alt Hacker NewsI mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?
"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".
You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.
But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.
This is where my mind went.
A curious person or two poking around is one thing.
A few hundred, or thousands, of "AI enthusiasts," or however you'd like to imagine OpenClaw users, could likely approach the scale of "a problem."