Pinned
💎
⭐
7h •
I'm hosting a new event about making money with AI automation
Here's why you should attend: Over two days at AIS Live, every speaker is someone actively earning from AI services, and they show their actual work. The real projects they sell, how they get clients, the numbers behind it. It just opened to the public, and right now you can save $50. But only through Sunday: -> Go here for details: https://app.aiautomationsociety.ai/ais-live/register/
Pinned
💎
⭐
8h •
🚀New Video: 100 Years of Artificial Intelligence Explained
This one's a little different, but I had fun putting it together. I hope you guys find it interesting! 100 Years of Artificial Intelligence Explained, and it starts with a 26-year-old building something in his parents' bedroom and a code that took an entire war to crack. I walk through the whole timeline: the two winters that nearly killed the field, the approach everyone wrote off as a dead end, and the single move that made a world champion walk away. This is 100 Years of Artificial Intelligence Explained, and honestly we're just getting started.
Pinned
🔥
4d •
🏆 Weekly Wins Recap | May 23 – May 29
From $64K+ in closed deals to first paid projects, first workflows, and first technical builds - this week inside AIS+ showed what happens when builders stop consuming and start moving. Some wins were big money. Some were first steps. Both matter. 🚀 Standout Wins of the Week inside AIS+ 👉 @Jacob West closed two deals in one week — a $22.5K custom software build for a local gym and a $42K AI OS rollout for a mid-market energy business. 👉 @Luca Giovinazzo delivered his first full client project live — 11 n8n workflows, CRM, Telegram bot, inventory alerts, booking system, KPI tracking, user guide, and Loom walkthrough. 👉 @Fadwa Naboulssi landed her first client three weeks into the community — a candidate sourcing workflow on a $150-per-successful-hire commission. 👉 @George Maitland completed his first technical build using Claude Code + n8n MCP — a local content engine with Telegram as the command center. 👉 @James O Neill built a free portfolio site for a friend-of-a-friend’s side hustle… and she insisted on paying anyway. First real money landed. ⸻ 🎥 Super Win Spotlight | @Josh Holladay Josh joined AIS+ because he wanted more than scattered learning. He wanted momentum. Focused content. Better access. And a room full of people actually moving. Since joining, he has: - Closed real client work - Built stronger confidence around pricing and value - Used the portfolio course to get clear on where he was and what needed to happen next - Learned how to turn client conversations into real business opportunities - Found a place to celebrate wins with people who actually understand the journey
💎
⭐
Oct '24 •
Welcome! Introduce yourself + share a career goal you have 🎉
Let's get to know each other! Comment below sharing where you are in the world, a career goal you have, and something you like to do for fun. 😊
2h •
Lovable Apps Have a Security Problem Nobody's Talking About
To preface, I run a security auditing service that seeks to address the technical debt that comes from building with AI tools in order to give founders additional peace of mind prior to shipping. That said, last week I scanned a total of 8 lovable built apps, since I noticed that with the Lovable platform specifically that its vulnerabilities always seemed to be structured in the same exact way across different apps. Furthermore, many of these products had actual user bases and live billing mechanisms in place, and thus the data that these apps were handling were particularly important. That out of the way, these are 5 of the most common findings that I came across among almost all of the Lovable built applications that i have audited thus far: 1. 8/8 apps had at least one HIGH severity finding; though, typically within a short 10-15 minute window, I was able to source multiple (even within some of the better built products, same idea). Many of these findings were able to be sourced with fairly rudimentary tooling. For instance, almost all of the apps I scanned seemed to have secrets of all kinds baked right into the front end; accessible through DevTools alone. Things ranging from JWTs, API keys, etc etc. However, it gets worse: 2. 7/8 apps had a hardcoded supabase token sitting in the front in JS bundle sitting in plain sight. This being the code that your browser actually downloads first before loading your app, what this means is that anyone can open devtools on their local machine, and search for this directly within the sources tab with next to no effort. This key, plus an unprotected database means that anybody online can utilize this to grant themselves direct read/write access to your data without even being logged in. 3. 7/8 apps had no rate limiting mechanisms configured on login. What this means is that there is absolutely nothing stopping someone from attemptions thousands of password guesses on any account that they choose. Configuring an automation tool to cycle through common password lists to target specific users is simple, and what this means is that anyone can access any account they desire by running said scripts overnight. So thus, rendering user passwords completely useless as safeguarding mechanisms. Furthermore, on these same apps there was a complete absence of other such mitigation methods (ie: CAPTCHA trigger, account lockout/slowdown mechanisms), so this confirms that anybody can log in wherever they choose to on these sites completely under the radar.
1-30 of 18,247
skool.com/ai-automation-society
Learn to get paid for AI solutions, regardless of your background.
Leaderboard (30-day)
1
🔥
+7544
2
🔥
+5019
3
🔥
+3540
4
+3130
5
+1428
Powered by