Unchecked AI code leaves traces. On their own they look harmless; together they're a reliable signal: nobody reviewed this anymore. And where nobody reviewed, the security basics are usually missing too.
The typical traces
- Default templates: „Get started by editing
app/page.tsx", leftover framework start pages, Vite/Next logos in the footer. - Placeholder content: lorem ipsum, „Your title here", example addresses, stock text that was never replaced.
- Comment leftovers: „TODO: add auth", „FIXME", commented-out test logic right in the shipped code.
- Generic copy: „We offer innovative solutions…" – text that fits every industry and therefore none.
What the traces reveal about security
Whoever doesn't clean up the default template most likely also didn't set security headers, validate inputs or remove keys from the frontend. The visible leftovers indicate the invisible holes. Some traces are even the hole themselves – a default admin password from a tutorial, or a commented-out but shipped test key.
What you should do
Clean up before going live: remove template leftovers and placeholders, delete comments containing secrets, replace generic text with real copy – then scan the site from the outside. What you can see in the source, every attacker can see too.
Check in 10 seconds
The Vibe Check looks specifically for these AI code patterns and reports them alongside the security risks behind them – free and with nothing stored.
Scan your site in 10 seconds →