AI coding assistants ship code that compiles, runs, and looks correct in review. They also ship three specific classes of vulnerabilities that aren't in their training data — because the training data is GitHub, and GitHub doesn't store the bugs people fix in private branches before pushing. Cursor, v0, Lovable, and Bolt have all materially changed what the average MVP looks like under the hood. They haven't changed what an attacker tries first.
This post is for the founder who built their MVP with an AI assistant, never wrote the auth middleware themselves, and is about to put it in front of paying customers. You can do most of this audit in an afternoon. The parts you can't are the parts worth paying for.
If you ship a Cursor-generated MVP without doing the BOLA check below, you will be in the news. Maybe not today. Maybe not your launch week. But within 90 days of your first 100 users, someone bored will iterate your /api/items/1 endpoint to /api/items/2, and the only thing standing between you and a disclosure email is whether you wrote one WHERE clause correctly.
The AI-coded MVP attack surface
A human writing their first Express or Next.js API tends to forget one or two security checks. An LLM completing a route handler tends to forget the same one or two — every single time. The bias is consistent enough that you can predict the bug from the prompt.








