Blog

Writing for founders who ship software.

Honest posts on stuck products, AI-native development, the build-vs-hire decision, and what each industry actually needs from the software you put in front of it.

Latest

Vibe coding security

May 28, 2026 · 6 min read

The four things we look for when we audit a vibe-coded app.

Every AI-built app we audit has at least one of these four gaps. Most have three. None of them require code-writing to detect. All of them require knowing where to look.

Read the post →

All writing

Browse by latest

Vibe coding security

An AI-built EdTech app exposed 4,538 UC Berkeley and UC Davis student accounts. The marketplace closed the ticket without a response.

18,697 user records leaked. Minors likely on the platform. The founder built the app with good intentions and shipped before they knew what row-level security was. This is one answer to the question of whether vibe coding security risk is theoretical.

May 25, 2026 · 5 min read

Vibe coding security

AI-generated code has 2.74x more security flaws than human code. Here is the research, and what it means for your launch.

Peer-reviewed studies from 2025 and 2026 put the exploitable vulnerability rate in AI code between 40 and 62 percent. In our Q1 2026 assessment of more than 200 vibe-coded apps, 91.5 percent had at least one hallucination flaw. The data is now hard to ignore.

May 19, 2026 · 5 min read

Vibe coding security

Moltbook leaked 1.5 million API auth tokens three days after launch. The founder had never heard of row-level security.

A breakdown of how an AI-built product can ship a working authentication system and still expose every user. The pattern shows up in almost every vibe-coded app we audit.

May 13, 2026 · 5 min read

Stuck products

Five tells your software project is dead, and what to do at each stage

Non-technical founders rarely get a clean signal that their build has gone off the rails. By the time it is obvious, the runway is mostly gone. Here is how to read the warning signs earlier.

May 12, 2026 · 4 min read

Vibe coding security

Five thousand vibe-coded apps just leaked their users' data. There was no breach. There was no hacker.

RedAccess scanned the open web this month and found public S3 buckets, unprotected Supabase tables, and open API endpoints exposing medical records, Fortune 500 documents, home addresses, and hotel reservations. The AI that built the apps did not configure storage permissions, and the founders did not know to check.

May 11, 2026 · 6 min read

Pillars

What we write about.

Vibe coding security

Apps built with AI look fine on the surface. The data is wide open underneath. Audits, patterns, and case studies.

Stuck products

Diagnosing, recovering, and rescuing software that lost its way.

AI-native builds

How to wire AI into products from day one, not bolt it on later.

Build vs hire

Decision frameworks for non-technical founders sizing up engineering options.

Industry playbooks

What home services, construction, legal, restaurants, franchise, and healthcare actually need from software.

Founder mental models

Broader thinking for non-technical founders managing technical work.

Need help on a stuck product or a new build? The diagnostic is free.

Run the diagnostic Book a call