1
Ask HN: Is there any founder building non AI startup in 2026?
Ask HN: Is there any founder building non AI startup in 2026 ?
Just curious to know what other founders are building around and what are current challenges.
GCP has no native kill switch for compromised API keys. Budget alerts lag 4-12 hours. By the time they fire, the damage is already done.
CloudSentinel polls raw request counts via GCP Cloud Monitoring every minute and revokes the key automatically when a threshold is crossed. No human in the loop. Confirmed working in production.
cloudsentinel.dev — 14-day free trial, no credit card.
Just curious to know what other founders are building around and what are current challenges.
- $128,000 — small company in Japan, caught it at $44K, shut everything down, charges kept accumulating, Google denied the adjustment request
- $82,314 — 3-person startup, Gemini API key silently reused, normal monthly spend was $180
- $55,444 — student, key leaked on GitHub during summer break, discovered months later
- ~$75,000 — student in India building a blood cancer detection tool, received legal threats from Google
The root cause in every case: GCP billing data lags 4-12 hours. By the time a budget alert fires, the damage is already done. There is no native automatic kill switch.
The only reliable real-time signal is `serviceruntime.googleapis.com/api/request_count` via Cloud Monitoring, which has a 3-5 minute ingestion delay. Budget alerts don't use this — they use billing data.
Has anyone else dealt with this? Curious how teams are protecting themselves today.
---------- ---------- What's New in 2.0:
License Compliance: Automatically checks if your open-source dependencies comply with legal requirements, helping you avoid costly legal issues.
Docker Container Security: New insights into risks in container images, with actionable recommendations for improving security.
AI-Enhanced Vulnerability Scanning: Vulert Code Guard (coming soon) uses AI to detect if your app is actively using vulnerable functions from open-source libraries, helping you focus on real threats.
SBOM Export & Reports: Export your app dependencies as SBOMs, and generate vulnerability reports in PDF format.
Application Manager: Configure settings, and integrate with Jira to auto-create issues when vulnerabilities are found.
---------- ---------- Why Vulert?
Open-Source Growth, Increasing Risks: With the average organization using 1,700 open-source tools, the risk of vulnerabilities is skyrocketing.
Targeted Attacks on Open-Source: Attackers are increasingly exploiting open-source components, and traditional security tools often miss the mark.
Lack of Effective Solutions: Most existing tools are integration-heavy, require full access to your codebase, or are expensive. Vulert provides a lightweight, cost-effective solution.
---------- ---------- Vulert’s Approach:
Privacy-First: No need to inspect your code. Just upload your open-source list (e.g., package-lock.json).
Proactive: Receive alerts for new vulnerabilities as soon as they’re reported.
Affordable: Pay only for the modules you need, starting at $10/month per application.
---------- ---------- How It Works:
Continuous Monitoring: Stay up-to-date with security advisories across all your dependencies.
Real-Time Alerts: Get notifications about new vulnerabilities or threats in your dependencies.
Fast Response: If a critical vulnerability is detected, you’ll get an immediate alert.
---------- ---------- Key Features:
Interactive Dashboard: See your app's security health at a glance.
CI/CD Integration: Automatically catch vulnerabilities during development.
SIEM Integration: Works with tools like Splunk for continuous monitoring.
---------- ---------- Modules Available:
Open Source (SCA): Monitors for vulnerabilities in your open-source dependencies.
License Compliance: Checks your dependencies for license issues and legal risks.
Container Security: Analyzes container images for security issues.
SBOM Export: Generates CycloneDX-formatted SBOMs for security and compliance.
Code Guard (Coming Soon): AI-powered tool to identify vulnerable functions in your app code.
---------- ---------- Try our Vulert Playground to test your app’s security with no sign-up required. Upload your manifest file and get a risk assessment.
Useful Links:
Vulert Demo Dashboard: https://vulert.com/demo-login?demo=true Vulert Playground: https://vulert.com/abom Vulert Vulnerability Database: https://vulert.com/vuln-db Vulert Blog: https://vulert.com/blog
---------- ---------- Join the Open-Source Security Movement: We’re looking for feedback on Vulert 2.0. Feel free to ask questions, suggest improvements, or share your thoughts on how we can help make open-source software more secure.
https://vulert.com/vuln-db/packagist-laravel-framework-128248
It's been a challenging journey, nearly two years of relentless effort, and yet our startup has faced its fair share of setbacks. We've chosen to bootstrap our venture because we believe in proving our concept before asking anyone to invest their hard-earned money into it. However, despite our dedication, progress has been slow, and we've hit roadblocks right from the start.
