You do not need OWASP to use AI well. You do need a few habits.
If you are on the director track, the risk is simple: you can now ship software you did not personally write. That is power. It is also how secrets leak, ports stay open, prompt injection slips through, and demo code becomes public code without anyone noticing the boundary moved.
Who this is for
- People vibe coding their first real tool
- Parents, mentors, or managers reviewing AI-built work they did not write
- Anyone who can say what they want and spot wrongness, but cannot yet audit every line of code
- Anyone about to put a demo on the internet
The four rules
- Never treat secrets like prose. API keys, tokens, passwords, and OAuth JSON files do not belong in chats, screenshots, git history, or published examples.
- Local first, internet later. A thing running on
localhostis a build. A thing on a public port is an exposure event. Know when you crossed that line. - Ask for evidence, not reassurance. "It should be fine" is not a review. Ask what ports are open, what files it can read, what domains it can call, and what tests actually passed.
- If other people touch it, slow down. The moment a tool touches strangers, money, credentials, or shared data, the standard changes. Add rate limits, boundaries, logs, and a second look.
What to ask the agent before you ship
You do not need to know the answer to these questions yourself. You do need to ask them.
Before we deploy this, audit it like a cautious reviewer. Tell me: 1. What secrets, tokens, keys, or credentials this project uses 2. What ports, routes, or admin surfaces it exposes 3. What files or directories it can read and write 4. What external URLs, domains, or APIs it calls 5. Whether any user input can reach HTML, shell commands, file paths, or prompts 6. What the weakest part of the current design is If anything is risky, tell me what to fix before deployment.
Fast red flags
- The app binds to
0.0.0.0or a public port and nobody has said who should be able to reach it - There is a real key in a screenshot, chat, repo, or config file meant for sharing
- The agent fetches random URLs or reads arbitrary pasted text and then takes actions without review
- There is a hidden admin route, debug mode, or test endpoint you would not want a stranger to find
- The AI says "I fixed it" but there is no failing test, no reproduction, and no visible check
This page is the habit layer. Use Before You Deploy for the final checklist, and Prompt Injection for the specific trust problem that appears when pages, documents, and pasted text can steer an agent.
What good looks like
A good first deployment is small, boring, and reversible. The app knows its boundary. The secrets are not in the repo. The routes are intentional. The agent has less power than you think it wants. The logs tell you what happened. And if something feels off, you can turn it off quickly.
That is enough. Security for directors is not mastery. It is refusing to ship blind.
Related pages
- Before You Deploy A concrete last-pass checklist before anything goes public.
- Prompt Injection Why fetched pages and pasted text are part of the prompt surface.
- Build a Chatbot One of the clearest places where trust boundaries, allowlists, and public exposure matter fast.