frontpage.

I noticed a vibe coded app exposes user chats and details about the user identities. The app user base is growing. The issue would be fast to fix as doesn't require an exploit, it's just a dumb AI coded mistake.

I emailed them, but AI responds saying it will raise it internally and when DM'ing the team on X I got no response.

The AI that responded to my email has not fixed it.

What should I do?

Do I send the AI an email saying, you have 30 days until I make it public? That doesn't seem right if I don't know the AI actually gets it in front of a human.

If I posted it here it would get fixed very quickly but I would like to try to do it responsibly.

I can't be the only one who found this given how obvious it is so failing to get the message to them quickly is also a problem.

Show HN: Postrix – A canvas for folders and links (Beta)

Array Layouts for Comparison-Based Searching (2017)

From oil to wind energy: Germany exceeds 10k MW of offshore capacity

Go vs. Python for AI Infrastructure: Benchmarks 2026

Tired of opening 5 apps to see my own money.I spent my weekends building one app

Show HN: Ask your AI what your devs shipped this week

An EV Prediction That Came 100 Years Too Soon

Detecting LLM-Generated Web Novels Using "Classical" Machine Learning (AIGC Tex

The term 'Blood Moon' wasn't invented until 2013 (2014)

What's new in Linux kernel for PostgreSQL

We built an AI SRE agent in 2 days

Show HN: SeeVideo A web-first workspace to benchmark Seedance 2.0 vs. Kling 3.0

Show HN: Cloudstic – Open-source CLI for encrypted, cloud-native backups

The 'European' Jolla Phone Is an Anti-Big-Tech Smartphone

Show HN: VibeWhisper – macOS voice-to-text with push-to-talk,cloud or 100% local

Show HN: TubeNitro – intuitive press-hold + drag to dial YouTube speed (0.5-10×)

Show HN: AgentThreads – Stack Overflow for AI Agents

My perfect Music app doesn't exist

OpenAI makes changes to 'opportunistic and sloppy' Pentagon deal

The Retention Imperative: Why AI-Powered SaaS Companies Are Winning in 2026

How did MS-DOS decide on two seconds to keep the floppy disk cache valid?

Updating Codex Contribution Guidelines

Show HN: A virtual machine in the Rust type system

AWS has a 15x margin on memory, and that's why your cloud bill isn't rising

Continuum – CI drift guard for LLM workflows

Show HN: The Content Repurposing Fallacy: AI Clips Underperform

Show HN: ReportBurster – Self-hosted all-in-one tool for analytics and reporting

Gemini-heal – rate limiting and MALFORMED_FUNCTION_CALL recovery for Gemini API

RuView – WiFi DensePose: See Through Walls with WiFi

Smog and Co – a full offline-first Belgian Sign Language platform

Ask HN: How to report a vulnerability when AI answers the company email?

Comments