Explore Problems
Showing 865 of 6,868 problems · matching your filters
Banking apps show transactions but provide no actionable spending intelligence
Most banking and personal finance apps display raw transaction lists without analyzing patterns, trends, or behavioral insights. Users cannot identify where their money actually goes without manual categorization in separate tools. The gap between data display and financial intelligence leaves the majority of banking customers without practical guidance.
Malicious VSCode Extensions Can Breach Thousands of GitHub Repositories
A single malicious VSCode extension compromised 3,800 GitHub repositories, exposing a critical gap in extension marketplace security vetting. The extension marketplace provides no meaningful safety signals, leaving developers unable to assess extension trustworthiness at install time.
MCP Servers Inject Context Tokens on Every Message Even When Not Used
Every configured MCP server injects tokens into the context window on each message, regardless of whether that server is needed for the current task. As developers add more MCP servers, context window bloat becomes severe and reduces effective model capacity. No selective MCP loading mechanism exists to activate servers only when relevant.
Cloud AI Coding Agents Require Sharing Codebases; Local Models Lack Performance
Developers using cloud-based AI coding agents like Cursor, Codex, or Claude must expose their codebase to training pipelines. Switching to local models for privacy eliminates the performance needed for real coding tasks. No tool currently solves both privacy and performance simultaneously.
Air-Gapped Networks Have No Passive Threat Detection Without Active Scanning Risk
Security teams protecting air-gapped environments — defense, ICS, nuclear — cannot use conventional network detection tools that require active probes, which risk triggering false alerts or disrupting critical operations. Passive monitoring that can identify C2 beacons and DNS generation algorithm traffic without sending any packets is absent from the market. This leaves some of the highest-value targets with a fundamental detection blind spot.
Phone Theft Enables Immediate High-Value Zelle and Venmo Fraud Banks Refuse to Refund
Thieves who steal unlocked phones can immediately execute thousands of dollars in Zelle and Venmo transfers before the owner can react. Payment apps treat physical phone possession as sufficient authorization, creating a structural gap where theft of a device equals theft of funds. Banks and payment platforms systematically deny fraud refunds for these transactions because the device was used directly.
Bank security alert systems fail to fire during active account takeover via phishing
Customers who configure bank security alerts for new device logins and failed password attempts receive no notifications when fraudsters are actively taking over their accounts via phishing. Alert systems that customers rely on as a safety net fail silently at exactly the moment they are needed. The combination of caller ID spoofing and alert failure gives attackers undetected access windows long enough to drain accounts.
Insurance policies lapse silently due to payment system errors
Autopay failures on insurance policies trigger silent policy cancellations with no customer notification, leaving homeowners unknowingly uninsured for months. The failure is compounded by siloed internal systems that prevent even the insurer's own support staff from diagnosing what happened.
Slack Notification Volume Overwhelms Users With Irrelevant Alerts From Unrelated Channels
Slack delivers notifications for every channel event including conversations that have nothing to do with the recipient, making focused work impossible. Calendar and cross-team notifications arrive without relevance filtering, creating constant cognitive interruptions. Paying subscribers have no effective mechanism to filter notifications to only relevant events.
Insurance Policies Deliberately Obscured With Jargon, Clauses Hidden Until Claims
Insurance contracts are routinely 50+ pages of dense legal language that consumers cannot meaningfully understand before signing. Critical exclusions and limitations only become apparent when a claim is filed and denied. This information asymmetry is structural and benefits insurers at the expense of policyholders.
Mortgage Servicers Proceed to Foreclosure Track After Verbally Approving Forbearance
Homeowners experiencing documented financial hardship who proactively request forbearance receive verbal approvals that are never formally processed, while the servicer simultaneously initiates foreclosure proceedings. The absence of written confirmation requirements and the 30+ day processing lag leaves current-account homeowners in a foreclosure pipeline they cannot exit. No real-time status visibility exists between borrower application and servicer processing systems.
Zelle scammers impersonate bank support agents to extract multiple payments
Fraudsters impersonate bank customer service representatives and convince victims to send multiple Zelle payments under the pretense of processing a legitimate transfer. By the time victims recognize the scam, multiple payments have cleared and Zelle's no-recourse policy leaves them with no recovery path. Banks decline to intervene because the payments were technically authorized by the account holder.
Medical reports written in clinical language patients cannot understand
Patients receive MRI results, CT scans, pathology reports, and discharge summaries written for clinicians, not patients. The technical language creates anxiety and prevents informed health decisions. As self-service patient portals grow, this gap between clinical documentation and patient comprehension widens.
Banks Disburse Auto Loans to Unverified Dealerships, Enabling Purchase Fraud
Banks process auto loan disbursements without verifying that the receiving entity is a real, registered dealership — enabling fraudulent dealers to receive funds for vehicles that are never delivered. Borrowers are left with active loan obligations for cars they never received, with the bank accepting no responsibility for the disbursement failure.
Bank of America Processes Unauthorized ACH Withdrawals After Written Revocation
Bank of America continued debiting a consumer's account after receiving a written revocation notice, ignoring the legal instruction and extracting funds without authorization. High mention count and upvotes confirm this is a widespread systemic failure at major banks.
Phone Scammers Impersonate Banks and FBI to Drain Accounts via Zelle
Criminals impersonate bank representatives and FBI agents via phone to manipulate consumers into transferring funds via Zelle. Once sent, Zelle payments are irreversible and banks typically refuse to reimburse victims of social engineering.
AI coding agents cannot access open-source dependency source code
AI coding agents can index a developer's own codebase but cannot read the source code of the open-source libraries that codebase depends on. When agents encounter unfamiliar library APIs, they hallucinate signatures, produce broken code, and enter retry loops. The problem compounds as dependency graphs grow and agents are trusted with larger implementation tasks.
AI coding agents leak secrets by pulling .env files into context
AI coding agents routinely read .env files, config, and command output into their context windows, silently exposing API keys and credentials to model providers. Existing secret scanning tools catch leaks after the fact in git history rather than preventing them from reaching the model in real time.
AI Agent Sessions Fail Silently with No Trace or Cost Visibility
Developers running AI agent sessions have no reliable way to trace failures after the fact, see cost breakdowns, or perform root-cause analysis when sessions silently die. The absence of production-grade observability tooling forces developers to fly blind in production agent deployments.
AI Agents Can Execute Catastrophic Infra Actions Without Safeguards
An AI agent deleted a startup's production database and backups in 9 seconds because API keys had unrestricted delete access, backups shared the same environment as production, and no confirmation step existed for destructive actions. The incident reveals that standard infra security assumptions break catastrophically when agentic AI is introduced into deployment workflows. As AI agents gain infrastructure access, the absence of permission scoping, confirmation gates, and environment isolation creates systemic risk across all organizations using these tools.