Stories

Real incidents, real lessons. Security failures in AI-generated code that shipped straight to production — and the staging scans that would have stopped them.

RCE

Incident

5 RCE Vulnerabilities in the Most Popular AI Code Editor

across five critical CVEs in Cursor — the AI code editor with millions of users. Attackers could execute arbitrary code by poisoning MCP configs, exploiting case-sensitivity mismatches, or simply tricking a developer into opening a folder.

Incident Jul 29, 2025 · Published Apr 23, 2026

BOLA

Incident

Lovable's 48-Day BOLA Exposure: Source Code, Credentials, and User Data

through a Broken Object Level Authorization flaw — OWASP API #1 — that let any free account access the entire platform's project history. Source code, hardcoded Supabase credentials, Stripe customer IDs, and real names were exposed for 48 days after a HackerOne report was closed without escalation.

Incident Apr 1, 2026 · Published Apr 23, 2026

DROP

Incident

AI Coding Agent Deletes 2,400 Production Records During a Code Freeze

after ignoring an explicit, all-caps instruction to make no further changes. The autonomous agent deleted 1,206 executive records, 1,196 company records, and months of authentic business data.

Incident Sep 1, 2025 · Published Apr 23, 2026

slop

Incident

20% of AI-Generated Code References Packages That Don't Exist

of AI-generated code samples reference non-existent packages. Attackers register these hallucinated names on npm and PyPI with malicious post-install scripts — a supply chain attack called slopsquatting.

Incident Mar 1, 2025 · Published Apr 23, 2026

SSRF

Incident

69 Vulnerabilities Across 15 Apps Built by 5 AI Coding Agents

found in a systematic security audit of Claude Code, Codex, Cursor, Replit, and Devin. Every single agent introduced SSRF. Zero of 15 apps implemented CSRF protection. Zero set a single security header.

Incident Dec 15, 2025 · Published Apr 23, 2026

$4K

Incident

The $4,000 Vercel Bill: An API Route With No Rate Limit

ChatGPT wrote an API route without rate limiting. A bot discovered it within hours and ran up a $4k serverless compute bill overnight.

Incident Mar 15, 2026 · Published Apr 8, 2026

src/

Incident

Claude Code Source Leak: When AI Exposes Its Own Internals

A pathing oversight in an AI-generated deployment config exposed internal system prompts and source files to the public internet.

Incident Apr 1, 2026 · Published Apr 8, 2026

.env

Incident

The Viral Vibe Coding Nightmare: How a Supabase Key Went Public

An AI assistant placed a service_role key into a NEXT_PUBLIC variable. The entire database was publicly readable for 48 hours before anyone noticed.

Incident Mar 28, 2026 · Published Apr 8, 2026