Comment by amaldavid

Well, when i meant "personally" not in the app I manage. I have a quirk of checking sites to understand what they are using and how they are using and have stumbled upon sites with exposed Gemini, Google Maps, OpenAI keys etc.

https://news.ycombinator.com/item?id=45741569 - It was also partly inspired by this as I have seen legacy sites making these mistakes quite often.

With all the vibe coded apps that are getting launched or were launched early, there are enough holes to plug. This is just an attempt to help individuals or orgs to ensure they are not exposed. Just pushed it out what I had in mind based on my experience.

And I agree with you that an adversary approach won't work if we can't fix the underlying problem but the world has changed with enough vibe coded apps that are getting shipped everyday and very little of them care or know about security.