zlacker

[parent] [thread] 1 comments
1. the_ha+(OP)[view] [source] 2026-02-05 21:27:51
The Cloudflare OAuth thing is a good example of exactly this. Someone wrote new code for a solved problem, introduced a vulnerability that wouldn't have existed if they'd just used a well-tested library. Now scale that up to every vibe coder reimplementing auth from scratch because the LLM made it look easy.

The "not many copies" angle is interesting too - these bugs are harder to find with traditional scanning because there's no known signature. Each one is a unique snowflake of broken security.

replies(1): >>acdha+rt
2. acdha+rt[view] [source] 2026-02-06 00:28:52
>>the_ha+(OP)
That last part is really interesting to me: humans are notoriously bad at things like looking at a large block of code and recognizing that something is missing from the middle. Offensive LLMs guided by control flow analysis are probably going to do some really interesting things finding flaws in that bespoke code but I bet most companies jumping on the vibe-coding bandwagon aren’t going to invest nearly as much.
[go to top]