How to report a vulnerability when AI answers the company email?

Question

I noticed a vibe coded app exposes user chats and details about the user identities. The app user base is growing. The issue would be fast to fix as doesn't require an exploit, it's just a dumb AI coded mistake.I emailed them, but AI responds saying it will raise it internally and when DM'ing the team on X I got no response.The AI that responded to my email has not fixed it.What should I do?Do I send the AI an email saying, you have 30 days until I make it public? That doesn't seem right if I don't know the AI actually gets it in front of a human.If I posted it here it would get fixed very quickly but I would like to try to do it responsibly.I can't be the only one who found this given how obvious it is so failing to get the message to them quickly is also a problem.

chrisjj · Accepted Answer

> Do I send the AI an email saying, you have 30 days until I make it public?
No. Since "AI"s work faster, give it 7 days.
> That doesn't seem right if I don't know the AI actually gets it in front of a human.
Is there a human?

How to report a vulnerability when AI answers the company email?

> Do I send the AI an email saying, you have 30 days until I make it public?No. Since "AI"s work faster, give it 7 days.> That doesn't seem right if I don't know the AI actually gets it in front of a human.Is there a human?

> Do I send the AI an email saying, you have 30 days until I make it public?
No. Since "AI"s work faster, give it 7 days.
> That doesn't seem right if I don't know the AI actually gets it in front of a human.
Is there a human?