Each tier goes deeper into your app's attack surface. Surface-level checks are free. The real vulnerabilities hide behind login.
Scans your app without logging in, like a bot or beginner hacker would. Finds your Supabase project and probes everything reachable with the anon key.
"Walking up to every door and checking if it’s locked."
The surface scan finds unlocked doors. AI verification opens them, inspects the contents, and writes lockdown instructions.
"Opening every unlocked door and analysing what’s inside."
Signs in as a real user and checks if User A can access User B’s data. Catches broken RLS policies that look fine from the outside.
"Checking if hotel guests can enter each other’s rooms."
Continuous monitoring
Security isn't a one-time check. Every deploy can introduce new vulnerabilities. Ongoing Guard watches your app and re-scans automatically — free for all signed-in users. Pro users get deeper AI verification on each re-scan.
The free scan catches the obvious things: exposed tables, leaked keys, open storage buckets. But most AI-generated apps have subtler problems.
An LLM might write RLS policies that look correct but fail under specific conditions. It might create an API endpoint that exposes admin data to any logged-in user. These issues only surface when you test with real authentication and chain requests together — which is exactly what the Pro tiers do.
See what's exposed in 40 seconds
No signup required. Free surface scan, instant results.