bug-bounty554
xss360
exploit258
google242
rce207
facebook181
microsoft166
malware138
web3127
cve117
writeup111
apple95
open-source91
csrf88
account-takeover83
browser75
sqli69
phishing67
dos63
ai-agents63
reverse-engineering55
supply-chain55
privilege-escalation54
ssrf51
cloudflare50
pentest49
tool46
privacy44
oauth44
auth-bypass44
idor43
aws41
cloud40
ctf38
node37
llm37
race-condition36
opinion35
lfi34
automation33
machine-learning32
infrastructure31
code-generation31
clickjacking30
cors30
react29
subdomain-takeover27
access-control27
info-disclosure27
rust24
0
8/10
LLMs consistently generate vulnerable TOCTOU race conditions in credit-gated AI APIs, allowing users to bypass balance checks through concurrent requests—a pattern that appears in 100% of tested code generation attempts but is correctly identified 98% of the time during security audits. The vulnerability exploits the time gap between balance verification and API call completion, enabling attackers to perform denial-of-wallet attacks with minimal sophistication.
race-condition
toctou
llm-security
code-generation
api-abuse
denial-of-wallet
concurrent-requests
credit-system
saas-security
cost-control
vulnerability-class
GPT-5.4
GPT-5-Codex
Claude Opus 4.6
Claude Sonnet 4.6
Gemini 3 Pro
Gemini 3 Flash
Grok Code Fast 1
Mistral AI Devstral
DeepSeek R1
Llama 4 Maverick
OpenAI
Anthropic
Google
Tyler Batten