ash_47Q: Code checking for Cyber security vulnerability
Could you explain what cybersecurity checks your AI no-code app builder performs? I’m especially interested in authentication, encryption, audit logs, vulnerability scanning, compliance certifications, and how you manage security updates.
Thanks
Ash
Shubham_Questera
Jul 10, 2025A: Great question!
Greta generates secure code using best practices (env vars, Supabase auth, hashed passwords if used). But since it’s an AI code generator, it doesn’t run automated vulnerability scans or enforce compliance out of the box.
You can review, export, and enhance the code yourself — and we recommend adding your own audit/logging/security layers if needed for production use. Full security stack + compliance partnerships is on our roadmap once the production app generation is done, we have to optimize for that first.
Thats an entirely separate problem space if you want to go deep in it so you might wanna check different platforms like Vanta for these certifications similar to what we did for Greta itself with SOC2 compliance etc.
This product doesn't really provide those cybersecurity features out of the box. If it did, it would likely be in a completely different price range—probably one that most of us couldn't afford. So, if you need proper authentication, encryption, logging, and compliance-level security, you’ll need to implement them yourself on top of the app you build.
Thank you for the reply. I asked because some of them do it as part of the iterations cycle. Maybe that is something you can work on next? It is an important feature, especially for those of us who have no coding skills. If I use this to develop an idea for the customer and it leads to a cyber security incident I will get the blame and be liable.
On that note does your AI self correct or does it do its own automated iterations to improve its own code to be a more robust full stack application?
@ash_47
That’s exactly why we still need professional developers—at least for now. Personally, I use this tool to quickly build a prototype or a basic structure, and then I refine or extend it myself.
In my view, this kind of no-code AI service is great for early-stage ideas, internal tools, or side projects.
But for production-level apps—especially those with complex logic or security requirements—it’s not quite there yet. The current stage of AI just isn’t ready to replace the full scope of secure software engineering.
Also, vulnerability scanning and security auditing are specialized fields, with dedicated tools and services for good reason.
Well said, nothing to add here except that SOME security is implemented via RLS settings in Supabase but overall I agree, its not quite there yet.