Every product has a flow that is expensive when a human uses it and catastrophic when a script does. Signup. Checkout. Referral codes. Comment posting. The route is not broken. It is just willing to run a million times in a row.
A sensitive business flow is any route whose value does not scale with how many times it is called. Signup, checkout, referral redemption, ticket purchase, comment posting. Unrestricted access means nothing stops a single actor from running it ten thousand times in a row while the system thinks everything is fine.
What your AI actually built
You asked for a signup route. A referral bonus. A 'claim your free trial' button. The model built exactly what you described — a clean handler that validates input and writes a row.
What it did not build was the business rule around it. Nothing says 'one signup per phone number per day,' or 'at most three referral redemptions from the same device,' or 'a real human does not claim 2,000 promo codes in a minute.' Those are product rules, and the prompt never mentioned them.
So the route is correct and the feature is broken. The first bot to find it takes every free credit, every referral bonus, every seat in the launch queue — and the logs look like healthy traffic.
How it gets exploited
A new app ships a 'invite a friend, both get $10 in credits' referral flow. The attacker notices.