We planted a Descope privilege-escalation bug — can your coding agent catch it?
FetchSandbox open-sourced a repository containing intentionally planted security bugs, including a privilege-escalation flaw in a Descope-based agent authentication gateway. The bug allows a read-only agent key to reques…