Author
Barret
Barret is an engineer, builder, and entrepreneur — he built Is My Site Hackable? to catch the security gaps that AI app builders leave behind. Father, husband, author, and incurable tinkerer (from woodworking to endurance racing), he writes about shipping software that actually holds up. More of him at Men Made Better.
Recent writing
Exposed Secrets and API Keys in Frontend Code: The Complete Guide
An exposed API key in your frontend isn't always an emergency. Learn which keys are public by design, which are real leaks, and how to find and rotate the dangerous ones.
Firebase Security for AI-Built Apps: The Complete Guide
Firebase security rules in plain English for vibe-coded apps. Your API key is public by design — learn what's actually secret and how to secure Firebase.
Supabase Security for AI-Built Apps: The Complete Guide
A plain-English guide to Supabase security for AI-built apps. Learn the real risks — RLS, service keys, storage buckets — and how to check your own app today.
Vibe Coding Security: The Complete Guide
Vibe coding security, explained for non-developers. Why AI-built apps ship with leaks, the main risk classes, and how to check your own app in minutes.
45% of AI-Generated Code Ships With a Vulnerability: The Research
AI generated code security, by the numbers. Four studies — Veracode, Carnegie Mellon, Escape.tech, Tenzai — on how often AI code ships with a vulnerability.
A Key Just Leaked — Rotate, Audit, Monitor (in That Order)
A secret key leaked? Here's the incident runbook: confirm it's actually secret, rotate it, audit for abuse, then monitor — because keys re-leak on the next deploy.