// The Risks
Drawn from hundreds of audits Cloud Security Partners has run on AI-generated codebases. Ranked by how often attackers exploit them — not by how scary they sound.
AI assistants confidently inline service-role keys, OpenAI tokens, and database passwords into client-side code or commit them to git. Once it's in a commit, it's in the history forever — and bots scrape public repos within minutes.
Use environment variables and a secret manager. Rotate every key that's ever been committed. Add a pre-commit hook (gitleaks, trufflehog) to catch the next one.
AI-generated schemas almost always skip Row-Level Security. Without it, any authenticated user can read or modify every row in every table — including other users' data, payment info, and admin records.
Enable RLS on every table from day one. Default to deny. Write explicit policies tied to auth.uid(). Audit with a tool that simulates queries as different users.
Client-side admin checks (`if (user.role === 'admin')` in React) are trivially bypassed. Role flags in localStorage. Password reset tokens that never expire. JWTs validated only on the frontend.
Store roles in a separate table. Check authorization server-side, on every protected request. Never trust the client. Never store roles on the user/profile row.
Models reproduce SQL injection, IDOR, XSS, and SSRF patterns from their training data. They'll happily build a search box that interpolates user input into a raw SQL string.
Use parameterized queries and ORMs. Validate and sanitize every input with Zod or a schema validator. Escape output. Pen-test before launch.
Stripe, Slack, Google, and webhook integrations get wired up with full admin scopes 'because the docs example used them.' One compromised key, total tenant takeover.
Grant least privilege. Scope OAuth tokens. Use restricted API keys. Rotate on a schedule and on every team change.
Webhook handlers that don't verify signatures. /api/admin routes left unauthenticated. Cron-job endpoints anyone can hit to trigger payments or emails.
Verify every webhook signature with HMAC. Authenticate every endpoint by default. Treat any URL an attacker can guess as hostile.
Login forms with no throttling get credential-stuffed in hours. AI endpoints with no rate limit turn into the attacker's free GPU. Email-sending endpoints become spam relays.
Rate limit at the edge. Add CAPTCHA on auth flows. Cap per-user spend on AI features. Alert on anomalies.
No logs, no alerts, no audit trail. When the breach happens — and it will — you have no way to know what was taken, by whom, or how to evict them.
Log authentication events, admin actions, and data exports. Pipe to a SIEM or at minimum a queryable log store. Set alerts on impossible-travel logins and bulk exports.
Public storage buckets. World-readable databases. CORS set to `*` because it 'fixed the error.' Edge functions running with admin credentials they don't need.
Default everything to private. Tighten CORS to known origins. Audit IAM with the principle of least privilege. Use a cloud posture scanner.
Cloud Security Partners
Our engineers review AI-generated codebases the way attackers will — line by line, integration by integration. Then we hand you the fix list, ranked by what actually matters.