All internships

AI Micro-Internship · ~240 min · builder

Security-audit your own shipped project, fix 3 holes

Vibe-coded apps ship with vibe-coded security. Audit one of YOUR own deployed projects like an attacker would — exposed keys, missing input validation, doors left open — then fix the three worst holes and prove the fixes.

Steps

  1. 01Pick your own deployed project (only yours — auditing other people’s apps without permission is illegal).
  2. 02Run the basic checklist against it: API keys or secrets in the repo/client code? Form inputs unvalidated? Data endpoints readable/writable by anyone? Personal data stored that shouldn’t be? Dependencies with known issues (npm audit)?
  3. 03Rank what you find by damage potential. Fix the top 3 — moving secrets server-side, validating inputs, locking down access.
  4. 04Document each fix with the commit, and verify the hole is actually closed (try the attack again).

Tools: One of your own deployed projects, npm audit / your framework’s docs, An AI assistant for explanation

Your submission

Submit the target project, your findings ranked by severity, the 3 fixes with commits, and re-test proof. Honesty is the grade — "I found scary things" passes; "everything was fine" almost never does.