The journey in our industry is incredibly tough, especially for startups like ours, and as tech founders, the hurdles seem insurmountable at times. The giants in our industry pour vast sums into advertising, amounts that surpass what we've spent building our vision.
We're genuinely frustrated and uncertain about our future, but we remain determined to make it work. The support of this community could be a turning point for us, and we are immensely grateful for any assistance you can offer, be it trying out our product or spreading the word.
For almost two years, we've been diligently working on our product, and while we've managed to attract some free users, the leap to paid users has proved to be elusive. We find ourselves at a crossroads, in need of your support. If our product aligns with your needs, we implore you to consider giving us a chance. We aren't a well-known or affluent company; we are just a small startup striving to make a difference. All we ask is for your trust and a chance to prove ourselves.
Thank you for taking the time to read our story and for considering how you might support us on our journey.
p.s: What is our product: Despite the hardships, we've been dedicated to building a product we wholeheartedly believe in. For nearly two years, we've been developing Vulert, a tool that vigilantly monitors your open-source dependencies for potential vulnerabilities, suggests remedies, and ensures compliance with licensing requirements – all without the need for installation or access to your codebase. Vulert can seamlessly integrate into your CI/CD pipeline, making it a valuable asset for any tech team.
url: vulert[dot]com
Yours sincerely, Dawood
As many are aware, the US government now mandates vendors to provide SBOMs (Software Bill of Materials) - essentially detailing the open-source components used within their products. At Vulert, we've developed a cutting-edge software composition analysis tool tailored for efficient SBOM management.
# The challenge? New vulnerabilities in open-source software emerge daily, and malicious actors are becoming adept at injecting harmful content into these software components, jeopardizing businesses globally.
Vulert addresses this head-on. Upload your SBOM or any manifest file, and our platform proactively monitors and alerts you in real-time if your organization's software stack is impacted by any emerging vulnerability.
To demonstrate our commitment to the community and ease of use, we've established a playground. Here, you can assess vulnerabilities in your manifest or SBOM file with no sign-up necessary.
- Give it a spin: https://vulert.com/abom
For a deeper dive, visit vulert.com or feel free to reach out directly at ceo@vulert.com. Looking forward to your insights and feedback!
# Why invest in Vulert?
- Rapidly growing user base.
- Tapping into a multi-billion-dollar market.
- Innovative, integration-free approach to software composition analysis.
- Dedicated team with deep expertise in cybersecurity.
We believe in a future where cybersecurity is intuitive and accessible for all. If you share our vision and see the immense potential in what we're building, let's connect. We're ready for the next big leap – and with your partnership, we can make it together!
Contact us at info@vulert.com for more details or to schedule a conversation.
We've just revamped our open-source vulnerability database and we're proud to say we're updating faster than most, including Snyk and Mend. Case in point: check out our comprehensive breakdown of CVE-2023-40582, which isn't yet on other platforms: https://vulert.com/vuln-db/CVE-2023-40582.
Would love your feedback and insights . Together, we can make Vulert the go-to in open-source security.
Cheers!
Vulert discovered over 30 vulnerable dependencies in enzyme-to-json npm package with 840k+ weekly downloads. Secure your code by reviewing the vulnerabilities here: https://vulert.com/vuln-scan/list/522d310a-10ea-4e45-8515-d5558e1aeff1
Best
Thrilled to announce! Vulert can detect and monitor security issues within the Software Bill of Materials (SBOM) provided by your vendor.
For those who may not be familiar, an SBOM is essentially a nested inventory or list of the various components that make up a software product. In fact, US Law now mandates that government agencies must obtain SBOMs for any new products they purchase.
You can experience this game-changing technology for yourself without any hassle. Simply visit our website at https://vulert.com/abom and try it out today - no signup or credit card required!
I would love to hear your feedback.
Thanks
Dawood