Explore Problems

Showing 138 of 6,868 problems · matching your filters

AI-generated vibe-coded apps ship with live security holes

Applications built quickly with AI coding tools like Replit, Lovable, and Cursor often go to production with unaddressed access-control vulnerabilities, and their builders typically lack security expertise. High engagement (532 upvotes) suggests broad resonance, though it surfaces via a solution launch rather than direct user complaints.

1 mentions1 sources
S6.1L8
Security & Compliance · Application Security

AI Agents Execute Sensitive Actions Without Human Approval Checkpoints

Professionals using AI agents for real work find that autonomous systems take irreversible actions — sending emails, modifying files, triggering integrations — without pausing for human review. The lack of approval gates on sensitive operations creates trust and safety barriers that prevent enterprise adoption. Workers need AI that asks before acting on consequential decisions.

1 mentions1 sources
S6.1L8
Productivity · Automation & Workflows

Multi-Platform Ad Integration Requires Six Separate OAuth Flows and Data Models

Building advertising integrations across Meta, Google, TikTok, LinkedIn, Pinterest, and X forces engineering teams to maintain six separate developer apps, OAuth flows, and incompatible campaign object models. This represents months of duplicated engineering effort for any product that needs to touch multiple ad platforms. A unified normalized API layer would eliminate this fragmentation and is already being validated by builders in the space.

1 mentions1 sources
S6.1L8
Marketing & Growth · Advertising & Paid Media

Angi/HomeAdvisor sells low-quality leads with predatory cancellation fees to contractors

Contractors on Angi/HomeAdvisor receive leads where the majority are unresponsive or irrelevant to their services, yet cancellation requires paying large fees regardless of lead quality. The platform systematically profits from contractor frustration without accountability.

3 mentions1 sources
S6.1L8
Marketing & Growth · Lead Generation

Bank automated fraud systems freeze accounts with no human override capability

Chase's Zelle fraud detection flagged routine family transfers, froze the customer's online access, and provided no mechanism for human agents to override the automated decision. Agents gave conflicting explanations and two hung up. The automated system operates outside human accountability — once flagged, customers have no escalation path that can actually unfreeze the account.

3 mentions1 sources
S6.1L8
Industry Verticals · FinTech & Banking

Bank Impersonation Scams Exploit Zelle for Irreversible Fund Theft

Fraudsters impersonating bank fraud departments instruct consumers to make Zelle transfers to recover allegedly stolen funds, causing the actual theft. Banks refuse to reverse these payments despite clear evidence of social engineering. The combination of real-time payment finality and inadequate bank fraud detection creates an unaddressed consumer protection gap.

2 mentions1 sources
S6.0L8
Security & Compliance · Fraud Prevention

AI systems leak user data through indirect prompt injection

LLM-integrated applications can expose user data to third parties even when users provide no malicious input, due to prompt injection via untrusted content or model memorization. This is a structural vulnerability in how AI is embedded in SaaS products. Every team deploying LLMs without robust output filtering is at risk.

1 mentions1 sources
S6.0L8
Security & Compliance · Data Privacy

SaaS In-App Chatbots Answer Questions But Cannot Complete Workflows

Users get lost in complex SaaS products and existing chatbot support can only explain what to do, not do it for them. Navigating settings, completing integrations, and resuming interrupted workflows requires the user to still act — the bot just narrates. An agent that directly operates the application interface would eliminate the last-mile gap between instruction and execution.

1 mentions1 sources
S6.0L8
Customer Experience · Chatbots & AI Support

PII Leaks to External LLM APIs in Production Apps

Developers building LLM-powered products inadvertently send personally identifiable information to third-party model APIs, creating GDPR, HIPAA, and SOC 2 compliance exposure. There is no lightweight, easy-to-integrate layer that masks PII before requests leave the application boundary. The gap affects every team using LLM APIs with real user data.

1 mentions1 sources
S6.0L8
Security & Compliance · Data Privacy

Lenders Continuing Unauthorized ACH Withdrawals After Cancellation

Predatory lenders continue debiting consumer bank accounts via ACH after customers have explicitly revoked authorization and cancelled subscriptions. Banks lack consumer-accessible controls to block specific payees from initiating ACH debits. The asymmetry between how easily merchants can initiate ACH and how difficult it is for consumers to stop unauthorized withdrawals is a structural exploitation vector.

