# Jordan Tillman, Senior Backend Engineer at Arcflow (210 people, B2B fintech) — read of Remedix, June 13 2026

> 9 years in backend, one failed SaaS launch under my belt, actively vibe-coding a side project in Cursor at night after the kids are down. I commute 38 minutes each way on Metro-North and that's basically my research window.

## How I got here

Someone dropped a link in the Indie Hackers Discord with the message "this site actually admits when their ideas are bad, weirdly refreshing." I opened it during my evening commute. I was not looking for a security scanner. I was vaguely looking for either a tool to audit the Cursor-generated code in my own side project, or honestly just a new idea to build. I am not sure this page knew which one I was either.

## What I clicked first

"Security without the handoff. Scan AI-built apps before they reach production." Ok, that landed. I write a lot of AI-assisted code and I have no idea what's actually in it security-wise. The "handoff" framing implies I usually have to bug a security person and wait two weeks. That is exactly what happens at my day job. So I'm reading.

I also clicked "See example report" immediately. That is the one thing that would tell me whether this tool is real or vaporware.

## Where I paused

"1 in 8 Meaningful-success odds (Fermi)" stopped me cold. I have never seen a product page put failure odds on itself. My first reaction was: is this the product's page or a review of the product's market potential? Then I kept reading and realized this page is somehow doing both at the same time. The Wishdeal Factory scoring section is grading Remedix while Remedix is trying to sell me something. That is either very smart or very disorienting and I am still not sure which.

The "$-21,085 Year-1 take-home" made me laugh out loud on the train. The guy next to me looked over.

## What I distrusted

The page never cleanly answers whether Remedix exists yet. The hero says "Scan your app free" with a button. That implies a working product. Then midway down: "Honest disclosure: we don't have live customers on this idea yet." So is the free scan live or not? I'm being asked to click a CTA for something that may not exist.

Also this: "AI-Friendly Fixes Copy remediation prompts into Cursor or Claude to patch findings instantly." I want to believe this but that is a bold claim. What does the prompt actually look like? Is it just the finding description plus "fix this"? Because I could write that myself. I need to see what "instantly" actually means in practice before I trust it.

The four-tier pricing ("Browse / Unlock $5 / Adopt / Operator") confused me for a full minute. Am I buying a security scanner or am I buying the right to go build one? I had to re-read three times to figure out that Wishdeal is selling the idea/code package, not a subscription to the tool. That should be on the first scroll. I almost bounced thinking this was some weird NFT scheme.

## What would convince me

One thing: let the free scan actually run on a repo or a URL and show me an unredacted report. Not a screenshot of a fake report. An actual result with a real finding, a severity, and what the remediation prompt looks like. That is the whole pitch and it's either good or it isn't. If the output is generic ("found 2 high severity issues, upgrade your dependencies") I'm out. If it finds something specific like a hardcoded key or an unprotected admin route in the example, I'm a believer.

Also: "Prioritized Findings... sorted by severity" is table stakes for any scanner. That is not a differentiator. Tell me what Remedix catches that Snyk or a basic GitHub Advanced Security scan misses specifically for AI-generated code. That is actually a real and interesting gap if they've thought about it.

## What I'd ask in an email reply

1. The free scan button, does it actually work right now, or does it hit a waitlist? Be straight with me.
2. What does the scanner look at exactly -- is it static analysis on files I upload, or does it clone a repo, or is it pointed at a running URL? The specs say "no external API calls" but I don't know if that means the scan runs locally or what.
3. The "AI-Friendly Fixes" feature, can you show me a real prompt that came out of a real scan on real code? Not a mockup. Actual output.

## Verdict: on-the-fence

The idea is real and the pain is real and the honesty about negative projected income is genuinely unusual enough to keep me reading. But the page has an identity crisis between "use this tool" and "buy this idea" and until I know which one I'm doing, I'm not clicking anything with a dollar sign on it.

---
*Memo by skeptic persona, generated 2026-06-13. Studio breaks own self-grading loop.*
