// Practical guide
Security checklist for AI-built SaaS
Where to start when the SaaS is already live
If you built the product with AI and it already has login, billing, or a customer testing it, the question is not "is it 100% secure?" — it is "where can it release wrong access right now?". This checklist organizes the first review around real flows, not theory.
The rule is simple: each item inspects a path that, if it breaks, becomes lost revenue, data exposure, or a blocked B2B sale. You do not need to do everything at once; you need the order.
- Map the flows that touch money, access, and data before reading code.
- Prioritize what a malicious user reaches with an ordinary account.
- Record evidence without pasting sensitive data into the material.
Access and authentication
Most incidents in small SaaS do not come from exotic exploits: they come from loose access control. Confirm that every route returning data checks who is asking and whether that person may see that specific record.
- Login with rate limiting, brute-force lockout, and expiring sessions.
- Protected routes enforced on the server, not just hidden in the front-end.
- IDOR: changing an id in the URL must not return another customer’s data.
- Password reset and invites must not become account takeover.
Billing, paid plans, and checkout
AI-built products often get the "paid" vs "access granted" boundary wrong. Price must come from the server, the webhook must be signature-verified, and plan access must only unlock after real payment confirmation.
- Price and plan defined on the server, never trusting the client.
- Provider webhook verified by signature and idempotent.
- Downgrade, refund, and cancellation leave no orphaned paid access.
Per-customer data, uploads, and AI
In multi-tenant SaaS, every query must carry the tenant scope. Uploads must validate type, size, and destination. And if you use an AI agent with tools, the boundary of what it can execute is part of the attack surface.
- Tenant isolation on every read and write.
- Uploads validated for type/size and never executed at the destination.
- AI agents with least privilege and no over-broad tokens.
What to do with the result
Sort each finding into three lanes: fix now, watch, and validate with a human. A signal touching revenue, customer data, or a B2B sale should not die as a suspicion — that is when a paid human review or a scoped manual test earns its place.
Frequently asked questions
Does this checklist replace a pentest?
No. It organizes the first review and helps you prioritize. When a signal touches access, paid plans, data, or a B2B sale, the next step is a human review (Risk Review) or a scoped manual pentest.
Does it work for apps built in Lovable, Bolt, v0, or Replit?
Yes. The checklist inspects real product flows (login, billing, data, uploads), not the tool that generated the code. It applies to any AI-built SaaS.
My SaaS is still small. Does it make sense to review now?
Yes, if you already have users, billing, customer data, or a commercial promise. The earlier you separate signal from noise, the cheaper the fix.