This is one of the things I talk about when people ask what the difference is between junior and senior developers.
A lot of security is just box-checking. A lot of it is hypothetical and relies on attackers exploiting a chain of multiple bugs that they probably won’t ever find…. But you still gotta fix it.
There’s no point in being so proud of your code and dismissing security concerns because you’re arrogant enough to think it can’t happen to you. Just learn to fix it and move on with your life.
Looks like lots of people’s year end bonuses were contingent on them releasing something related to AI by the end of the year.