Client-side payment and access bypass: the bug AI apps ship constantly

The rule: never trust the client

Everything that runs in the browser — your JavaScript, the values in it, the requests it sends — can be read and changed by the person using it. That's not a hack; it's how the web works. DevTools is built into every browser.

So when an AI assistant writes 'if (user.isPro) { showPremiumFeature() }' and decides user.isPro in the browser, it has built a lock whose key is printed on the door. The user can set isPro to true, call the 'pro-only' endpoint directly, or edit the request — and your server, trusting what it's told, says yes.

What it looks like in an AI-built app

Tier checks in the frontend: the UI hides paid features but the API behind them doesn't re-check that the caller actually paid. Calling the endpoint directly returns the data anyway.

Role from the client: an 'admin' flag stored in the browser or passed up in the request, instead of looked up on the server from the authenticated user.

Prices and IDs sent by the browser: the client posts the amount to charge or the product to grant. An attacker simply changes the number.

The fix: decide it on the server

Every sensitive decision — is this user authenticated, what's their real plan, are they allowed to do this, what should this cost — must be made on the server, from data the server trusts (the authenticated session and your own database), not from anything the browser sent.

Concretely: verify the session on the server in each protected route; look up the user's plan and role from your database, not the request body; and never accept a price or entitlement from the client. For payments, confirm the charge with your payment provider server-side (e.g. Stripe webhooks) before granting access.

VibeShield's passive scan focuses on exposed secrets and open databases (the leaks it can see from outside without touching your backend), so use this server-side rule as your manual checklist for payment and access logic — it's the one an outside scan can't fully see for you.

Frequently asked questions

Can't I just hide the API endpoint to protect it?

No. Anything the browser can call, an attacker can find and call directly. Obscurity isn't protection — the endpoint itself has to verify who's calling and whether they're allowed.

Why can't VibeShield just detect payment bypass automatically?

Confirming a real bypass means actually calling your backend as if you were an attacker, which we won't do without verified ownership. Our passive scan finds the leaks visible from the outside; payment/access logic is a server-side check you confirm yourself or with an ownership-verified test.