For vibe coders & solo builders

You shipped fast with AI.
Make sure security kept up.

Paste your URL and see exposed API keys, missing headers, vulnerable libraries, and the misconfigurations most common in Supabase, Lovable, and Base44 apps - like a publicly readable database - in 15 seconds, free, no account needed. Upgrade only if you want the full-site AI agent to keep digging.

Features for vibe coders

Everything you need is on the free tier.

Free

Scanning

Single-page instant scan

Paste any URL and get a complete security snapshot across all 8 layers in under 15 seconds. No account, no setup.

Free

Scanning

8-layer security analysis

HTTP/TLS, HTML, network traffic, JavaScript CVEs, tag managers, third-party supply chain, platform misconfigurations, server/CMS software CVE checks, and AI synthesis all run on every scan.

Free

Platform Security

Vibe-coded platform security

Detects the most common security failures in apps built with Lovable, Supabase, Base44, Bubble, and similar AI app builders - publicly readable databases, exposed service_role keys, and known platform CVEs.

Free

Scanning

JavaScript CVE detection

Retire.js + OSV database checks against every JS library identified on the page. Pinpoints the exact file and version with the CVE ID linked.

Free

Scanning

HTTP security headers

Full checklist of CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, cookie flags, CORS, and server version disclosure.

Free

Scanning

Security score and grade

Every scan produces a weighted 0-100 score and A-F grade calculated from finding severity across all 8 layers. Comparable across scans over time.

Free

Scanning

IP address & bare domain scanning

Scan a bare domain or IP directly - no scheme required. Automatically tries HTTPS, HTTP, and common alternate ports, and always reports what it found.

Starter

AI Investigation

Source map analysis

When an exposed .map file is found, the agent fetches it and reconstructs original source to check for hardcoded secrets and internal architecture leaks.

Free

Reports

AI executive summary

Plain-English summary of your security posture written by an LLM that has read all findings holistically. Readable by a CTO, auditor, or board member.

Free

Reports

Shareable public link

Every free report gets a public URL you can send to a developer, client, or auditor. Sign up to save reports to your account permanently.

Pro

Automation

MCP server for AI agents

Let Claude, Cursor, or any MCP-compatible AI agent trigger scans and poll results directly - create_scan, get_scan, list_scans, and wait_for_scan tools, no glue code required.

Pricing

Start free. Stay free, if that's all you need.

Most solo builders never need more than the free tier - upgrade later if you start shipping client work or need scheduled scans.

Free

£0
  • 1-page scan per submission
  • All 8 scan layers
  • Vibe-coded platform security scan (Supabase, Lovable, Base44 & more)
  • AI executive summary
  • Scan history in your account
  • Re-scan and delete anytime
  • Shareable public link
Create free account

Starter

Popular
£29/ month
  • Full AI agent investigation
  • Up to 50 pages per scan
  • Per-finding remediation guidance
  • DNS & SSL/TLS security analysis
  • PDF evidence export
  • Scheduled recurring scans
  • Scan comparison reports
  • Email alerts for new criticals
Get started

Pro

£79/ month
  • Everything in Starter
  • Up to 200 pages per scan
  • ISO 27001 / SOC2 control mapping
  • Remediation tracking
  • Team access and finding assignment
  • Slack and webhook notifications
  • API access
  • Audit evidence packages
  • Audit activity log
Get started

Enterprise

Full DAST
£99/ month
  • Everything in Pro
  • Active Security Testing (DAST)
  • Independent Active Testing Score
  • Forced browsing, CORS, reflected-input probes
  • Authenticated scan mode (session capture)
  • Enable active testing via API / MCP
  • Priority support
Get started