AI wrote your app.
Kelp finds the doors it left open.
The security agent for vibe-coded apps. We probe your backend the way an attacker would — with real user context, no theatre — and hand you the fix, ready to paste back into whatever AI tool built it.
An excerpt from an actual dispatch. Nothing invented, nothing dramatised.
Three classes. Real evidence. No wall of warnings.
We cover the vulnerabilities that actually breach AI-generated apps, and we ship a fix for each. Everything else is honestly out of scope.
Row-Level Security, checked policy-by-policy.
Kelp reads your Supabase schema and finds the tables and columns anyone can read or write. Fixes ship as an owner-scoped policy you can review before running.
Secrets exfiltrated by the frontend.
Service-role keys, Stripe secrets, and OpenAI tokens committed to the client bundle. Kelp opens a pull request that moves them to env vars and flags rotation.
Broken object authorization, actively probed.
With your consent, one authenticated user tries to reach another's data by ID. It's the exact failure behind the loudest public breaches of AI-generated apps.
Connect, scan, fix. In that order.
Connect
Sign in with GitHub and link your Supabase project. Scoped tokens only — the service_role key stays in your project.
Scan
Kelp reads your schema and code, then runs authorized probes. Every request is logged in your audit trail.
Fix
Read a plain-language report, apply ready-made fixes with one click, and stay covered on every push to main.
Proven, not theoretical.
Every finding Kelp files has been reproduced. Our executor re-runs the model's exploit before it becomes a ticket — no observable, no finding. That's why our reports are shorter than a scanner's, and why every line is real.
Agents reason, adversaries prove.
Kelp's agents form hypotheses freely; the executor accepts them only when the exploit reproduces against your actual endpoints, with real user context.
Auth model as ground truth.
Before any finding is filed, Kelp derives your app's auth model — cookies, CORS, JWTs, one-time tokens — and refuses findings that don't survive it. No CSRF cries on bearer-JWT apps.
Full transcript per finding.
Every finding ships with the reasoning, the probe, and the response. Not a black box — the receipt for exactly how we know.
Simple, per-project, no seat count.
Every plan gets the same three checks. Paid plans add continuous cover, auto-fix, and priority review.
One full scan, report only.
- 1 project
- All three checks
- Full findings report
Continuous cover for your app.
- 1 project
- Continuous scanning
- Auto-fix for RLS & secrets
- Re-scan on every push
For studios shipping many apps.
- Up to 5 projects
- Everything in Starter
- Priority human review
- Email alerts
What people ask before they connect a repo.
Do I need to give Kelp my Supabase service-role key?
No. Kelp connects with a scoped Management API token, and we are moving to a per-project read-only Postgres role. Your service-role key never leaves your project.
Will Kelp change anything in my code without asking?
Never. Fixes for secrets are opened as pull requests against a fresh kelp/… branch, never pushed to your default branch. Database fixes are proposed as migrations you review and run yourself.
How is active testing safe on my production app?
Every campaign runs through a hard consent gate you accept per project — no consent, no probe. Evidence is stored as category plus count, never raw customer data, and every request is auditable.
Does Kelp claim to find every vulnerability?
No. We cover a small set of high-impact classes with high precision — the ones that actually breach AI-generated apps. Real fixes for RLS, secrets, and broken authorization beat a forty-page report of maybes.
Scan your app before your users do.
Connect a GitHub repo, accept the consent, and see your first findings within ten minutes. Free plan is a real full scan, not a teaser.