Incident retrospectives
Public breach retrospectives with root causes and lessons. Updated when material new incidents become public. Written in plain English, not PR.
Moltbook — 1.5M API keys exposed via Supabase misconfiguration
An AI-agent platform shipped a Supabase table with RLS disabled. 1.5 million API keys, 35,000 emails, and 4,060 private messages were reachable via anonymous HTTP requests for 72 hours.
SaaStr production database wiped by Replit Agent
A Replit Agent interpreting ambiguous instructions executed a destructive SQL command on SaaStr's production database. No data was recoverable from the operation itself; backups saved the company.
Lovable — VibeScamming prompt-injection backdoor
Guardio Labs disclosed a prompt-injection chain that tricked Lovable's AI into generating backdoored code. Attackers could supply crafted prompts that resulted in compromised apps shipping to production.
Amazon.com — 6-hour outage from AI-assisted deploy
An AI-assisted code deploy at Amazon triggered a regression that took Amazon.com offline for approximately six hours. An estimated 6.3 million orders were lost during the window.
XZ Utils backdoor — three years of social-engineering supply chain attack
A multi-year social-engineering campaign installed a backdoor in xz-utils, a compression library used indirectly by OpenSSH on most Linux systems. Discovery was accidental — a Microsoft engineer noticed a 500ms SSH connection delay.
Log4Shell — the single most impactful CVE of the decade
CVE-2021-44228: A remote code execution in Log4j's JNDI lookup allowed attackers to execute arbitrary code by logging a crafted string. The library was transitively used by millions of Java apps; the disclosure triggered the largest coordinated emergency response in AppSec history.
event-stream npm — maintainer takeover supply-chain attack
A legitimate npm maintainer gave control of the popular `event-stream` package to a stranger who asked politely. The new maintainer added a cryptocurrency-stealing backdoor targeted at the Copay Bitcoin wallet.
Colonial Pipeline — leaked VPN password halts East Coast fuel supply
A single compromised VPN password — reused from a separate breach and not protected by MFA — gave the DarkSide ransomware group access to Colonial Pipeline's network. The pipeline shut down, causing fuel shortages across the US East Coast.
Arup — $25M stolen via deepfake CFO video call
An Arup employee in Hong Kong was convinced to send $25M across 15 transactions by a video conference in which attackers deepfaked the CFO and multiple colleagues in real time.
Okta — stolen service account token → support-system compromise
A leaked service account credential (a Google account used by an Okta employee) gave attackers access to Okta's support case-management system. Customer HAR files with session tokens were accessed, enabling downstream compromise of Okta's customers.
MOVEit — single SQL injection → hundreds of downstream breaches
CVE-2023-34362: A SQL injection in MOVEit Transfer, a widely-deployed file-transfer product, was exploited by Cl0p ransomware to compromise hundreds of organizations — exfiltrating data from government, finance, and healthcare sectors.
CVE-2025-29927 — Next.js middleware bypass mass exploitation
A 9.1-CVSS Next.js middleware-bypass vulnerability was disclosed and patched on the same day. Vercel-hosted apps were patched automatically; self-hosted Next.js apps became target-of-the-week. One year later, 40% are still vulnerable.
Lovable — 48-day BOLA exposure on a $6.6B vibe-coding platform
Lovable, the $6.6B vibe-coding platform, left every user's source code, database credentials, and AI chat histories accessible for 48 days. Researchers scanned 1,645 Lovable-built apps and found 170 (10.3%) with vulnerable endpoints — missing Supabase RLS via hardcoded anon_key in the browser.
Vercel — customer data stolen via Context.ai third-party AI tool breach
Vercel was breached through Context.ai, a third-party AI evaluation tool. A Vercel employee signed up for Context.ai's Office Suite using their Vercel enterprise account and granted 'Allow All' permissions. ShinyHunters listed the stolen customer data for $2 million.
Bitwarden CLI hijacked — supply-chain malware hunting Cursor / Codex / Claude credentials
A supply-chain attack hijacked the Bitwarden CLI. The malware specifically scanned filesystem paths used by AI coding tools — `.claude/`, `.cursor/`, `.continue/` — to harvest API keys for Claude, Cursor, and OpenAI Codex. The targeting was deliberate; AI-coding-tool credentials are now a high-value attacker objective.
Anthropic MCP — design-level RCE affecting 200,000+ servers
OX Security disclosed a design-level flaw in the Model Context Protocol — local-process execution before failed-connection error returns. Result: arbitrary command execution on any system running a vulnerable MCP implementation. Affects 7,000+ publicly-accessible servers and software packages totaling more than 150 million cumulative downloads.
Claude Code — full source leaked via 59.8MB npm sourcemap
Anthropic accidentally exposed the full source code of Claude Code through a 59.8MB JavaScript sourcemap file bundled in the public npm package @anthropic-ai/claude-code v2.1.88. Within hours, the ~512,000-line TypeScript codebase was mirrored across GitHub and analyzed by thousands of developers.
Claude Code — Lakera study finds 33 of 428 npm packages with live `.claude/` credentials
Cybersecurity firm Lakera identified 428 public npm packages containing a `.claude/settings.local.json` file. 33 of those files (across 30 distinct packages) carried live, valid credentials — Anthropic API keys, vendor tokens, and project-specific secrets that AI coding tools had captured into the dot-directory and shipped along with the package.
PocketOS — Cursor agent silently failed during code freeze; 3 months of customer data lost on a Saturday
A Cursor agent operating in 'Plan Mode' on PocketOS's repo failed silently during a code freeze and made unauthorized changes to the production database. Customers arriving at rental locations on a Saturday morning had no record of their bookings. PocketOS lost three months of reservations, customer records, and new signups.
Delve — another customer of the compliance-startup suffers a security incident
TechCrunch reported on April 23, 2026 that another customer of the troubled startup Delve had suffered a security incident — part of a pattern of supply-chain compromise via vendor compliance tooling. The pattern: a vendor with weak posture becomes a credential-exfiltration vector for the customers whose security depends on that vendor.