Your app trusts a lot of things it did not write. A package from npm. A webhook from Stripe. An update that auto-installs from a CDN. Each of those is a pipe into your server. The question nobody asks is whether the pipe has a valve on it.
Software and data integrity failures happen when your app trusts code or data it cannot verify came from the right place. Unsigned updates, unverified webhooks, insecure deserialization, CI pipelines that install whatever the registry serves. The pattern is always the same — a channel you trusted turns out to have no lock on it.
What your AI actually built
You asked for a Stripe webhook handler, and the model wrote one. It parses the JSON body, reads the event type, marks the order as paid, and sends the receipt. It works the first time you test it. You ship it.
What it skipped was the signature check. Stripe signs every webhook with a secret only you and Stripe share — and the handler is supposed to verify that signature before trusting a single byte. Without it, anyone who finds the endpoint can POST their own fake 'payment succeeded' event.
The same shape appears everywhere. A deploy script that curls a tarball and runs it unsigned. A plugin loader that eval's remote JavaScript. A CI step that installs from a typo-squatted package. The code does what you asked. It just trusts an input it has no business trusting.
How it gets exploited
The attacker finds your Stripe webhook URL in a network tab or a leaked .env. The handler is live.