1. Major AI Clients Including Claude, Cursor, Amazon Q Ship With Broken OAuth Implementations
A systematic security failure is spreading across the AI client ecosystem. The majority of widely deployed AI tools—including Claude Code, Claude Desktop, Cursor, LibreChat, and Amazon Q CLI—are shipping without proper OAuth refresh-token flow implementations, forcing developers to fall back to long-lived access tokens...