bug-bounty564
xss384
exploit267
google211
rce198
facebook165
microsoft142
writeup133
web3125
open-source91
csrf90
cve87
apple85
malware80
account-takeover80
browser80
sqli67
ai-agents63
ssrf57
dos47
tool46
oauth45
privacy44
pentest44
ctf44
lfi41
supply-chain40
idor40
privilege-escalation40
reverse-engineering37
llm37
phishing36
aws36
opinion35
node35
cors34
auth-bypass34
automation33
react33
cloud33
cloudflare32
race-condition32
machine-learning32
infrastructure31
code-generation31
clickjacking31
access-control27
subdomain-takeover26
wordpress25
docker25
0
8/10
Study of race condition vulnerabilities in code generated by 10 major LLMs across 50 generation attempts, revealing that all models produce vulnerable check-call-deduct patterns that allow users to overdraw credits via concurrent API requests (TOCTOU attacks). While models can identify these vulnerabilities when asked to audit code, they fail to generate secure implementations without explicit prompting, despite having the knowledge embedded in their training data.
race-condition
toctou
llm-security
code-generation
denial-of-wallet
concurrency
api-security
credit-system
atomic-operations
llm-vulnerability
ai-app-security
GPT-5.4
GPT-5-Codex
Claude Opus 4.6
Claude Sonnet 4.6
Gemini 3 Pro
Gemini 3 Flash
Grok Code Fast 1
Devstral
DeepSeek R1
Llama 4 Maverick
OpenAI
Anthropic
Google
Tyler Batten