AI Micro-Internship · ~240 min · builder
Security-audit your own shipped project, fix 3 holes
Vibe-coded apps ship with vibe-coded security. Audit one of YOUR own deployed projects like an attacker would — exposed keys, missing input validation, doors left open — then fix the three worst holes and prove the fixes.
Steps
- 01Pick your own deployed project (only yours — auditing other people’s apps without permission is illegal).
- 02Run the basic checklist against it: API keys or secrets in the repo/client code? Form inputs unvalidated? Data endpoints readable/writable by anyone? Personal data stored that shouldn’t be? Dependencies with known issues (npm audit)?
- 03Rank what you find by damage potential. Fix the top 3 — moving secrets server-side, validating inputs, locking down access.
- 04Document each fix with the commit, and verify the hole is actually closed (try the attack again).
Tools: One of your own deployed projects, npm audit / your framework’s docs, An AI assistant for explanation
Your submission
Submit the target project, your findings ranked by severity, the 3 fixes with commits, and re-test proof. Honesty is the grade — "I found scary things" passes; "everything was fine" almost never does.