The Problem

AI tools like Cursor, Lovable, and Claude Code are amazing at building apps fast. But they consistently make the same security mistakes: open RLS policies, exposed API keys, missing auth checks, unsigned webhooks.

Existing scanners only check from the outside — HTTP headers, DOM structure, basic config. They see "RLS: enabled" and say you're safe. But USING(true) means your database is wide open.

Our Approach

Sekrd connects to your Supabase project via read-only API access and your Firebase project via a Viewer-scoped service account. We read the actual SQL of every RLS policy. We parse every Firestore security rule. We probe your auth endpoints. We check your Stripe webhook signatures. All access is strictly read-only. We never modify your data or configurations.

Then we give you copy-paste fix prompts tailored to your IDE — Cursor, Lovable, or Claude Code. Fix each issue in seconds, not hours.

Open Source

Our security rules and community contributions are open source. We believe security knowledge should be accessible to everyone building with AI.

GitHub

The Problem

Existing scanners only check from the outside — HTTP headers, DOM structure, basic config. They see "RLS: enabled" and say you're safe. But USING(true) means your database is wide open.

Our Approach

Then we give you copy-paste fix prompts tailored to your IDE — Cursor, Lovable, or Claude Code. Fix each issue in seconds, not hours.

Open Source

Our security rules and community contributions are open source. We believe security knowledge should be accessible to everyone building with AI.

GitHub

About Sekrd

The Problem

Our Approach

Open Source

About Sekrd

The Problem

Our Approach

Open Source