90-Day Disclosure Is Breaking Under AI-Speed Exploits

AI has compressed rediscovery and exploit creation enough that fixed 90-day disclosure windows no longer protect slow patching. If your app touches payments, shorten fix cycles and treat frontend patch diffs as attacker documentation.

[ KEY POINTS ]

A critical payment-validation bug was independently reported by 11 people in 6 weeks, which means dangerous flaws now get rediscovered in parallel, fast.
A React patch diff was turned into a working exploit in 30 minutes with AI help, so shipping partial client-side fixes buys very little time.
The old 90-day norm assumed slower analysis and exploit development; that assumption no longer holds for high-value SaaS surfaces like checkout flows.
Payment logic needs server-side enforcement and rapid rollout paths, because once a patch lands, attackers can reverse the fix almost immediately.

Originalnews.hada.io/topic?id=29383Read original →

// related

#0001
#0001Infra & SaaS RevenueCat Blog24 hours ago
`RevenueCat` Adds Flexible Discounts for Web Billing
60radar
RevenueCatSubscription billing infra — unified app and web subscriptions
Web subscriptions can now use percentage discounts, promo codes, and win-back offers. Useful for churn recovery and price testing without wiring discount logic yourself.
- Percentage-off discounts and promo codes now apply to RevenueCat web subscribers, reducing custom billing work.
- Win-back offers target cancelled or lapsed users. That gives churn recovery a built-in path instead of ad hoc email-only campaigns.
- The scope is web billing, not App Store pricing. Best fit is a paid web checkout where discount tests can move quickly.
Source: www.revenuecat.com/blog/company/flexible-discounts-web-bRead original →
FIG-0011:1
60radar
FIG-0011:1
#0002
#0002Infra & SaaS GeekNews3 days ago
`Stripe Link CLI` Lets AI Agents Pay on a User's Behalf
70radar
Stripe Link CLIPayment CLI — one-time credentials from a Link wallet
Agents can receive one-time payment credentials from a Link wallet without storing raw card data. Useful for agentic commerce experiments; production value depends on merchant support.
- Issues one-time credentials from a Link wallet, so agents can complete purchases without keeping actual card details.
- Supports two credential types: broadly usable virtual card PAN and an S... option based on Machine Payment Protocols.
- This is payment infrastructure, not just automation. It opens tests for delegated checkout, procurement bots, and agent-run SaaS workflows.
Source: news.hada.io/topic?id=29579Read original →
FIG-0021:1
70radar
FIG-0021:1
#0003
#0003Infra & SaaS vercel_blog5 days ago
`AI Gateway` adds request-time provider ranking controls
80radar
AI GatewayAI routing service — failover across model providers
Routing can now optimize on price, first-token latency, or throughput at request time instead of Vercel's blended default. Useful when one model has many providers and the cheapest or fastest route materially changes margin or UX.
- Set sort on providerOptions.gateway to 'cost', 'ttft', or 'tps' depending on whether margin, snappiness, or long-output speed matters most.
- Ranking is computed at request time, so newly added providers, price changes, and observed latency shifts flow through without code changes.
- Fallback is strict: providers are attempted in sorted order, and the next one is used only if the higher-ranked provider is unavailable.
- sort works with Zero Data Retention filtering and with order; pinned providers stay first, then the rest follow the chosen ranking.
- Each response exposes routing metadata with a sort block showing candidates, metric values, attempt order, and health-based deprioritization for debugging.
Source: vercel.com/changelog/sort-providers-by-cost-latency-or-tRead original →
FIG-0031:1
80radar
FIG-0031:1

90-Day Disclosure Is Breaking Under AI-Speed Exploits

// related

`RevenueCat` Adds Flexible Discounts for Web Billing

`Stripe Link CLI` Lets AI Agents Pay on a User's Behalf

`AI Gateway` adds request-time provider ranking controls