All activity
Raz Azulayleft a comment
Proving real exploits vs just flagging potential ones is the hard part - most scanners stop at "this looks risky" and leave the developer to figure out if it's actually exploitable. How do the agents handle scope boundaries? Running security scans in production is a minefield if it's not carefully constrained.
LaunchSafeAI agents that pentest your app and prove real exploits
Raz Azulayleft a comment
Open source for security tooling is the right call - you can't ask developers to trust a black box that's poking at their app. Curious about the false positive rate in practice. In my experience scanning real-world apps, the gap between "flagged" and "actually exploitable" is where most tools lose credibility.
Strix AgentsAI Hackers to secure your vibe-coded apps
Raz Azulayleft a comment
Prompt injection is probably the most underestimated attack surface right now - developers ship LLM features way faster than they think about what happens when the input is hostile. Does 0DIN test for indirect injection too (via tool outputs, RAG retrieval, etc.) or just direct user input? That's where the really nasty stuff hides.
Mozilla 0DIN AI ScannerScan any LLM chatbot for vulnerabilities
Raz Azulayleft a comment
Catching this at deploy time rather than after the fact is huge. IaC misconfigurations are one of those things that sit quietly until they don't. Does it handle cross-stack references? Some of the worst S3 exposure issues I've seen come from permissions that look fine in isolation but open up when stacks interact.
CDK InsightsCatch security issues in your AWS CDK before deployment
Raz Azulayleft a comment
DMARC is still shockingly underadopted - it's one of the most common gaps I see when scanning domains. Most devs set it to p=none and forget it, which gives zero actual protection. Does DMARKOFF push toward p=reject by default or does it let teams stay in monitor mode indefinitely? That decision makes all the difference.
DMARKOFFSimplified and total DMARC control
Raz Azulayleft a comment
This fills a real gap - I've caught myself staring at the terminal waiting for Claude to finish way too many times. The four auto-accept modes are the right call, YOLO mode for scaffolding and Strict for anything touching prod. One question: does the LCD status show which tool Claude is currently using (file read vs bash vs edit)? That granularity would be genuinely useful for knowing when to...
CC-BEEPERA floating macOS pager for Claude Code
Raz Azulayleft a comment
Desktop apps for AI builders felt inevitable - browser tabs don't cut it when you're in deep flow. The MCP support is what makes this genuinely powerful. As someone building security tools for vibe-coded apps, I'm curious: does the desktop version add any security sandboxing for the generated code preview?
Lovable Desktop AppOrganize projects with tabs & power workflows via local MCPs
Raz Azulayleft a comment
Love this! I use Claude Code daily to build my security scanner. Routines could be a game changer for repetitive scanning workflows.
Claude Code RoutinesPut Claude Code tasks on autopilot with smart routines
Most vibe coders ship without thinking about security. UNPWNED changes that.
Paste your domain ā get an AI-powered security report in minutes.
ā 30+ checks: SSL, secrets, open endpoints, headers, DNS, CORS, GitHub repo scan and more
ā AI findings with fix prompts for Cursor or Claude
ā Security score 0-100
ā Continuous monitoring - alerts when something changes
Built for indie hackers who ship fast but want to ship safe.
No setup - just paste and scan.
Try it on our demo: demo.unpwned.io
UNPWNEDAI security scanner for vibe coders - paste, scan, fix
Raz Azulayleft a comment
Hey Product Hunt! š I'm Raz, a solo founder and indie hacker. I built UNPWNED after seeing how many vibe coders (including myself) were shipping apps with serious security holes ā exposed API keys, missing security headers, open endpoints ā without even knowing it. The problem: most security tools are built for enterprise teams, not for solo devs who just want to ship fast. So I built UNPWNED ā...
UNPWNEDAI security scanner for vibe coders - paste, scan, fix