AI-built app launch security checklist
Before an AI-built app gets shared publicly, check the things attackers can inspect without an account: exposed files, missing headers, public source maps, auth edges, and deployment metadata.
Start with the public surface
Check auth paths and rate limits early
Treat security headers as launch infrastructure
Look for exposed build context