limor & i posted a statement last night (below). as you have seen, anyone can tag/email the founder of flux ai, the board member (8vc), and the board member/vc and ask them to reach out to limor if they want to go on a pod' or resolve this openly together to set a good example on a dispute. if the most powerful people in the world with all the resources and advice (fenwick) cannot talk, and solve this, who can?
On Responsible Security Disclosures and Free Speech
Adafruit has worked with our longtime employment firm and team to make sure there is indemnification for all employees and contractors reporting responsible security disclosures at Adafruit. This is not any different… it only makes it more clear that the bad actors and companies that try to use responsible disclosure as a way to chill free speech will not stop us from publishing facts, or even the answers to an interview with a startup that makes lots of questionable claims.
So the big bad "significant security vulnerability" Adafruit just had to let everyone know is a public Firebase API Key without realizing these are more often than not intended to be public and didn't bother taking 10 seconds to Google it. They also claim Flux's "6.4 million projects" number is "substantially inflated" when the only thing they know is that the number hasn't changed in a few months. Maybe it's true they haven't updated it because it has shrunk, but where is the evidence it is "substantially" wrong? Adafruit points to the number's static HTML as the smoking gun that it is knowingly falsified without understanding the site uses Next.js and server-side rendering.
Obviously sending a cease and desist letter about making a dumb security vulnerability disclosure is wrong, and their counsel is stupid for making CFAA claims about this. At the same time, Adafruit can't clutch their pearls about an ignorant lawyer when they are also guilty of being ignorant here.
Both sides are jerks here, which seems to be typical of the stupid spats ptorrone starts with others online, threatening Adafruit's good reputation for the benefit of their ego.
On Responsible Security Disclosures and Free Speech
Adafruit has worked with our longtime employment firm and team to make sure there is indemnification for all employees and contractors reporting responsible security disclosures at Adafruit. This is not any different… it only makes it more clear that the bad actors and companies that try to use responsible disclosure as a way to chill free speech will not stop us from publishing facts, or even the answers to an interview with a startup that makes lots of questionable claims.
–Ladyada, pt – Adafruit, June 9, 2026
https://adafruit.com/flux