I decided today to take a look at CloudFlare's new OAuth provider library, which they apparently coded almost entirely with Anthropic's Claude LLM: This library (including the schema documentation) was largely written with the help of Claude, the AI model by Anthropic. Claude's output was thoroughly reviewed by Cloudflare engineers with careful attention paid to security…

NeilMadden's blog is a resource for developers and software engineers seeking to enhance the security and efficiency of their programs. Covering topics such as secure coding practices, encryption techniques, and vulnerability management strategies, it offers practical insights and actionable advice to mitigate security risks effectively. Through detailed tutorials, code examples, and expert commentary, the blog equips its audience with the knowledge and tools needed to build robust and resilient software solutions in today's digital landscape.

Neil Madden

Security expert Neil Madden analyzes CloudFlare's OAuth provider library that was largely coded using Anthropic's Claude AI. While initially impressed by the code structure, he identifies several security issues including overly permissive CORS headers, missing security headers, incorrect Basic auth implementation, and biased token generation. The analysis reveals that despite claims of thorough review, the AI-generated code contains classic OAuth implementation bugs that experienced developers missed. Madden concludes that while LLMs can produce decent code under tight control, critical authentication systems require more careful attention and expertise than this implementation received.

A look at CloudFlare’s AI-coded OAuth library