Guides · Security

Security holes we keep finding in AI-generated apps.

Most AI-generated and Lovable apps ship with the same security holes: permissions checked only in the browser, no server-side control over what a function may do, secrets reachable from the client, no limits on what automation can spend, and no isolation between clients' data. Every one of them is invisible in a demo and expensive with real users.

This is the security chapter of our complete guide to taking a Lovable prototype to production, expanded with what we actually find when these apps land on our desk.

01Permissions that live in the browser

The most common hole is authorization decided at the user level, in client code, with nothing on the server checking it. We were surprised how many Lovable-generated apps share exactly this pattern. The app looks fine because the interface hides what you're not supposed to see. Hiding is not protecting: anyone who opens the developer console can call the same functions with different parameters and reach other people's data.

The fix is boring and absolute. Authorization gets enforced on the server, and row-level security goes on every table in the database, so even a bypassed check hits a locked door.

02Secrets within reach of the client

API keys and credentials belong on the server, full stop. When a key ships inside the client bundle, anyone who views the page source owns it, and with it your database, your AI budget or your payment provider. Production systems keep secrets server-side only and verify payment webhooks by signature so they can't be spoofed.

03Automation with no spending limits

AI features spend money on every call, and generated apps almost never limit them. One client ran a fully automated website-building app with no cap on concurrent jobs, no spending limits and no real stop switch. One unsupervised day produced an AI bill of over $1,000. The app worked exactly as built. Nobody had built the brakes.

Rate limiting on sensitive endpoints, per-job caps and a functioning kill switch are not enterprise extras. They're the difference between a surprise invoice and a non-event.

04No isolation between clients

If your product serves more than one customer, each one must be able to reach only their own records, and the database itself must enforce that. In generated apps this boundary usually doesn't exist; every client's data sits one query away from every other client's. We verify isolation before every release with cross-account tests using two real accounts, because a promise in the code is not proof.

05What closing all of this looks like

The full hardening list is short to write and real work to do: row-level security on every table, server-side authorization checks, secrets kept server-side, webhook signature verification, rate limiting, two-factor authentication for admins, and an audit log so sensitive actions can be traced. It's one of the six engineering domains covered in every build, and the depth scales with the tier you pick.

If you want to know whether your own app has these holes, the honest first step is a scoping call. Straight answers to the questions founders ask before handing us a prototype are on the FAQ page.

Alon Trifonov, founder of Zyntari

Alon Trifonov

Founder and main developer at Zyntari. Building apps and AI solutions since 2024; before that, 12 years in sales and client-portfolio management and co-founder of two companies. More about the team · LinkedIn

01Home02Services03Pricing04Process05Guides06About07ContactClient loginGet a quote