The five security holes every vibe-coded app ships with
Lovable, Bolt, Cursor, and v0 ship the same five vulnerabilities every single time. Specific, reproducible, and exactly what an attacker looks for first.
Read the post →Technical writing from the team — on what breaks in production AI, how DPDP Act and RBI FREE-AI apply to your stack, and what shipping AI to paying customers actually looks like. No thought leadership. No hype. Specific, useful, cited.
Lovable, Bolt, Cursor, and v0 ship the same five vulnerabilities every single time. Specific, reproducible, and exactly what an attacker looks for first.
Read the post →Plain-English walkthrough of when an AI system makes you a Data Fiduciary under DPDP Act 2023, what the obligations are, and what the ₹250 crore penalty actually attaches to.
Read the post →Cross-tenant retrieval leakage is the most under-diagnosed vulnerability in production RAG systems. Where namespace isolation breaks, what to test, and how to fix it at the architecture level.
Read the post →Plain-English breakdown of RBI FREE-AI — the 7 Sutras, the 6 pillars, Annex V and VI templates, and the 4-phase rollout. What NBFCs and banks need in place before Phase 3 mandatory audit.
Read the post →A complete, sanitised indirect prompt injection chain — from a poisoned document through a RAG pipeline to user-data exfiltration. How it propagates, how to detect it, how to fix it.
Read the post →The specific list of things that separate a working demo from an AI system you can run for paying customers — auth, monitoring, rate limits, escalation, and the unglamorous work the demo skipped.
Read the post →