[cobertos]

Is this the new norm for trying to make software projects in the wild?

The 14000 sends over 3 hours (< 1/s) makes it sound more-than-human speed. E.g. automated.

Wondering if LLM-assisted vulnerability hunting will lead to the same gains in scale for bad actors wanting to find spammable channels in applications. The barrier to entry becomes so much greater because any small project, once found, can be wrung dry of all its trust signals by third parties

[titularcomment]

Abuse such as this wasn't uncommon before, email platforms with lax ratelimits have always been abused through their clients' unsecured infrastructure. The only difference in post-LLM world is the amount of platforms as well as clients popping up in this space with dubious code quality that may lead to more attacks as;

a) having an email-sending product typically meant you had a project with a lot of effort invested into it as well as knowledge

b) the models, tokens spent and review done differs in the world of vibecoding and there is a race to the bottom to produce, produce, produce. Quantity > quality

[mapmeld]

If you have a website somewhere with an unrestricted comment box, it gets spammed. That doesn't take a special AI, because for years there have been script kiddies scanning new domains, IP addresses on AWS, common wp-admin URLs, etc.