[milch]

To be fair here if you look at their "supporting evidence" most of it is pointing at markdown formatting. Some of the other things it points to are also just common in human writing, though the overuse leans more towards coming from an LLM, e.g. two instances of groups of three back to back with inconsistent use of the Oxford comma:

> If you're building a web app, a mobile app, or a first-party API: JWT is the wrong default and you should stop reaching for it. A row in Postgres with a bearer token in front of it is faster, simpler and strictly more secure.

[Tiberium]

Supporting evidence isn't what makes Pangram mark something as AI-generated, though. And I did call out that in my post specifically. But the post is still 100% generated, it has a distinct Claude-adjacent LLM style.

Some of the extremely obvious examples:

> The pitch is: the server signs it, the client carries it, every subsequent request only needs a signature verification — no database round-trip.

> You can't. That's the answer. The token is valid until it expires, full stop.

> A single opaque token, looked up in Redis with Postgres as the backing store, gives you the same security in one line of middleware. No refresh. No second token. No retry loop. Nothing.

> With opaque tokens this is just… how it works. No mismatch, no hidden tax, no "did they implement the checks correctly" question to lose sleep over.