exposed.
Perfai gives you the third option. Our agents test every update across UI, API, data, and roles, catch what a security review would catch on the access control side, and hand your devs one-prompt fixes. Drift detection keeps coverage fresh as the team ships. It's like having that security hire on every deploy, without the headcount.
Try it free at perfai.ai and get a full pentest-style report. We're giving away 50% discount codes for the launch too. Share your app URL and I'll get you a free report personally. Need extra credits or help onboarding your team's apps? Just reach out. Happy to help!
Release AI
@priyatharshini_c
Thank you so much! This means a lot.
You described it perfectly. Security is always the thing people "mean to get to eventually". But eventually usually arrives as a leaked database or an angry customer email. The Replit, Lovable, and Cursor wave is amazing for building, but nobody's tool stops to ask "hey, should viewers really be able to see this?"
So we made the secure path the lazy path. Paste your URL, agents do the rest, one-prompt fixes when we find something. And drift detection keeps watching as the app grows, so it's not a one-time checkbox.
If you ever ship something, the free tier at perfai.ai gets you a full pentest-style report. We're giving away 50% discount codes for the launch too. Share your app URL and I'll get you a free report personally. Need extra credits or help onboarding? Just reach out. Thanks for rooting for us!