TL;DR: Claude Code writes working code. It does not secure your live app. Exposed keys, open databases, and missing rate limits still ship. Here is how to check yours before launch.
Claude Code is fast. You describe a feature. It writes the code. You ship. But there is a gap between "the code runs" and "the app is safe to launch." That gap is where most founders get hurt.
We scanned the first 100 vibe-coded apps that came through Launch Ready Code. The average score was 42 out of 100. Nearly every one had a fixable security hole. This guide shows what we find in Claude Code apps, and how to check yours in seconds. You can run a Claude Code scan on your live URL first, then read the rest.
/security-review reads code. It cannot test your live, deployed app.Is Claude Code secure? What the 2026 source leak actually revealed
Short answer: the tool is safe to use. But it made headlines in 2026, so let's clear it up.
On March 31, 2026, Anthropic shipped the wrong file. Version 2.1.88 of the Claude Code npm package included a 59.8 MB source map. It held about 512,000 lines of the tool's own TypeScript, across roughly 1,900 files. The cause was one missing line in a config file. Anthropic pulled the package within hours. They called it "a release packaging issue caused by human error, not a security breach." No customer data or keys were exposed.
So why bring it up? One reason. Even a top AI lab ships a mistake now and then. If it can happen to the people who build the tool, it can happen in the app the tool builds for you. That is the case for checking your own work, by hand or with an outside scan. It does not mean apps built with Claude Code are compromised. It means no tool removes your need to verify.
The gap Claude Code can't close: your app's runtime security
Here is the core point. A code generator writes code. It does not run your app in the wild.
Claude Code does not set your database rules. It does not turn on rate limits for your login page. It does not add the HTTP headers that block common attacks. It does not check whether your API keys leaked into the browser. Those are deployment choices. They live outside the code file.
The AI can suggest them. It cannot confirm they are live in production. That blind spot is where launches break. Your app can pass every local test and still hand its whole database to a stranger.
Take rate limiting. Ask Claude Code for a limiter and it will write one. But it will not know your login route needs it, or check that it is switched on once you deploy. That call is yours. The same is true for database rules, security headers, and where your keys live.
The security issues we find most in Claude Code apps
We sort every finding into four areas: security, reliability, performance, and monitoring. Here are the security gaps we see most in AI-built apps.
- API keys in the browser. This is our number-one critical finding. The key sits in the client bundle. Anyone can open dev tools and copy it. Our guide on how to secure API keys in a vibe-coded app shows the fix.
- Database rules turned off. Of the 100 apps we scanned, 31 shipped with Supabase Row Level Security disabled. With it off, one public key returns every row. A third-party scan of 1,072 Supabase apps found 98% had at least one flaw, and 39 let anyone read the full database. Our Supabase RLS guide covers the fix.
- No rate limits. Login, signup, and AI endpoints run with no cap. Attackers brute-force passwords or run up your API bill overnight.
- Missing security headers. No Content-Security-Policy. No HSTS. No X-Frame-Options. These headers block whole classes of attack. Most AI apps ship without them.
- Unpatched dependencies. The app pulls in old packages with known CVEs, and no one bumped the version.
- Open admin routes. An
/adminor/apipath with no auth check, live to the public.
In May 2025, a researcher found 170 Lovable apps with the database open to anyone. No login. One request with the public key. Full user data returned. Read the full postmortem.
The same failure class shows up in Claude Code apps. The tool is different. The gap is the same. Code that runs is not code that holds.
What one finding looks like
Here is a pattern we see often. The app calls an AI service straight from the browser. The key rides along in the request.
// client.js:41 — key shipped to every visitor
const res = await fetch("https://api.vendor.com/v1/chat", {
headers: { Authorization: "Bearer sk-live-9f2c..." }
});
Anyone can open client.js:41, copy that key, and spend on the founder's account. The fix is small. Move the call to a server route. Keep the key in an environment variable. The browser never sees it.
Now step back and look at the scale. That third-party scan covered 1,072 apps built this way. Only 26 came back clean. That is not a rare edge case. It is 98 in 100.
See your app's score in seconds
Free scan. Live URL. No code access. Four areas, one score out of 100.
