All articles

IDOR

(3 articles)
OpenAI Assistants API: Thread-ID Enumeration and Hijacking
OpenAIAssistants APIIDOR

June 4, 2026 · VibeWShield Team

OpenAI Assistants API: Thread-ID Enumeration and Hijacking

Thread IDs in the Assistants API are long but predictable in vibe-coded chat UIs. A classic IDOR lets attackers read prior conversations by incrementing a counter on your side.

Read article
Convex Auth: 5 Mistakes AI Tools Keep Making in Your Queries
ConvexAuthenticationVibe-Coding

April 24, 2026 · VibeWShield Team

Convex Auth: 5 Mistakes AI Tools Keep Making in Your Queries

Convex's reactive model makes authorization hide in plain sight. Cursor / Claude scaffold queries without auth checks, and the whole app leaks user data by default. Here are the five patterns to fix.

Read article
tRPC Procedure Authentication: Why AI-Generated Code Leaks User Data
tRPCAuthenticationVibe-Coding

April 21, 2026 · VibeWShield Team

tRPC Procedure Authentication: Why AI-Generated Code Leaks User Data

AI coding tools scaffold tRPC routers without auth middleware. See the exact pattern attackers use to read other users' orders, invoices and messages — and how to fix it in one line.

Read article