alt Hacker NewsThis feels so emblematic of our current era. VC funded vibe coded AI documentation startup somehow gets big name customers who don't properly vet the security of the platform, ship a massive vulnerability that could pwn millions of users and the person who reports the vulnerability gets...$5k.
If I recall last week Mintlify wrote a blog post showcasing their impressive(ly complicated) caching architecture. Pretending like they were doing real engineering, when it turns out nobody there seems to know what they're doing, but they've managed to convince some big names to use them.
Man, it's like everything I hate about modern tech. Good job Eva for finding this one. Starting to think that every AI startup or company that is heavily using gen-ai for coding is probably extremely vulnerable to the simplest of attacks. Might be a way to make some extra spending money lol.
Replies
You bet not all THW vulnerabilities are reported to the vendors. Not with 5k bounty for THAT.
A similar comment was posted on the PostHog post yesterday. Claiming everything is vibe coded without any proof is pure rage bait.
> This feels so emblematic of our current era. VC funded vibe coded AI documentation startup somehow ...
Is there any indication Mintify was "vibe coded"?
Chill - just because someone got hacked doesn't mean their product is trash. Easily every mass adopted product created prior to 2023 has been hacked at some point.
Why did you post the same comment twice? This is not Reddit, my friend.
This is identical to a comment you wrote on the other story about these vulnerabilities that's higher up on the front page, which isn't great.