ShipSafe Blog
Security research
Vulnerability deep-dives, platform analysis, and practical guides for founders building with AI tools.
Windsurf's Zero-Click RCE: How an HTML Page Owns Your IDE (CVE-2026-30615)
Windsurf processes attacker-controlled HTML, writes itself a malicious MCP server entry, and launches it — no clicks, no prompts, no warning. Here's exactly how CVE-2026-30615 works and what to do about it.
Clinejection: How One PR Compromised an AI Coding Agent Used by Millions
Between Feb 17 3:26am PT and 11:30am PT 2026, every developer who installed cline@2.3.0 got a postinstall payload. Here's how it happened, how to check if you were hit, and the AI-tool supply-chain lessons.
Comment and Control: One PR Title Drained Their Anthropic Bill
Claude Code, Gemini CLI, and Copilot Agent all run on pull requests. Researchers proved a single PR title can prompt-inject the agent and exfiltrate ANTHROPIC_API_KEY plus GITHUB_TOKEN. Here's the attack and the seven-line fix.
MCP Tool Poisoning and Rug Pulls: The New Trust Problem in AI Tools
You approve an MCP server on Monday. On Tuesday it changes its tool description. On Wednesday your agent silently exfiltrates emails. This is the rug pull (CVE-2025-54136). Here's the threat model and the defense.
The Invisible Backdoor: Hidden Unicode in .cursorrules and CLAUDE.md
Your AI sees text humans can't. Zero-width and Unicode tag characters in agent config files let attackers embed prompt injection payloads in plain sight. Here's how to detect them and what to do.
Cursor's Git Hook Trap: One Clone, Full RCE (CVE-2026-26268)
An AI agent clones a repo. The agent runs git commit. A pre-commit hook the attacker placed fires with full developer privileges. No prompt, no click. This is CVE-2026-26268. Here's the fix.
The Lovable April 2026 Breach: What Got Leaked and What to Check
Source code, database credentials, AI chat history, and customer data — every pre-November 2025 Lovable project was exposed. Here's what we know, what was leaked, and the eight-step audit for your app.
Three LangChain CVEs in 30 Days: SSRF, Path Traversal, and SQL Injection
March 2026 disclosed three independent ways to drain secrets from LangChain. RecursiveUrlLoader redirects past SSRF guards. load_prompt traverses paths. LangGraph SQLite checkpoints take SQL injection. Here's every CVE and patch.
Pwn Request Meets AI Agents: How GitHub Workflows Leak Your Secrets
pull_request_target plus actions/checkout of the PR ref equals secrets in the attacker's hands. Add a Claude Code agent on top and you get exfil from a single PR. Here's the pattern and the fix.
Your $4,200 Weekend: When Prompt Injection Drains Your Anthropic Bill
Uber exhausted its 2026 AI budget months into the year. One developer burned $4,200 in three days on an autonomous refactor. Without max_tokens and rate limits, your AI app is one prompt-injection away from the same. Here's the architecture.
Cursor Security Risks: CVEs, Prompt Injection, and Code Vulnerabilities (2026)
Three CVEs, prompt injection attacks, and auto-run exploits — plus 67% of Cursor-built apps ship with critical code vulnerabilities. Here's every Cursor security risk and how to protect yourself.
v0 by Vercel: 4 Security Gaps in Every Generated App (And the Fixes)
v0 generates beautiful Next.js UI fast — but skips server-side validation, leaks API routes, and trusts client state. Here's what to check before you deploy.
Replit Agent Security Guide: What It Misses and How to Fix It
Replit Agent builds and deploys full apps in minutes. But it consistently skips auth middleware, hardcodes secrets, and leaves debug endpoints live. Here's the complete fix guide.
Your Supabase App Has No Row Level Security: A Vibe Coder's Fix Guide
Most AI-generated Supabase apps ship with RLS disabled. That means anyone with your project URL can read, write, and delete your entire database. Here's how to lock it down in 15 minutes.
Is Cursor Safe? We Scanned 100 Apps — 67% Had Critical Vulnerabilities
We scanned 100 real Cursor-built apps with ShipSafe. 67% had critical security vulnerabilities including IDOR, inverted auth, and hardcoded secrets. Here are the findings and fixes.
5 Security Vulnerabilities Every Lovable App Has (And How to Fix Them)
Lovable builds beautiful Supabase apps fast. But it consistently misses Row Level Security, leaks service role keys, and more. Here's the fix for each.
Bolt.new Security Guide: How to Ship Without Getting Hacked
Bolt.new generates full-stack apps in minutes. But without auth middleware and input validation, you're one exploit away from a breach. Here's the complete security guide.
AI-Generated Code Security: The Risks Nobody Talks About
Stanford research shows 45% of AI-generated code ships with vulnerabilities. Here's why, what types of bugs AI creates, and what you can do about it.
The Vibe Coding Security Checklist (2026): Ship Fast, Stay Safe
A complete security checklist for developers shipping AI-built apps. 20 checks across secrets, auth, injection, XSS, and configuration. Print it, pin it, use it.