In October, a security researcher reported two vulnerabilities in Okta's auth0/nextjs-auth0 project. One of these issues involved oauth parameter injection, which could allow attackers to misuse tokens and leak sensitive data. The researcher submitted a straightforward patch to address the problem but faced unexpected issues with attribution when the maintainer closed the pull request. The maintainer cited another pull request that supposedly superseded the researcher’s contribution, but the researcher pointed out that their name and email were not included in the new commit. The situation escalated when it became clear that the maintainer had used AI tools, like GitHub Copilot, to generate the commit and even the apology for the attribution error. The researcher expressed frustration, noting that the AI-generated commit incorrectly replaced their details with a seemingly fictitious email address linked to an unknown individual. Despite the maintainer’s acknowledgment of the error, they stated that they couldn’t change the commit history, raising concerns about copyright infringement. The article emphasizes the absurdity of the situation, including the maintainer's reliance on AI for both coding and communication, leading to significant errors. The researcher also highlighted Okta's unresponsive stance on security issues, suggesting that their security team required video proof of exploitation to acknowledge vulnerabilities. This incident sheds light on deeper issues regarding AI’s reliability in software development and the challenges faced when reporting security vulnerabilities, particularly in large organizations like Okta.