Four days ago I had an idea. Today it's live, catching real security issues in real pull requests. This is the story of how I built VrothSec — a GitHub App that automatically reviews every PR for AI and cloud security mistakes — with no money, no team, and no prior experience shipping a SaaS. The Problem Most security tools were built before AI apps existed. They don't know what an exposed OpenAI key looks like. They don't flag overpermissioned IAM roles. They don't catch unprotected model endpoints or prompt injection risks through retrieval chains. A developer in the comments of my build-in-public post put it better than I could: "The real risk usually is not just leaked keys. It is model endpoints with no auth or rate limits, overly broad IAM on storage and inference paths, prompt injection exposure through retrieval and tool use, logging sensitive prompts into places they should never land." That's exactly what existing tools miss. That's the gap VrothSec fills.…