About RedSight

AI app security, built by people who've seen what goes wrong.

RedSight is a security scanning platform purpose-built for the new wave of AI-generated web applications. Tools like Lovable, Base44, Bolt, and v0 make it incredibly fast to ship — but speed creates blind spots. Exposed Supabase tables, leaked API keys in JavaScript bundles, missing auth on critical endpoints, wide-open CORS. We find all of it.

We don't run a generic vulnerability scanner. RedSight was designed from scratch to understand how AI code generators build apps — the patterns they use, the shortcuts they take, and the security gaps they leave behind. Every scanner, every engine, every detection rule is tuned for this stack.

What we scan for

SQL injection, exposed secrets in JS bundles, broken authentication flows, insecure headers, BaaS misconfigurations (Supabase & Firebase), API abuse vectors, SSL/TLS issues, email security (SPF/DKIM/DMARC), supply chain risks, platform-specific CVEs, exposed git repositories, and multi-step attack chains — all tested automatically with proof.

How it works

RedSight performs automated, read-only scans by sending standard HTTP requests to URLs you provide. We never modify, write to, or alter your systems. Every finding comes with real evidence — actual responses, headers, and data that prove the vulnerability exists. No guesswork, no checklists.

Why we built this

Vibe coding changed everything. You can go from idea to deployed app in an afternoon — that's genuinely amazing. But the tools that make it possible weren't built with security in mind. They optimize for speed, not safety. And the people using them aren't supposed to be security experts — they're creators, founders, builders who just want their thing to work.

That's the gap we're here to close. You shouldn't need to know what CORS misconfiguration means to be protected from it. You shouldn't have to audit your Supabase RLS policies by hand. You shouldn't have to wonder whether your AI-generated login flow actually checks passwords correctly.

We believe everyone who ships a site deserves to know if it's safe — whether it's a weekend project, a startup MVP, or a business running on a no-code stack. Security shouldn't be a luxury that only teams with dedicated AppSec engineers can afford. One scan, real answers, plain language. That's what we're building toward.