I’m building Picklock, a minimalistic bug bounty platform that helps small startups and indie hackers run simple bounty programs or a Vulnerability Disclosure Program (VDP) — without all the overhead.
Recently, I’ve noticed more indie founders — especially non-technical ones — are shipping entire products with AI assistance. But often, the code written by LLMs isn’t vetted for security. This leads to a scary trend: products getting hacked shortly after launch, damaging trust and burning early users.
Picklock is my attempt to fix that. Think of it like a Bugcrowd or HackerOne, but purpose-built for early-stage startups and AI-coded products. The idea is to connect hackers looking to earn bounties with founders who want to secure their products early, before things break.
What makes Picklock different?
Built for early-stage, vibe-coded products.
Focus on AI-generated code and solo/indie builders.
Lightweight — no bloated dashboards or complex onboarding.
Resources and guidance to help founders not get pwned.
Check it out https://picklock.47labs.io/ and if it resonates, please consider joining the waitlist. Your support would mean a lot — I’d love to understand if this is something the community needs.
Thanks! row