Most AI-generated APIs aren't broken because the code is wrong. They're broken because the code is missing a single line — the one that asks 'is this actually your data?' The route works perfectly for the user who built the app. Then a second user shows up.
Access control decides who is allowed to do what. Broken access control means the rules are missing or wrong — usually missing entirely on a route that 'works' because the only person who tested it was the owner. Every other user gets the same answer the owner did.
What your AI actually built
You asked for a CRUD API for invoices, orders, profiles, projects — pick one. The model gave you exactly that. A clean route that fetches a record by id and returns it as JSON. Tested it, worked, shipped it.
What it didn't give you was the ownership check. The route happily returns the row whether the requester owns it or not, because nothing in the prompt said 'and only let the right user read it.' That's not a code bug. That's a missing requirement the model couldn't infer.
On Supabase apps, the same pattern shows up as a missing Row Level Security policy. The table is created, the policy slot is empty, and every authenticated user can read every row. Same bug, different layer.
How it gets exploited
Two accounts. The attacker signs up like a normal user, then opens the network tab.