Implement robust security features to prevent prompt and API key leakage in AI prototyping platforms

I Vibe Coded my way to an app and launched it. Then the problems began 😮 Firstly I was alerted that the AI system prompt was leaking each time a network request was made Since the app is just a fancy UI wrapper over an LLM + a system prompt, this was akin to spilling the only true added functionality provided Anybody could just copy and paste the system prompt and feed it on their own to a GPT But the problems didn't stop there Soon I realized an even more serious issue: APIs keys were getting leaked as well and could easily be scraped from the Network tab This would give anybody on the internet access to all the 3rd party systems integrated with the app (OpenAI, DB, Email, etc) Not mention that a malicious actor could drain my AI credits... Ouch! Vibe Coding platforms create beautiful frontend interfaces but their support for server-side and backend functions is nonexistent All logic resides in the frontend, include sensitive information such as Secret Keys, API Keys, email addresses, passwords and more The only way to fix this would be to migrate it all to backend functions Since the app was more than a 1 pager and involved a number of different flows, the codebase had become fairly large and the Vibe Coding platform wasn't really handling the total number of tokens I assume this is because the context window was overloaded, making it less effective with each prompt costing millions of tokens At this point I would classify the app as a fully functional demo / MVP that 'works' albeit with serious security flaws Now if I was non-technical and didn't know how to code, deploy and debug, this is where my vibe coding journey would end I would either need to hire a developer, take down the app, or continue running it with extreme vulnerabilities I chose option #1 (hiring myself) The journey began by migrating all frontend logic to server-side functions, something that wasn't supported by Vibe Coding Basically it meant I was on my own from here on in Don't get me wrong I still used a mix of LLMs to get directions, tips and code snippets, but putting it all together at this point was on me After migrating all custom logic to backend functions and eliminating frontend API calls there was another problem: The cloud platform being used for deployments had an inbuilt max timeout for function execution set at 30 seconds Since my calls to ChatGPT involved processing times of 30 seconds or more, this led to a broken flow and poor UX So migrating the entire deployment to a different cloud platform with a higher function timeout time was required At this point I was forced to started developing locally, integrating with git, monitoring server-side functions, etc This resembled more of a full on coding operation and less of a hands off Vibe Coding experience My 2 cents from it all: Vibe coding is awesome for kickstarting projects, creating boilerplate code and building demos For production ready apps, it's not there yet