The author reports a security vulnerability in Okta's nextjs-auth0 project and submits a patch, but the contribution is misattributed to another developer. Despite raising concerns, the maintainer acknowledges using AI for the commit, resulting in confusion and unresolved issues around proper credit. The author questions the reliability of AI tools and raises concerns about Okta's response to security vulnerabilities.