<aside>

11/8/2025

• Removed all non-AI-related SaaS entries to streamline the database and eliminate bloat.
• Refined the category section, retaining only categories directly relevant to our target audience.
• Differentiated the database into two distinct lists:
  • Top Tools Database: A core list for tools meeting strict inclusion criteria.
  • Notable AI Tools: A dynamic list for new releases and high-potential tools, designed for rapid updates.

11/11/2025

• Added the Subcategory: AI Coding Assistance under Productivity & Automation.

12/5/2025

I’ve recently found a bunch of serious issues across some tools on the main list. We're talking active supply chain hacks, major security flaws, big legal headaches, and screw-ups in how things are managed on their end.

I have identified multiple high-severity "Red Flags" that threaten the operational stability and long-term viability of several tools in our list. Hence, I opted to remove and replace them.

• Removed Zapier For Now: In late November 2025, Zapier’s official NPM account was compromised in a major supply chain attack. Threat actors injected the "Shai Hulud" malware into verified Zapier packages, putting connected systems at risk of credential theft and unauthorized access.
• Removed OpenAI Codex: Due to the newly disclosed "PromptPwnd" vulnerabilities affecting AI agents in CI/CD workflows and persistent concerns regarding CLI security (CVE-2025-61260), I can no longer recommend Codex as a safe default. I have removed it from the database while the community establishes better security standards for autonomous agents.
• Removed Windsurf: Temporarily removed due to a critical security flaw (CVE-2025-62353). The issue allows "Indirect Prompt Injection" to manipulate the AI into reading and writing files anywhere on your computer—not just in your project folder—putting sensitive data like SSH keys at risk.
• Removed Adcreative.ai: Removed due to severe financial safety concerns. The tool faces widespread allegations of billing fraud, including charging users after cancellation and refusing refunds for unauthorized annual subscriptions (often exceeding $300).
• Added several new AI tools as alternatives to the replaced ones. They’ve passed the vetting process that was used to curate the existing database.

15/1/2026

• Removed Fireflies.ai: A class action lawsuit filed in December 2025 alleges Fireflies.ai illegally harvests and stores voiceprints (biometric identifiers) from meeting participants without their knowledge or consent. The complaint claims the AI assistant records and analyzes unique vocal characteristics of all participants—including those who never created accounts or agreed to terms of service—in violation of Illinois' Biometric Information Privacy Act. I have removed it from the database until the lawsuit is resolved and the company clarifies its data collection practices.
• Removed Higgsfield AI: Removed due to severe consumer protection concerns. The tool faces a lawsuit and widespread user complaints alleging breach of contract and deceptive billing practices—including mass account bans of paying "unlimited" plan users without refunds, stealth upgrades from monthly to annual subscriptions without explicit consent, and no functional way to cancel (users report only a "downgrade to basic" option that still charges). Multiple users report continued billing despite written cancellation requests.
• Removed Trae IDE: Removed due to privacy violations. Security researchers discovered ByteDance's AI coding tool transmits user data to ByteDance servers even after users disable telemetry—approximately 500 network calls transmitting ~26MB of data in just 7 minutes. Collected data includes hardware specs, project information, unique identifiers, and mouse/keyboard activity. The privacy policy allows 5-year data retention with no true opt-out mechanism. I cannot recommend this tool for any codebase where data privacy is a concern.
• Restored Zapier: The NPM supply chain attack from late November 2025 has been fully remediated. Zapier unpublished all malicious packages within hours of detection (by 10:30 AM UTC on November 24, 2025) and deprecated remaining affected versions by 2:03 PM UTC the same day. Zapier has officially confirmed no data loss or leak occurred, and security researchers at Wiz verified the packages have been reclaimed. The incident was contained quickly and only affected developers who downloaded specific npm package versions during a narrow 8-hour window. Zapier's core automation platform was never compromised.
• Restored OpenAI Codex: The PromptPwnd vulnerability (CVE-2025-61260) has been patched. Check Point Research has confirmed the fix is effective. Users should ensure they are running version 0.23.0 or later before using Codex CLI in any repository they do not fully control.
• Added a few new tools to the database

</aside>