Built with Cursor?

Cursor writes the code. We check it.

Cursor can take you from idea to live app in hours. That was unimaginable in the very recent past. But while it may look great, launching to your audience before checking the code with a qualified professional leaves you exposed to minor bugs at best, and large, serious security flaws at worst.

Request a review
45%of AI-generated code fails security tests (Veracode 2025)
40%+of Cursor-generated code contains security flaws
2-5xmore dependencies added per feature vs human developers

The subtle problem: Cursor's code looks clean and professional. That is actually part of the risk. Issues like invented package names, quietly removed security checks, and broken auth flows can pass a casual review because the surrounding code looks so sensible.

We review all AI-generated code Including apps built with:
Lovable Bolt Cursor and any other AI coding tool
What we find

The issues Cursor does not tell you about.

These are the most common problems found in Cursor-built apps.

critical
Your app may be running code from a stranger
If you installed everything Cursor suggested without checking, you may have a package in your project doing something you never intended. This is known as slopsquatting and it is a growing attack vector.
critical
Your secret keys are in the wrong place
Anyone visiting your app can find these keys in seconds using browser developer tools. They can use them to access private data, impersonate your application or run up charges on your accounts.
high
Security logic gets quietly removed during edits
Your app can become less secure with every edit without anyone noticing. The code looks cleaner but the protection is gone.
high
Your server trusts whatever the browser sends
Anyone with basic technical knowledge can skip the browser entirely and send whatever they want directly to your server. If the server does not check it independently, it will accept it.
high
Any user can access any other user's data
Change one number in a URL and you may be looking at someone else's order, profile or private document. This is one of the most common and serious issues we find.
medium
Your app is carrying unnecessary risk in its dependencies
Every dependency is a potential entry point. We check every package in your project against trusted registries and flag anything that should not be there.
How it works

Here is exactly what happens.

No calls required. No technical knowledge needed on your end. Just share your code and we do the rest.

01

Share your code

GitHub link or ZIP file. We will tell you exactly how to export from Cursor if you need help.

02

A real developer reviews it

A vetted senior developer goes through your code using our GVO checklist, built specifically for AI-generated codebases.

03

You get your GVO Score

A score out of 100. Every issue explained in plain English: what it is, why it matters, how serious it is.

04

Optional: we fix it

Upgrade to Audit and Fix and we give you custom prompts to resolve every issue, then re-audit once you have made the changes.

Pricing

The price of peace of mind.

A security incident, a failed launch, or a user who never comes back costs far more than a review.

Lite Review
£650
Full Review
£2,499
Monthly Partner
Custom
What it is A focused check of the critical risks and biggest red flags in your code. A complete review of everything — security, architecture, compliance and long-term scalability. An ongoing technical partner who checks every build before it reaches your users.
Best for Anyone who wants to launch with confidence knowing the most serious issues are covered. Anyone who wants the full picture before scaling, fundraising or onboarding paying customers. Teams building constantly with AI tools who want every release properly checked.
Areas covered Lite Full Monthly
Structure
Project structure and organisation YesYesYes
Code quality
React architecture and code quality YesYesYes
Database
Supabase architecture and database design YesYesYes
Security
Authentication and authorisation YesYesYes
Security vulnerabilities and risks YesYesYes
AI-specific code patterns and risks YesYesYes
Performance
Performance and scalability NoYesYes
Testing coverage and quality NoYesYes
Infrastructure
DevOps, CI/CD and deployment NoYesYes
Observability and error handling NoYesYes
Compliance
Accessibility and UX quality NoYesYes
Documentation and team practices NoYesYes
Business continuity and compliance NoYesYes
Report and output
GVO Score out of 100 YesYesYes
Plain English report YesYesYes
Findings prioritised by severity YesYesYes
Technical roadmap NoYesYes
GVO Badge for your site NoYesYes
Ongoing review partnership NoNoYes
Request a review Ask us anything

Not sure which option is right for you? Just get in touch and we will help you figure it out.