This is just embarrassing. It doesn’t even really qualify as a security vulnerability, more like a fatal flaw in the system’s design. I can see why the team pushed back on fixing it, seems like a massive pain.
It feels like something that would happen if you outsourced planning to an LLM.
While I completely appreciate the final sentence, the article clearly describes the probable escalation, exposure of confidential information, and other security issues created through the decisions of Google.