ACTIVE SECURITY · v2.4 LIVE

Active security for the
AI-built web.

45% of code written by AI ships with security holes. Ripley finds them in plain English — from one link, in minutes, free to start.

https://
Free to start — no cardResults in under 5 minutesPlain English, not jargon
45%
of code written by AI ships with security holes
Veracode · GenAI Code Security Report, 2025
2.7×
more security problems than code written by humans
Veracode · 2025
2.16M
apps coded with AI shipped per month, up from 22 last year
Git Guardian · State of Secrets Sprawl 2026
$3,990
what the legacy security tools cost per year. Per seat.
Tenable Nessus · 2026 pricing
Built for

For the people who shipped without a security team.

You can build an app in an afternoon now. Ripley meets you there — same speed, no setup, no jargon.

for Lovable / v0 / Bolt builders

You shipped without a security team

Your AI wrote the login, the payments, the file uploads. Ripley reads it all and tells you what's broken — in plain English.

for Replit / Cursor solo devs

One link. We find everything.

You give us your site URL. We find every hidden page, every API, every leaked password — even ones you forgot existed.

for indie SaaS & online stores

The report your enterprise buyer asked for

Need to show a customer your app is secure? Ripley gives you the proof, in their language: PCI, LGPD, GDPR. Done in minutes.

for agencies & freelancers

Every client, every week

Manage all your clients in one dashboard. White-label reports with your logo. Catch problems before the client does.

How it works

From a paste to a clear to-do list in under five minutes.

01 / 03

Paste your link

That's it — just the URL of your app. No installs, no setup, no DNS records, no scary terminal commands.

02 / 03

We explore your app

Our AI walks through your site the way a hacker would — finding every page, every API, every hidden corner.

03 / 03

You get a clear to-do list

Plain-English problems, ranked by how bad they are, with the exact fix written for you. Copy, paste, ship.

ripley · scanning acme-shop.lovable.app
0 / 14
3Urgent
7Important
12Nice to fix
8Minor
urgent

Your checkout can be hacked to steal orders

An attacker can read or change any order in your database by changing the URL on checkout.
important

Your Stripe key is exposed in public code

Anyone visiting your site can copy it and charge cards on your account.
important

Users can see each other's data

Logged-in users can view other people's accounts by changing the URL.
Sample report

No jargon. Just what's broken and how to fix it.

Every problem starts with one plain sentence. The technical detail is there too — hidden behind a toggle — for the day you bring in an engineer or a buyer asks for proof.

  • One sentence per problem — anyone on your team can read it
  • The fix is already written. Most are 1-line edits.
  • Ranked: urgent → important → nice-to-fix
  • Share-ready for compliance, investors, enterprise buyers
report · acme-shop.lovable.app · 11:42 UTC
Live
3 urgent 7 important 12 nice-to-fix 8 minor
urgent

Your checkout can be hacked to steal orders

show technical

An attacker can read or change any order in your database just by editing the URL. They could see customer names, addresses, and what they bought.

481// /api/checkout.ts — the line your AI wrote
482const q = `SELECT * FROM orders WHERE id = '${req.body.order_id}'`;
+await db('orders').where({ id: req.body.order_id }).first();
The fix. Paste this 1-line change back into Lovable / Cursor and re-deploy. Ripley already tested it works.
important

Your Stripe key is exposed in public code

show technical

Anyone visiting your site can find this key and use it to charge cards on your Stripe account.

The fix. Move the key to your server — we'll show you exactly how. Ripley already pinged Stripe to flag it.
Pricing

Costs less than the breach.

Endpoint-based, not seat-based. Invite your whole team. Cancel anytime.

Free

$0one scan

See what's wrong with your app. No credit card, no signup.

  • 1 full scan of your app
  • Up to 10 pages or APIs
  • PDF + Markdown report
  • Plain-English problems & fixes
Most popular

Basic

$49/month

We check your app every week and ping you when something new breaks.

  • Weekly automatic re-scans
  • Up to 100 pages or APIs
  • Checks code, settings, secrets
  • Email + Slack alerts
  • See what changed since last week
  • Priority support

Advanced+ engineer

$199/month

A real security engineer on call. They fix things for you.

  • Monitored 24/7
  • Dedicated security engineer
  • Custom scan rules
  • Auto-fix via your repo
  • Compliance reports (PCI, LGPD)
  • Same-day response SLA
Vs. the incumbents

Built for the next 10 million apps, not the last 1,000 enterprises.

Ripley
Nessus
Qualys
Detectify
Entry price
$0 free, $49 / mo
$3,990 / yr
$500+ / mo
$275 / mo
Plain-English reports
partial
Zero setup, just a URL
config
Made for non-developers
Weekly auto re-scans
manual
Real engineer on call
addon
FAQ

The questions you actually have.

I'm not a developer — will I understand the report?+
Yes. Every finding starts with one plain-English sentence: what's wrong, who it affects, and how bad it is. The technical detail is there too, hidden under a toggle, for the day you bring in an engineer or a buyer asks.
Is Ripley actually attacking my site?+
No. Ripley looks at your site the same way Google does — nothing destructive, nothing that writes data, nothing that could break your app. You can opt into deeper testing later if you want.
Does it work with Lovable, v0, Bolt, Replit, Cursor?+
Yes — these are exactly who we built it for. If your app has a URL, Ripley can scan it. We have presets for the most common AI-builder stacks (Vercel, Netlify, Cloudflare Pages, Supabase, Firebase).
What happens after the free scan?+
You keep the full report — forever. Upgrade to a paid plan only if you want Ripley to re-check your app every week and ping you when something new breaks.
What if I don't know how to fix the problems?+
Each finding ships with the exact code change. Most fixes are a 1-line edit — paste it back into Lovable / v0 / Cursor and you're done. For the harder ones, the Advanced plan gets you a real security engineer to do it for you.
How does pricing work as I grow?+
We charge by how many pages and APIs your app has, not how many teammates you invite. Basic covers most indie SaaS forever. Cancel anytime, your data goes with you.

Drop a URL.
See what an attacker sees.

The first scan is free. The report is yours to keep.

https://