Your mobile app looks locked down. The buttons only show what the user is allowed to see. But the API underneath doesn't know that — it just answers whatever comes in. An attacker skips the app entirely and talks to the API directly, one object ID at a time.
BOLA is the API twin of IDOR. Every API endpoint that fetches an object by ID has to ask two questions: does this caller have a session, and does this specific object belong to them? Most generated APIs only ask the first. The second is the authorization the attacker walks through.
What your AI actually built
You asked for a mobile backend, a GraphQL layer, or a REST API to power a SPA. The model delivered a clean set of resource routes: GET /api/orders/{id}, GET /api/documents/{id}, and a tidy GraphQL node(id:) resolver that looks up anything by global ID.
The UI only ever calls those endpoints with IDs the current user owns, so during testing everything behaves. You never saw the shape of the bug because you never typed another user's ID into a URL.
The API itself has no idea which objects belong to which account. Ownership isn't enforced at the resolver, the route, or the database. The ID is the entire authorization.
How it gets exploited
An attacker installs the mobile app, creates a real account, and points it at a local proxy like mitmproxy or Burp.