AI Optimizes for Function, Not Security—Prompt It Explicitly
AI tools like Claude produce fully functional code riddled with exploits because they prioritize your stated functional goal (e.g., "build a login page") over unmentioned security. A derivai experiment showed the same prompt yielding 3 major vulns (no session management, auth checks, stored XSS) without a security system prompt, but zero with one. Stanford research (Perry et al.) found AI-assisted developers wrote more vulnerabilities than manual coders, with higher confidence in their insecure code. Backslash Security tests revealed even top models like Claude 3.7 Sonnet generated vulns 40% of the time, GPT-4o 72%. Real-world fallout: Moltbook AI-built social network exposed 1.5M API tokens and 35K emails in 3 days. Fix by making security explicit: use prompts like "Act as a senior security engineer... check OWASP Top 10" post-feature, rating findings critical/high/medium/low with code fixes.
7 Manual Checks Catch OWASP Top 10 in 30 Minutes
Each 2-5 minute test uncovers common vibe-coding pitfalls; run them pre-deploy to block exploits like those in JS-Blanket (prototype pollution, DoS recursion, regex bypasses, code execution via toJSON, mutable exports).
Exposed Secrets: grep -rn "api_key|secret_key|database_url" --include="*.js" --include="*.ts" --include="*.py" . and git log -p --all -S 'sk-'. Bad: literal strings like "sk-abc123". Fix: Prompt AI to use env vars, add startup checks, .gitignore .env. Block upfront with awesome-claude-hooks PreToolUse script.
Auth Bypass: Incognito access to /dashboard; curl -i https://yourapp.com/api/users/me or /api/users/2 with session. Bad: 200 OK sans auth or other-user data. Fix: Server-side middleware for 401/403.
Input Injection: Paste <script>alert(1)</script>, '; DROP TABLE users; --, {{7*7}} into fields. Bad: JS alerts (XSS), SQL behavior changes (injection), rendered math (template inj). Fix: Server sanitize, parameterized queries, HTML-encode.
Error Leakage: curl -i https://yourapp.com/api/users/99999999, malformed JSON, wrong method. Bad: Stack traces, DB names, paths. Fix: Generic prod errors, log server-side, NODE_ENV=production.
Dependency Vulns: npm audit or pip audit. Bad: High/critical like lodash <4.17.21 prototype pollution. Fix: Update or patch.
HTTPS/Headers: Load http://, curl -sI https://yourapp.com, securityheaders.com. Bad: No redirect, missing HSTS/CSP/X-Content-Type-Options/X-Frame-Options (D/F grade). Fix: Redirect middleware, add headers.
Exposed Routes: curl -i /admin, /debug, /swagger, /.env. Bad: Non-404 responses, docs, env dumps. Fix: Auth docs, 404 unknown routes, block sensitive files.
These map to 6 OWASP Top 10 categories most exploited in AI code, turning open doors into locked ones.
Automate and Enforce Security in Workflows
Post-feature, paste the OWASP prompt into AI for findings with fixes. For consistency, use agent-workflow-kit's Sentinel subagent (@"SENTINEL (agent)" review): threat-models assets, data flows, STRIDE analysis, OWASP remediations. Enforce by default via OpenSSF rules file (.cursorrules/CLAUDE.md) baking security into every generation.
Immediate actions: Run checks/script now, CI npm/pip audit, prompt-review per feature (+10 min), fix criticals (secrets/auth) first. JS-Blanket fixes (null-protos, depth limits, frozen exports, CI audit) prove even seniors miss AI-blind spots—check before others exploit.