Lumen Apps LogoLumenApps
Software Development with AI: Balancing Speed and Security
5 minDevelopment

Software Development with AI: Balancing Speed and Security

The rise of AI has transformed the world of software development. New AI models (LLMs) make it possible to build software, especially Minimum Viable Products (MVPs), faster than ever. Tools like Bolt, Lovable and Replit are incredibly popular and accelerate this process. With these tools, a functional start of an application can often be generated from just a few text prompts. Below is an example of Bolt, an AI tool.

Bolt AI example

It's amazing how quickly an application can be built now. It boosts our productivity and efficiency. However, there's also a hidden danger. As development becomes easier, the temptation to skip crucial steps grows stronger. AI does all the work, and we just hope for the best. Surely it will always turn out okay?

Unfortunately, not always. It often leads to messy code and insufficient error handling. Furthermore, security is frequently overlooked. This can have painful consequences, as one developer discovered when examining websites built with another AI tool, Lovable:

Lovable security issue example

Or consider this developer who used Devin AI, an AI agent. An AI agent is an AI that completely takes over your workflow and executes it autonomously. Devin made a mistake that led to 6.6 million unnecessary events with an external service, resulting in a bill of $733. Add to that Devin's subscription price of $500, and the total costs amounted to $1233. Painful!

Devin AI Serverless Horror example

The Costs of Insecurity

On https://serverlesshorrors.com/, you can find more stories of sky-high bills from external services due to unforeseen events, or more often, due to inadequate security. This often means insufficient thought or implementation effort was given to secure the application. Causes include, for example:

  • Unwanted database injections: malicious code is inserted to gain access to your data.
  • Insecure API handling: poorly secured gateway to your system or data.
  • Weak authentication: too easy to get inside the application
  • DDoS attacks: your server is overwhelmed by a flood of requests..
  • Broken access control: users can access data or actions they shouldn't have access to.

The consequences are often catastrophic:

  • Sensitive user information is exposed
  • APIs and databases are overwhelmed by massive amounts of requests
  • Storage fills up.
  • Bills for external services skyrocket.
  • Your application crashes

For a start-up, such a nightmare can mean the end of a promising idea.

Building with Certainty

However, it can be done differently. We can combine the speed of AI with careful attention to detail. At LumenApps, we take this seriously. We combine the speed of modern tools with a robust approach to security.

Secure Hosting Infrastructure

We prefer to host applications with parties like Cloudflare, one of the largest global players in cybersecurity, which also offers worldwide, fast hosting. Cloudflare provides many security layers by default:

  • Automatic (invisible) CAPTCHAs (Turnstile)
  • Protection against malicious bots (Bot Fight Mode)
  • Web Application Firewall (WAF)
  • SSL/TLS Encryption
  • And comprehensive monitoring. Much of this is included in their free plan!

An example of how security is built into Cloudflare:

Cloudflare security example

Security in the Codebase

Besides protecting the hosting platform, security within the application's codebase itself is also necessary. Some examples:

  • Rate Limiting: Limits the number of requests per user to prevent overload.
  • Input Validation: Checks all input (both frontend and backend) for malicious code.
  • Caching: Stores data smartly to avoid unnecessary (and expensive) database requests and increase speed.
  • Secure Keys: Sensitive API keys are stored securely, not just placed in the codebase
  • Two-Factor Authentication (2FA): An extra layer of security for logging in
  • Row-Level Security (RLS): Ensures users in the database only have access to the data intended for them.
  • Logging & testing: Helps detect potential flaws before the application goes live.

Preparation is key

Security shouldn't be an afterthought, it must be considered from the very beginning. Good preparation and planning are essential. At LumenApps, we use Markdown (.md) files to clearly document the architecture, workflow and planning

Architecture documentation example

Result?

By combining the speed of AI with a thoughtful approach to security, applications are not only secure, but they can also go live quickly and are scalable. This way your startup or idea can grow and a lot of stress is avoided. Build smart, Build secure!

Need an idea or a tool developed quickly and securely? Get in touch via https://www.lumenapps.dev/en and let's talk!