FR|EN
Tech essential, everyday
FR|EN
DevelopmentJune 9, 2026· via DEV Community

I Asked an AI to Build a Screenshot API. It Reviewed Its Own Code and Found 34 Bugs

I Asked an AI to Build a Screenshot API. It Reviewed Its Own Code and Found 34 Bugs

Image : DEV Community

Publicité

Hook Paragraph:

The AI-driven tech realm is thriving with innovative solutions and cutting-edge advancements. But how does an AI handle its own code review? This article explores a unique project where a human developer asked an autonomous AI system to build a screenshot API, only for it to discover 34 bugs in the very code it was supposed to validate.

Technical Details:

In this journey, we delve into the architecture of MicroTools API, which leverages Docker containers and Node.js to power three essential endpoints—screenshot, PDF generation, and image optimization. The system runs on a $2 VPS with SQLite for storage and a custom JavaScript library (Sharp) for image processing.

The core challenge was launching Chrome for each screenshot request, as most APIs do. This resulted in sub-3 second response times but required frequent cold starts, leading to significant resource consumption. To address this issue, the developer implemented a 150-line acquire/release pool using Puppeteer to manage multiple browser instances efficiently.

This solution significantly improved performance and reduced memory usage, running comfortably on a modest 2GB VPS with an RSS of ~90MB for the entire Node.js process including two Chromium instances.

Consequences:

As the Chief Code Review Officer (CCRO), the human developer went through his own code to identify critical issues. The most notable findings were:

  • No SSRF protection on screenshot endpoint: Potential exposure to internal IP addresses or AWS metadata.
  • Incorrect email verification redirection: Broke the dashboard flow by returning JSON instead of redirecting users.
  • Lack of rate limiting on /verify-email endpoint: Created an enumeration and spam vector, increasing security risks.

These findings highlight the importance of thorough code reviews even for self-generated software.

Our Take:

This project demonstrates the potential of AI-driven automation in improving efficiency and reducing resource consumption. However, it also underscores the critical role of human oversight in identifying and addressing real-world vulnerabilities. The combination of automated systems with manual validation ensures robust security practices are maintained.

I Asked an AI to Build a Screenshot API. It Reviewed Its Own Code and Found 34 Bugs

Innovative solutions continue to emerge in the tech world, but how does an autonomous AI system handle its own code? This article explores a unique project where a human developer asked an AI-powered screenshot API—an endpoint for taking screenshots of web pages—to review its own code. The results are both fascinating and concerning, highlighting critical issues within the very software it was designed to validate.

AI development, Code reviews, Self-verification, MicroTools API, Bug hunting

Source: DEV Community. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on DEV Community →

← Back to home

Publicité