This is an illustrative scenario. Names, details, and quotes are fictional.
How An AI Wrapper SaaS secured their ai wrapper
Solo founder found exposed OpenAI keys and SSRF in a Cursor-built AI tool
The challenge
A solo founder built an AI writing assistant with Cursor in three weeks and launched on Product Hunt. The app wrapped OpenAI and Anthropic APIs with a custom UI, multi-tenant workspaces, and Stripe billing. Usage was growing fast, but the founder noticed unexplained spikes in OpenAI costs. With no security background and no time for a manual audit, they needed to find the problem fast before the API bill drained their runway.
Vulnerabilities discovered
VibeEval found 23 security issues across this ai wrapper application.
OpenAI API Key in Frontend Bundle
SSRF in Model Endpoint
Tenant Data Leakage
Missing Rate Limiting on Inference
Insecure Direct Object Reference
Prompt Injection Vector
Verbose Error Messages
Missing Input Validation
Outdated Dependencies
Missing Security Headers
Weak CORS Configuration
No Request Logging
The solution
VibeEval found the OpenAI API key embedded in the frontend JavaScript bundle within the first minute of scanning. It also uncovered an SSRF vulnerability in the model endpoint and a tenant isolation flaw in the shared database layer. The founder patched the critical issues in a weekend and set up weekly scans to catch new vulnerabilities as the codebase evolved.
"My OpenAI bill spiked because someone found my API key in the JS bundle. VibeEval found it in the first scan plus a tenant leakage bug that could have ended my product. Fixed everything in a weekend."
Frequently asked questions
How did VibeEval find the exposed API key?
VibeEval scanned the frontend JavaScript bundle and found the OpenAI API key embedded in a configuration object. The key was included during the Cursor-generated build process and was accessible to anyone viewing the page source.
What was the tenant data leakage vulnerability?
The shared database query layer used string interpolation for tenant filtering instead of parameterized queries. Under specific conditions, one workspace API request could return data belonging to another workspace.
How long did it take to fix the critical issues?
The founder moved the API key to a server-side proxy in a few hours, patched the tenant isolation bug the next day, and added rate limiting by Sunday. Total fix time: one weekend.
Did VibeEval produce false positives on the AI-specific code?
Out of 24 reported vulnerabilities, only 2 were initially flagged as potential false positives. After investigation, one turned out to be a genuine edge case issue. The overall false positive rate was under 5%.
Get similar results for your application
Start scanning your application for vulnerabilities today. Free trial available.