I built a vulnerable app and spent $1,500 seeing if LLMs could hack it
Summary
The article documents a security research experiment where the author built a vulnerable React Native/ FastAPI app and used various LLMs to identify an exploit path that leverages Firebase permissions. It highlights broken access control and missing object-level authorization as common weaknesses, compares model costs and capabilities, and invites audits of client apps.