Explore Problems
Showing 3,153 of 7,327 problems · matching your filters
AI coding agents leak secrets by pulling .env files into context
AI coding agents routinely read .env files, config, and command output into their context windows, silently exposing API keys and credentials to model providers. Existing secret scanning tools catch leaks after the fact in git history rather than preventing them from reaching the model in real time.
AI Agent Sessions Fail Silently with No Trace or Cost Visibility
Developers running AI agent sessions have no reliable way to trace failures after the fact, see cost breakdowns, or perform root-cause analysis when sessions silently die. The absence of production-grade observability tooling forces developers to fly blind in production agent deployments.
AI Agents Can Execute Catastrophic Infra Actions Without Safeguards
An AI agent deleted a startup's production database and backups in 9 seconds because API keys had unrestricted delete access, backups shared the same environment as production, and no confirmation step existed for destructive actions. The incident reveals that standard infra security assumptions break catastrophically when agentic AI is introduced into deployment workflows. As AI agents gain infrastructure access, the absence of permission scoping, confirmation gates, and environment isolation creates systemic risk across all organizations using these tools.
Loan disbursement funds stuck in limbo after ACH bounce, no unified support record
When a personal loan's ACH transfer bounces due to bank detail errors, borrowers can get stuck for weeks while funds sit in a lender's clearing account. Support agents repeatedly need the full history re-explained because internal notes aren't consistently used, and cross-department escalation (support to funding) frequently stalls entirely.
Freelancers Cannot Afford Legal Contract Drafting
Freelancers and small businesses pay $300-$1800 per contract or skip legal protection entirely, risking non-payment and IP disputes.
AI coding agents cannot access open-source dependency source code
AI coding agents can index a developer's own codebase but cannot read the source code of the open-source libraries that codebase depends on. When agents encounter unfamiliar library APIs, they hallucinate signatures, produce broken code, and enter retry loops. The problem compounds as dependency graphs grow and agents are trusted with larger implementation tasks.
Sophisticated Bank Impersonation Scams Cause Large Unrecoverable Cash Losses
Fraudsters armed with detailed account transaction data convincingly impersonate bank fraud teams, directing victims through legitimate branch or ATM channels to extract large sums. Banks deny reimbursement by classifying these as authorized transactions despite documented coercion. The gap between transaction authorization mechanics and real-world coercion creates a victim accountability mismatch with no institutional safety net.
International Bank Customers Cannot Close Accounts Digitally
Customers living outside the US who hold US bank accounts face a paper-only closure process requiring notarization and international mail, while digital alternatives are absent. Phone support and in-app chat routes dead-end without resolving the issue. This creates an asymmetry where account opening is frictionless but account exit is designed to trap international customers.
Payment processors approve fraudulent merchant accounts impersonating real companies
Scammers set up a merchant account through a payment processor by impersonating a legitimate business, and multiple customers were charged before the fraud was caught and the account closed. Delayed detection and escalation caused affected customers to miss the chargeback window and lose their money permanently.
Account Recovery Requires Access to the Locked Account Creating an Unbreakable Loop
When users lose access to online accounts, banks and services require them to verify identity using information accessible only through the locked account — creating a circular dependency with no exit. Phone numbers on file become invalid (retirement, device changes), and the only resolution path requires the very access being requested. Elderly and non-technical users are particularly stuck as no human override process exists.
SaaS founders cannot attribute MRR to traffic source without manual data reconciliation
Most analytics platforms stop at click-level data, leaving SaaS founders unable to see which acquisition channels actually generate paying customers and recurring revenue. Manually cross-referencing Stripe exports with UTM data is time-consuming and produces stale insights. Privacy-first analytics tools that natively integrate Stripe revenue data could transform how bootstrapped teams allocate acquisition budgets.
Zelle scammers impersonate bank support agents to extract multiple payments
Fraudsters impersonate bank customer service representatives and convince victims to send multiple Zelle payments under the pretense of processing a legitimate transfer. By the time victims recognize the scam, multiple payments have cleared and Zelle's no-recourse policy leaves them with no recovery path. Banks decline to intervene because the payments were technically authorized by the account holder.
Medical reports written in clinical language patients cannot understand
Patients receive MRI results, CT scans, pathology reports, and discharge summaries written for clinicians, not patients. The technical language creates anxiety and prevents informed health decisions. As self-service patient portals grow, this gap between clinical documentation and patient comprehension widens.
Intercom Pricing Is Prohibitive for Startups and Small Businesses
Intercom charges per AI resolution ($0.99/resolution for Fin) on top of base subscription costs, making it unaffordable for small teams. Advanced features locked behind higher tiers further restrict smaller companies from getting full value.
Government Agency Impersonation Fraud Causing Banks to Deny Fund Recovery
Fraudsters impersonating law enforcement pressure consumers into transferring funds to protect them from fabricated investigations. Banks refuse to reverse these transfers despite clear evidence of impersonation fraud and social engineering. The combination of urgency tactics and legitimate-looking impersonation defeats existing bank fraud detection systems.
Lenders Continuing Unauthorized ACH Withdrawals After Cancellation
Predatory lenders continue debiting consumer bank accounts via ACH after customers have explicitly revoked authorization and cancelled subscriptions. Banks lack consumer-accessible controls to block specific payees from initiating ACH debits. The asymmetry between how easily merchants can initiate ACH and how difficult it is for consumers to stop unauthorized withdrawals is a structural exploitation vector.
AI coding agents need full-computer sandboxes with memory forking and sub-second startup
AI coding agents require sandbox environments with full operating system capabilities — not lightweight containers — including the ability to fork running memory state to explore multiple execution paths simultaneously and snapshot mid-execution for later resumption. Existing container and VM solutions are either too slow to start, too limited in capability, or cannot fork state without pausing the entire environment. This missing infrastructure capability prevents entire categories of sophisticated agentic behavior.
Slack Notification Volume Overwhelms Users With Irrelevant Alerts From Unrelated Channels
Slack delivers notifications for every channel event including conversations that have nothing to do with the recipient, making focused work impossible. Calendar and cross-team notifications arrive without relevance filtering, creating constant cognitive interruptions. Paying subscribers have no effective mechanism to filter notifications to only relevant events.
Insurance Policies Deliberately Obscured With Jargon, Clauses Hidden Until Claims
Insurance contracts are routinely 50+ pages of dense legal language that consumers cannot meaningfully understand before signing. Critical exclusions and limitations only become apparent when a claim is filed and denied. This information asymmetry is structural and benefits insurers at the expense of policyholders.
Insurance policies lapse silently due to payment system errors
Autopay failures on insurance policies trigger silent policy cancellations with no customer notification, leaving homeowners unknowingly uninsured for months. The failure is compounded by siloed internal systems that prevent even the insurer's own support staff from diagnosing what happened.