CASE STUDIES — REPLACED BY PATTERNS
We retired the fictional case-study format. The replacement is /patterns/ — every walkthrough anchored to a live URL on gapbench.vibe-eval.com so the bug is reproducible, not asserted.
The case-study series that used to live here was anonymized fictional walkthroughs. We replaced it with /patterns/ — same job, but every article anchors to a reproducible scenario on gapbench.vibe-eval.com. The bug is on a live URL. You can hit it, run any scanner against it, and verify the finding yourself. That is a stronger move than a story.
Where to read
- The patterns hub — 28 anatomy walkthroughs, organized by category (auth, trust boundaries, infrastructure, agents, injections).
- Why we built gapbench — the manifesto. Read this if you want the framing for the whole series.
- False positives and the ref0 control — the calibration methodology behind every detection.
Most-read patterns
- The Supabase service-role key in your frontend bundle
- JWT alg=none is not dead — your AI-generated auth might be running it
- BOLA in AI-generated CRUD — the missing ownership check
- MCP servers without auth — the prompt that ran rm -rf
- Naked databases on the public internet
Related
- Data studies — quantitative research from the scan corpus
- Platform safety reviews — rolling state of Lovable, Bolt, Cursor, Replit, V0
- Vibe code scanner — run the scanner that calibrates against gapbench
/ NEXT STEP
READ THE PATTERNS
Anatomy of every bug we keep finding. Each one with a curl-ready demo URL.
