How to check if my Bolt.new app is vulnerable?

Deploy your Bolt.new application to a staging environment and run a security scan to identify vulnerabilities before going live. Key things to check include exposed secrets in your JavaScript bundle, missing authentication on API routes, and absence of security headers. Review your CORS configuration to ensure it is not set to wildcard, and verify that database queries use parameterized statements. UNPWNED performs automated checks across more than 30 security categories specifically relevant to AI-generated applications like those built with Bolt.new.