I noticed over the past year the biggest problem with vibe coding tends to be the security issues.
it's definitely a problem that's gonna be hit to some degree by Claude code to work this stuff in as is, naturally with the prompts.
until that point, I figured the best thing to do would be to make something of my own to handle security (felt it'd be the best approach to not work with ai tools). so here's what I've been working on since around vibe coding first started showing these effects.
I'll try and cut the technical/security buzzwords here and I'll get more in depth in anyone has questions
i tried to approach the project like how I as a developer would want across its whole infrastructure, so aspects like business model, visual / technical design, approach to various systems, anything, but also mix that with a more scalable approach in terms of actually selling something like this. I settled on combining inclusion of all technical tools I'd want to have building with AI, and further without, with an approachable and scalable in interface and way of working with tools.
Basically just a security toolkit for building stuff on a faster and simpler level, however that might be for the user. Generally the target audience is devs with less or little to no experience w/ cybersecurity and compliance, which many don't . It'll got all the core features for actively detecting, stopping and informing the user of threats and a ton more. I call the main process "block, throttle, isolate, alert"
Main features as of right now:
•Real-time threat detection (RASP: SQLi, XSS, SSRF, etc.)
•Autonomous defense engine (block, throttle, isolate, alert)
•API security (OpenAPI/GraphQL validation, rate limiting, abuse detection)
•Dependency intelligence (SBOM, CVE correlation, license compliance)
•Cloud posture management (multi-cloud asset assessment, drift detection)
•Compliance automation (SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS)
•AI risk analytics (anomaly detection, breach probability, attack path analysis)
•Incident response (lifecycle management, playbook automation)
•Basic audit logging
•Basic user management
•Dashboard UI (Next.js/Electron)
super basic it's not releasable yet and there's still a ton I want to add. anyone with recommendations reply to this
thanks