5 mentions1 sources
S6.0L8
Consumer & Lifestyle · Personal Finance

Safety-Critical Professionals Cannot Search Large Technical Manuals Under Time Pressure

Pilots, engineers, and technicians must locate precise data buried in 600-page PDFs during time-sensitive workflows, but manual searching is slow and cloud AI tools require uploading sensitive or classified documents. The need for fast, accurate, offline document querying is unmet by current tools.

1 mentions1 sources
S6.0L8
Productivity · Knowledge Management

OpenTelemetry SaaS Ingestion Costs Are Unsustainable for High-Volume Data

Teams using OpenTelemetry must ship all telemetry to cloud vendors to make it searchable, incurring massive ingestion and storage costs for low-value noise data. There is no practical way to filter or sample data at the source before it leaves the cluster without building custom infrastructure. This forces teams into a choice between paying for useless data or losing observability coverage.

1 mentions1 sources
S6.0L8
Data & Infrastructure · Observability & Monitoring

Coding Agents Have No Dedicated Persistent VM Infrastructure for Remote Execution

AI coding agents like Claude Code currently run on developers' local machines, consuming resources, lacking remote monitoring, and resetting state between sessions. There is no purpose-built cloud VM infrastructure that keeps a coding agent environment always-ready and accessible from any device. This is a structural gap that limits the practical usability of coding agents for long-running autonomous tasks.

1 mentions1 sources
S6.0L8
Developer Tools · AI & Machine Learning

Database Migration Index Locks Cause Production Outages Without CI Safeguards

Adding an index to a large production table without CONCURRENTLY locks the table and can take down an entire application for 20+ minutes. Neither code review nor CI pipelines reliably catch dangerous migration patterns before they ship. Teams lack automated tooling to flag unsafe SQL migration operations in their deployment pipeline.

1 mentions1 sources
S6.0L8
Developer Tools · DevOps & Infrastructure

AI Coding Assistants Cannot Debug Production Issues Without Runtime Data

AI coding assistants generate plausible-looking fixes for production bugs but lack access to runtime telemetry, request/response data, and cross-service trace correlation. This gap means AI-generated PRs regularly fail in production because the underlying data they reason over is sampled, aggregated, and incomplete. Engineering teams lose confidence in AI assistance for the highest-value debugging work.

1 mentions1 sources
S6.0L8
Developer Tools · AI & Machine Learning

Founders Manually Completing Enterprise Security Questionnaires and Subprocessor Requests

Early-stage founders selling into enterprise accounts face repetitive, time-consuming security questionnaires and subprocessor documentation requests. No streamlined tooling automates responses across vendors. Delays deals and diverts founder time from product work.

1 mentions1 sources
S6.0L8
Business Operations · Legal & Compliance

Stainless SDK Generator Shutdown Leaves Production OpenAPI SDKs Without Maintainer

Anthropic's acquisition of Stainless has shut down the SDK generation service, orphaning production SDKs built from OpenAPI specs with no replacement tooling announced. Development teams must urgently find, migrate to, or build an alternative before September or absorb full SDK maintenance burden internally.

1 mentions1 sources
S6.0L8
Developer Tools · APIs & Integrations

Phone Impersonation Scams Trick Customers Into Moving Funds

Fraudsters posing as bank security representatives convinced a customer to transfer funds to a "secure account" after a fake fraud alert text. The bank lacks sufficient real-time intervention to stop social engineering attacks. This growing fraud vector requires better customer verification and real-time scam detection.

2 mentions1 sources
S6.0L8
Security & Compliance · Fraud Prevention

AI Sales Agents Lose Customer Context Between Conversations With No Persistent Memory

AI sales agents start each customer interaction from scratch, unable to reference previous conversations, expressed preferences, or relationship history. This forces customers to repeat context and prevents the kind of personalized engagement that drives conversion. As AI agents take on more customer-facing roles, the absence of persistent memory is a fundamental capability gap that undermines their value proposition.

1 mentions1 sources
S6.0L8
Developer Tools · AI & Machine Learning

Brands Have No Visibility Into How AI Platforms Describe and Recommend Them

As millions of users shift purchase and decision queries to AI systems like ChatGPT, Perplexity, and Claude, brands have no mechanism to monitor, understand, or influence how these platforms describe them. Unlike traditional search where rankings are visible and measurable, AI platform brand representation is opaque. This is a growing blind spot with direct revenue and reputation implications for businesses.

1 mentions1 sources
S6.0L8
Marketing & Growth · Analytics & Attribution