Brandon's background and audit goals

This week on the Rogue Startups, Craig gets roasted. He brought in experienced software engineer Brandon Hancock after building the AI-powered SaaS app Outlier largely through “vibe coding,” so Brandon could audit the entire codebase live during the episode. The result? An honest but useful breakdown of what happens when non-technical founders ship fast with AI tools. 

Brandon digs into real security risks, common architecture mistakes, and the best practices every founder should follow when building AI-driven products. If you’re launching SaaS with tools like Next.js, Supabase, and Claude, or simply adding AI features to your existing product, this episode offers practical lessons on building faster without accidentally breaking everything.

Check the episode out on YouTube to see Brandon dig through Craig’s code onscreen.

Highlights from Craig and Brandon’s conversation:

• What “vibe coding” looks like when building a real production startup
• How a single exposed Supabase key can create major security risks
• Why row-level security is critical for protecting user data
• Using AI to audit code and uncover vulnerabilities in minutes
• Simple fixes that dramatically improve SaaS security
• Why many AI code review tools miss critical issues
• The danger of exposing backend clients in frontend code
• How server actions can replace many API endpoints
• Best practices for managing database migrations with Drizzle ORM
• Why staging environments save founders from catastrophic production mistakes
• The difference between moving fast and building responsibly
• How to structure AI documentation for better development workflows
• Using task templates to teach AI your coding standards
• Practical lessons for founders building SaaS products with AI tools

Resources and Links from This Episode

• Shipkit.ai: https://www.shipkit.ai/ 
• Brandon on LinkedIn: https://www.linkedin.com/in/brandon-hancock-ai 
• Brandon’s website: https://brandonhancock.io/ 
• Brandon on YouTube: https://www.youtube.com/@aiwithbrandon 
• Rogue Startups on YouTube: https://www.youtube.com/@roguestartups 
• Castos Free Tools: castos.com/tools
• Email me: podcast@roguestartups.com 
• Find me on Twitter: @TheCraigHewitt

If you feel like Rogue Startups has benefited you, and it might benefit someone else, please share it with them. If you have a chance, give Rogue Startups a review on iTunes. 

Do you have any comments, questions, or topic ideas for future episodes? Feel free to reach out to me:

• Twitter: @TheCraigHewitt
• LinkedIn: Craig Hewitt
• Email: podcast@roguestartups.com