Another Web2 "AI coding" startup hacked wide open because of public-facing unauthenticated registration endpoints tied to hardcoded manifest IDs.
They called it a “vibe platform.” The exploiters vibed in.
This isn’t just an engineering failure — it’s a delusional design philosophy:
🧩 Swagger docs as blueprints for breaches
🎭 SSO without real access control
🫠 AI hype masking API rot
We don’t need vibes. We need verification.
That’s why I built [ nostr:nprofile1qqs2um8ftr5qf05xk9z7dfeumndg5s4mte2z04gynlnztxmd6rczclgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz8thwden5te0dehhxarj9e3xjarrda5kuetj9eek7cmfv9kz7qg4waehxw309aex2mrp0yhxummnw3ezucn89uf6pfyx ] — deterministic, testable, and immune to Swagger swagger.