Welcome to geist — AI & Security.
geist intelligence is the all-in-one AI, cyber and online partner.
We build AI systems that take over real work, then attack them with the same methods a real adversary would and harden them until they hold.
Built in Germany.
EU AI Act ready.
Runs on your own servers.
What you'll find in this channel:
News on AI, security and tech, plus a look inside what we build and break.
Build. Attack. Govern.
geist intelligence is the all-in-one AI, cyber and online partner.
We build AI systems that take over real work, then attack them with the same methods a real adversary would and harden them until they hold.
Built in Germany.
EU AI Act ready.
Runs on your own servers.
What you'll find in this channel:
News on AI, security and tech, plus a look inside what we build and break.
Build. Attack. Govern.
Another week, another Lovable app cracked open.
We ran a security review on a client's "production-ready" Lovable build. Time to full data access: under an hour.
Same story every time:
– API keys shipped straight in the client bundle
– No row-level security, so any user can read every user's data
– Auth that's only checked in the browser — skip the UI, hit the backend, it hands you everything
This isn't a Lovable bug. It's the whole model. Vibe coding generates the happy path and nothing else. The AI writes what looks like an app; it never writes the security layer, because you never saw it, so you never asked for it.
A demo that logs in is not a product. The second real user data sits behind it, "it works" and "it's safe" stop being the same sentence — and Lovable only ever ships the first one.
If it's live and it holds real data, get it reviewed before someone does it for free.
@theaiteen
We ran a security review on a client's "production-ready" Lovable build. Time to full data access: under an hour.
Same story every time:
– API keys shipped straight in the client bundle
– No row-level security, so any user can read every user's data
– Auth that's only checked in the browser — skip the UI, hit the backend, it hands you everything
This isn't a Lovable bug. It's the whole model. Vibe coding generates the happy path and nothing else. The AI writes what looks like an app; it never writes the security layer, because you never saw it, so you never asked for it.
A demo that logs in is not a product. The second real user data sits behind it, "it works" and "it's safe" stop being the same sentence — and Lovable only ever ships the first one.
If it's live and it holds real data, get it reviewed before someone does it for free.
@theaiteen
👻4