Run the free scanBeyond security: the reliability, performance, and monitoring gaps
Security is one of four areas. The other three sink launches too.
Reliability. AI code often skips error handling. No retries. No transaction limits. One failed call and the request hangs or leaves half-written data.
Performance. We see N+1 queries and missing database indexes. The app is quick with 10 users. It crawls at 1,000.
Monitoring. This is the quiet killer. Most AI-built apps ship with no error tracking at all. A payment fails at 2am and no alert fires. You hear about it from an angry user, or from churn. You cannot fix what you cannot see. It is the single most-skipped control we scan for.
How to run a Claude Code security audit (the 30-second URL scan)
You do not need your code for a first pass. You need your live URL. That is where real attackers start. Here is the method we use.
- Point the scan at your live app.
- It checks what is public: headers, exposed keys, open endpoints, database access.
- It scores each of the four areas.
- You get a Launch Readiness Score out of 100.
We map findings to the OWASP Top 10 and CWE Top 25. Each one gets a severity, P0 to P3. P0 means fix before launch. Our methodology page lays out all four scan areas in full.
Why start with the URL? Because on day one, that is all an attacker has. They do not have your repo. They have your domain. A URL scan meets them there.
This differs from a code scanner. Tools like Snyk read your repo and need code access. They miss what only shows up in the live deployment. A URL scan tests the running app, the way an attacker sees it. Both have value. Most founders skip the second one.
Your pre-launch Claude Code security checklist
Run this before you ship. If you cannot tick a box, that is a launch blocker.
- No API keys in client-side code. Move them to server-side environment variables.
- Database rules on. Row Level Security enabled, with real per-user policies. Not
USING (true). - Rate limits set on login, signup, and any AI endpoint.
- Security headers live: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy.
- Dependencies updated. No known CVEs in your lockfile.
- Auth on every
/adminand/apiroute. - Error tracking on, so failures page you, not your users.
- HTTPS forced everywhere, with the HSTS header set.
Copy this. Check each box. This is the section worth bookmarking before your next release.
Get your Launch Readiness Score
Scan your live app free in seconds. Want the full report, ranked with a fix and a time estimate per issue? The $499 Launch Readiness Audit has it.
Run the free scan See the $499 reportWhen to bring in a human: from free scan to fractional CTO
Claude Code has a built-in /security-review command. It reads your diffs and flags risky patterns, like injection and auth gaps. Use it. But know the limit. A generator that reviews its own code cannot test your live deployment. It cannot confirm your database rules hold in production. It cannot tell you error tracking is missing. Independent checks close that gap.
Here is the path we suggest, from free to fully done for you.
- Free scan. Your live URL, scored in seconds. Start here.
- $499 Launch Readiness Audit. The full report. Every finding, ranked, with a fix and a time estimate, benchmarked against 200+ audited apps.
- $149/mo monitoring. Daily scans as you ship new code.
- Code Care. A human fractional CTO fixes the issues as pull requests you approve.
Not sure which step fits? Use a simple rule. If your score is above 80 and you ship rarely, the free scan and a one-time report are enough. If you push new code every week, add monitoring so a fresh change cannot reopen an old hole. If security is not your job and you would rather hand it off, that is what Code Care is for.
The free scan takes seconds. A leaked database costs far more. For the full method behind all four scan areas, see our vibe coding security guide. Then check your app before someone else does.
Frequently Asked Questions
Is Claude Code safe to use?
Yes. The tool is safe. The risk is what ships in the app it builds: exposed API keys, open databases, and missing rate limits. Those are deployment gaps, not tool bugs.
Can Claude Code find security bugs in my app?
Its /security-review command reads your code and flags risky patterns. It cannot test your live app or confirm your database rules work in production. An outside URL scan does that.
What is the most common security issue in AI-built apps?
API keys exposed in client-side JavaScript. It was the top critical finding across the first 100 apps we scanned. Move keys to server-side environment variables.
Does a Claude Code security audit need my source code?
No. A URL-based scan tests your live, deployed app, where attackers start. You can add a code review later for deeper coverage.
How much does a Claude Code security audit cost?
The live scan is free. A full Launch Readiness Audit report is $499, one time. Ongoing monitoring starts at $149/mo. Code Care adds a human CTO who fixes the issues for you.