Streatix | Audits and engineering for AI-generated code

Streatix | Audits and engineering for AI-generated codeAudits and engineering for apps built with Lovable, Bolt, Cursor, v0, and Replit Agent. New post every Tuesday and Friday.https://streatix.com/enOur reference Lovable app leaked every user's data. The culprit was an off-by-default Supabase setting.https://streatix.com/blog/our-reference-lovable-app-leaked-every-users-data/https://streatix.com/blog/our-reference-lovable-app-leaked-every-users-data/A war story from one of our reference apps: how a Lovable-built SaaS shipped with Supabase Row-Level Security disabled, why we didn't see it immediately, and what the three-policy fix actually looks like.Tue, 26 May 2026 09:14:32 GMTsecuritysupabaserlssecuritylovablemulti-tenancyStreatixAnyone Can Forge Your Stripe Webhooks. Here's the 8-Line Fix.https://streatix.com/blog/anyone-can-forge-your-stripe-webhooks/https://streatix.com/blog/anyone-can-forge-your-stripe-webhooks/AI code generators consistently ship Stripe webhook handlers without signature verification. Here's why, what the bug looks like, and the exact code to fix it.Fri, 22 May 2026 08:53:47 GMTsecuritystripesecuritywebhookslovableboltcursorStreatix