The AI-builder safety problem, and what Turtini does about it
Vibe safely.
An independent scan of 48 apps built on Lovable, Bolt, and Replit found 90% had at least one security vulnerability. The platforms didn't do the security work. Turtini did.
The scan
What a public audit found inside vibe-coded apps.
Findings from a public scan of 48 AI-builder-generated repos. Source: r/vibecoding. We're not naming the competitors — the numbers speak.
90%
Had at least one security vulnerability
44%
Had auth gaps — routes anyone could hit
33%
Had Postgres functions bypassing row-level security
25%
Had BOLA/IDOR — change-an-ID-in-the-URL exposure
25%
Had environment / config files committed to the repo
21
Average security findings per app
The one thing developers got right: almost nobody committed actual API keys. The .env lesson got through. Everything else? Still wide open.
How we close it
Six places where AI-built apps leak, and six places Turtini doesn't.
The issue
Auth gaps on API routes
AI builders
AI builds the login page but forgets to gate the routes behind it. The door exists. The lock doesn't.
Turtini
Every Cloud Function on Turtini checks the caller's auth in the first lines of the handler. Routes that are intentionally public are documented and rate-limited at the edge.
Verified by audit →The issue
Privilege bypass at the data layer
AI builders
When Postgres permissions get in the way, AI adds SECURITY DEFINER. The error goes away. The function now runs as superuser. Every user can read every row.
Turtini
Turtini's analog — Cloud Functions using the Admin SDK — re-authorizes per-callable. Firestore Security Rules are the safety net, not the only gate. Audit-validated 2026-05-13.
Security architecture →The issue
Change-the-ID-in-the-URL exposure
AI builders
AI writes `WHERE id = $input` without an ownership check. Anyone who can guess an ID can read anyone's data.
Turtini
Every multi-tenant document on Turtini lives under `orgs/{orgId}/...` and is gated by `canRead(orgId)` / `canEdit(orgId)` / `canAdmin(orgId)` helpers in our Firestore rules. The org id is server-trusted, not user input.
Data residency + tenant isolation →The issue
Secrets in the repo
AI builders
25% of scanned vibe-coded apps had `.env` or config files committed. API keys, database URLs, JWT secrets — straight in the git history.
Turtini
Every real secret on Turtini lives in Google Secret Manager, keyed per-org. Turtini's own Credentials Ledger shows you exactly what we hold and where it lives — no abstractions, no marketing copy hiding the truth.
Credentials ledger →The issue
The AI itself as a leak surface
AI builders
Most AI-builder platforms route every prompt through their own AI vendor account, on a model they picked. Your data crosses their boundary on every chat — and you don't get a say in which model sees it.
Turtini
Wally Sovereignty: any model, any cloud. Point Wally at Anthropic-compatible endpoints (Bedrock, Bedrock GovCloud for FedRAMP High / IL5, Vertex EU for data residency) OR at OpenAI-compatible endpoints (vLLM serving open-weight Llama / Mistral / Granite on your hardware, OpenAI Direct, Azure OpenAI, your own gateway). Prompts and responses never traverse Turtini's infrastructure.
Wally sovereignty →The issue
No reversibility, no audit
AI builders
AI writes to your database directly. If it gets something wrong — or a malicious prompt convinces it — there's nothing to undo, and no trail of who did what.
Turtini
Every Wally write previews before it commits, lands in a per-org audit log, and is reversible for 24 hours via the activity log. Financial writes additionally append to a hash-chained ledger so any retroactive edit is detectable.
How Wally works →Why it's like this
LLMs are optimized for code that runs. Not code that survives attack.
Security is adversarial. It means thinking about what happens when someone deliberately tries to break your assumptions. Models aren't trained for that mode — they write code that works. They don't write code that survives attack.
That's the part Turtini takes off the table. The platform's primitives — multi-tenant isolation at the data layer, per-callable authorization, customer-controlled AI endpoints, an audit log on every write, a transparency page that lists every credential we hold for you — exist so the AI-generated parts of your business don't inherit the AI-generated parts' weaknesses.
Vibe with AI. Ship without the holes.
See it yourself.
Every claim on this page links to the surface inside Turtini that proves it. Open an account and audit each one — the Credentials Ledger lives at /settings/credentials; the Wally Sovereignty toggle lives at /settings/wally; the audit log shows every action with the actor, timestamp, and diff.