Is the implication that he made a super insecure program and left the token for his AI thing in the code as well? Or is he actually being hacked because others are coping?
AI writes shitty code that’s full of security holes, and Leo here has probably taken zero steps to further secure his code. He broadcasts his AI written software and its open season for hackers.
Potentially both, but you don’t really have to ask to be hacked. Just put something into the public internet and automated scanning tools will start checking your service for popular vulnerabilities.
He told them which AI he used to make the entire codebase. I’d bet it’s way easier to RE the “make a full SaaS suite” prompt than it is to RE the code itself once it’s compiled.
Someone probably poked around with the AI until they found a way to abuse his SaaS
Is the implication that he made a super insecure program and left the token for his AI thing in the code as well? Or is he actually being hacked because others are coping?
Nobody knows. Literally nobody, including him, because he doesn’t understand the code!
Nah the people doing the pro bono pen testing know. At least for the frontend side and maybe some of the backend.
But the things doing the testing could be bots instead of human actors, so it may very well be that no human does in fact know.
Thought so too, but nah. Unless that bot is very intelligent and can read and humorously respond to social media posts by settings its fake domain.
Good point! Thanks for pointing that out.
I’m stealing “pro bono pen testing.”
Cant steal it, if it is already pro bono :D
That’s fucking hilarious then.
rofl!
AI writes shitty code that’s full of security holes, and Leo here has probably taken zero steps to further secure his code. He broadcasts his AI written software and its open season for hackers.
Not just, but he literally advertised himself as not being technical. That seems to be just asking for an open season.
Potentially both, but you don’t really have to ask to be hacked. Just put something into the public internet and automated scanning tools will start checking your service for popular vulnerabilities.
He told them which AI he used to make the entire codebase. I’d bet it’s way easier to RE the “make a full SaaS suite” prompt than it is to RE the code itself once it’s compiled.
Someone probably poked around with the AI until they found a way to abuse his SaaS
Doesn’t really matter. The important bit is he has no idea either. (It’s likely the former and he’s blaming the weirdos trying to get in)