Comment by CharlieDigital

This is the main problem with AI and vibe coding right now: it does what you ask (and sometimes does related things in the line of that ask).

It doesn't look at the big picture of multiple entry into the software. For example he had one vulnerability which required a hop through email which would create an entry into a table that ended up elevating permissions temporarily.

Hopefully platforms like Replit, Firebase Studio, et Al one day just include a security audit agent.