▍ Press kit

vibecheck press kit.

Everything you need to write about vibecheck — the one-line, the 30-second pitch, citation-ready stats, brand assets. If you need anything else, email [email protected] and we'll get back within a day.

Fact sheet

The one-pager.

What it is: Free read-only security inspector for AI-generated apps. Runs against any deployed URL. Detects exposed credentials, open Row-Level Security policies, leaked API keys, missing security headers, JWT misconfigurations, exposed sourcemaps, and CORS / CSP weaknesses.
Who it's for: Solo developers and small teams shipping apps with Lovable, Bolt.new, v0 by Vercel, Replit Agent, Windsurf, GPT-Engineer, and similar AI app builders.
Founded: May 2026. Part of The Meridian Lab.
Pricing: Free tier (unlimited single-URL scans, all 23 detector families, 173 rules, autofix RLS policy SQL). Paid: Pro $29/mo, Team $99/mo, Bespoke runbook $19 one-off.
Stack: TypeScript on Cloudflare Pages with Pages Functions. KV-backed anonymized findings feed.
Agent integration: Self-contained skill manifest at /skill.md; MCP server at /api/mcp; npm CLI @vibecheck/cli; stateless JSON API at /api/scan.
Press contact: [email protected]
Security disclosure: [email protected]
Live URL: vibecheck.themeridianlab.com

Citation-ready stats

Memorize these. Sourced and time-stamped.

~11% of indie launches expose Supabase credentials in frontend code. Source: SupaExplorer scan of ~20,000 indie launch URLs (January 2026).
20% of organizations using vibe-coding platforms have public-facing database misconfigurations. Source: Wiz Research, March 2026.
98% of vibe-coded apps have at least one security flaw. Source: SymbioticSec scan of 1,072 vibe-coded apps.
Moltbook leaked 1.5M API tokens and 35K emails three days after launch. January 2026 incident; database had Row-Level Security disabled.
10.3% of Lovable showcase apps have critical RLS failures. Source: SupaExplorer scan of 1,645 Lovable showcase apps (CVE-2025-48757, CVSS 8.26).

Full breach catalogue at /breaches. Detection rule reference at /llms-full.txt.

Ready-to-paste copy

Five formats. One click each.

One-line positioning

vibecheck is a free read-only security inspector for AI-generated apps. Read-only by design. No agent, no SDK, no signup.

30-second pitch

AI app builders like Lovable, Bolt, and v0 ship working apps in minutes. They don't ship security. ~11% leak Supabase keys in client JS, ~20% have public-readable databases, and the Moltbook breach in January was 1.5M tokens out of a vibe-coded social network three days after launch. vibecheck is a 5-second read-only scan against any deployed URL — finds the leaks, generates the fixes, and links straight into your CI. Free forever; we charge for continuous monitoring.

vibecheck.themeridianlab.com — free read-only security scan for AI-built apps.

Detects exposed Supabase keys, open RLS, leaked Stripe / OpenAI / GitHub keys.

5 seconds. No signup. Built for the wave of stuff shipping out of Lovable, Bolt, v0, Replit.

Boilerplate (50 words)

vibecheck is a free read-only security inspector for AI-generated apps. Built for solo developers and small teams shipping on Lovable, Bolt.new, v0 by Vercel, and Replit Agent. Detects 15 families of vulnerabilities including exposed credentials, open Row-Level Security policies, JWT misconfigurations, and missing security headers. Made by The Meridian Lab.

Boilerplate (100 words)

vibecheck is a free read-only security inspector for AI-generated apps. Solo developers and small teams shipping on Lovable, Bolt.new, v0 by Vercel, and Replit Agent paste a deployed URL and get back a security report in 5 seconds. The scanner detects 23 families of vulnerabilities — leaked Supabase keys, open Row-Level Security policies, exposed Stripe / OpenAI / Anthropic tokens, public S3 buckets, JWT mistakes, missing security headers, exposed sourcemaps — across 60+ secret patterns and 173 rules total. For Supabase findings, vibecheck generates ready-to-paste Row-Level Security policy SQL. Coding agents invoke vibecheck via the self-contained skill manifest at /skill.md. The free tier stays free forever. Made by The Meridian Lab.

Brand assets

OG images and downloads.

Open Graph image

1200 × 630 PNG · 32 KB

Download PNG

Blog post OG sample

1200 × 630 PNG · 32 KB

Download PNG

Fix guide OG sample

1200 × 630 PNG · 31 KB

Download PNG

About The Meridian Lab

Three narrow tools. Same skeleton.

The Meridian Lab is a small studio building infrastructure for the post-AI internet. Each product is narrow, opinionated, and shipped with the same restraint.

AgentProof — the postal inspector. Detects AI agents in your inbox; stamps each message HUMAN / AGENT / SEQUENCE.
Greyline — electronic countermeasures. A reverse proxy that detects autonomous AI agents probing your API and deploys a counter-agent to interrogate, delay, or mislead them.
vibecheck — the building inspector. The product on this page.

Quick links for journalists

About vibecheck — long-form positioning
Breach tracker — citable incidents
The vibe coding security guide — pillar reference
Anatomy of the Moltbook breach — forensic case study
llms-full.txt — machine-readable policy + catalogue
/skill.md — agent-readable manifest
For agent builders — MCP, CLI, JSON API

Try the inspector