Moltbook Perfectly Reveals the State of Security of Vibe Coded Apps

The post describes how Moltbook, a recently launched "vibe coded" platform, revealed major security vulnerabilities discovered by researchers. Wiz researchers found a Supabase API key exposed via browser development tools, providing full read/write access to the production database. The author also identified issues including an overly permissive CORS policy, weak content security policy, and missing security headers, allowing dynamic code execution and user data theft. The post then provides detailed technical recommendations for securing "vibe coded" applications, including using secret scanners, properly configuring CORS and CSP policies, and adding appropriate security headers.