RS357: I Got Hacked
This week on the Rogue Startups, Craig gets roasted. He brought in experienced software engineer Brandon Hancock after building the AI-powered SaaS app Outlier largely through “vibe coding,” so Brandon could audit the entire codebase live during the episode. The result? An honest but useful breakdown of what happens when non-technical founders ship fast with AI tools. Brandon digs into real security risks, common architecture mistakes, and the best practices every founder should follow when building AI-driven products. If you’re launching SaaS with tools like Next.js, Supabase, and Claude, or simply adding AI features to your existing product, this episode offers practical lessons on building faster without accidentally breaking everything. Check the episode out on YouTube to see Brandon dig through Craig’s code onscreen. Highlights from Craig and Brandon’s conversation: What “vibe coding” looks like when building a real production startup How a single exposed Supabase key can create major security risks Why row-level security is critical for protecting user data Using AI to audit code and uncover vulnerabilities in minutes Simple fixes that dramatically improve SaaS security Why many AI code review tools miss critical issues The danger of exposing backend clients in frontend code How server actions can replace many API endpoints Best practices for managing database migrations with Drizzle ORM Why staging environments save founders from catastrophic production mistakes The difference between moving fast and building responsibly How to structure AI documentation for better development workflows Using task templates to teach AI your coding standards Practical lessons for founders building SaaS products with AI tools Resources and Links from This Episode Shipkit.ai: https://www.shipkit.ai/ Brandon on LinkedIn: https://www.linkedin.com/in/brandon-hancock-ai Brandon’s website: https://brandonhancock.io/ Brandon on YouTube: https://www.youtube.com/@aiwithbrandon Rogue Startups on YouTube: https://www.youtube.com/@roguestartups Castos Free Tools: castos.com/tools Email me: [email protected] Find me on Twitter: @TheCraigHewitt If you feel like Rogue Startups has benefited you, and it might benefit someone else, please share it with them. If you have a chance, give Rogue Startups a review on iTunes. Do you have any comments, questions, or topic ideas for future episodes? Feel free to reach out to me: T...
Audio is streamed directly from the publisher (episodes.castos.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
This week on the Rogue Startups, Craig gets roasted. He brought in experienced software engineer Brandon Hancock after building the AI-powered SaaS app Outlier largely through “vibe coding,” so Brandon could audit the entire codebase live during the episode. The result? An honest but useful breakdown of what happens when non-technical founders ship fast with AI tools.
Brandon digs into real security risks, common architecture mistakes, and the best practices every founder should follow when building AI-driven products. If you’re launching SaaS with tools like Next.js, Supabase, and Claude, or simply adding AI features to your existing product, this episode offers practical lessons on building faster without accidentally breaking everything.
Check the episode out on YouTube to see Brandon dig through Craig’s code onscreen.
Highlights from Craig and Brandon’s conversation:
- What “vibe coding” looks like when building a real production startup
- How a single exposed Supabase key can create major security risks
- Why row-level security is critical for protecting user data
- Using AI to audit code and uncover vulnerabilities in minutes
- Simple fixes that dramatically improve SaaS security
- Why many AI code review tools miss critical issues
- The danger of exposing backend clients in frontend code
- How server actions can replace many API endpoints
- Best practices for managing database migrations with Drizzle ORM
- Why staging environments save founders from catastrophic production mistakes
- The difference between moving fast and building responsibly
- How to structure AI documentation for better development workflows
- Using task templates to teach AI your coding standards
- Practical lessons for founders building SaaS products with AI tools
Resources and Links from This Episode
- Shipkit.ai: https://www.shipkit.ai/
- Brandon on LinkedIn: https://www.linkedin.com/in/brandon-hancock-ai
- Brandon’s website: https://brandonhancock.io/
- Brandon on YouTube: https://www.youtube.com/@aiwithbrandon
- Rogue Startups on YouTube: https://www.youtube.com/@roguestartups
- Castos Free Tools: castos.com/tools
- Email me: [email protected]
- Find me on Twitter: @TheCraigHewitt
If you feel like Rogue Startups has benefited you, and it might benefit someone else, please share it with them. If you have a chance, give Rogue Startups a review on iTunes.
Do you have any comments, questions, or topic ideas for future episodes? Feel free to reach out to me:
- Twitter: @TheCraigHewitt
- LinkedIn: Craig Hewitt
- Email: [email protected]