Property-Based Testing Caught a Security Bug I Never Would Have Found

An AI-assisted dev used property-based testing—random inputs to stress-test code—and on run #75, a bizarre provider name, "proto", blew up a simple save-and-read flow in a chat app’s storage. The post says it’s not a live exploit, but a real "gotcha" that could cause subtle errors later. Cue the crowd: one camp is cackling that this is a classic JavaScript landmine, the kind you only find when you poke the edges. Another camp is rolling its eyes at the drama. As commenter mananaysiempre snarked, "obj[key] with user-controlled key == 'proto' is the gift that keeps on giving"—then joked the tool both writes the bug and writes the test to catch it. Mhitza chimed in that, yes, the test did its job, but questioned whether the "random" strings secretly include known troublemakers, and whether calling it a vulnerability is a stretch. Sublinear went full "so what?" saying there’s no actual hack here and web devs already know this trap. Meanwhile, philipwhiuk side-eyed the claim that devs assume AI handles edge cases with a simple: "Do we?" The memes flew: "proto-pocalypse," "round-trip to nowhere," and "75 tries to meet your villain." Whether you think it’s a scare or a savior, the takeaway is simple: test weird inputs, especially if AI wrote your code, because the internet definitely will find them.