Somehow in Google search one of the unguessable pages is indexed. We have used Claude and Gemini to assist with some design aspects.
I'm thinking some aggressive data ingestion/indexing is happening by all the bots in the quest for frontier models.
[1] https://developers.cloudflare.com/cache/advanced-configurati...
Especially if you have autocomplete-while-searching type of features on.
If you don't use wildcard certs all of your subdomains can be scraped from the certificate transparency logs. Additionally, any domain+cert using HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.
But I think the other explanations take care of pages: cloudflare hints, chrome reporting addresses visited, etc.
This is on the devs and feels like a very basic leak which could have exploited in the non LLM world as well.
Imagine a private individual just scraped the website (or simply clicked 'view source') for no reason in particular and then told people about it... They'd be labeled an uber-haxxor, face a civil lawsuit asking for ridiculous damages while being threatened with a prison sentence over CFAA violations. Hell, that might even drive some people to suicide.
In the early days one of the high profile soaps in the UK published their "catch up" summaries for the week ahead which you could get just by editing the date in the URL. But back then not so many people were looking, so they were doing it for months...
https://news.ycombinator.com/item?id=48902814
See also
Zhihu (Chinese Reddit): https://www.zhihu.com/question/2060133066643879544/answer/20...
Reddit: https://www.reddit.com/r/math/comments/1urv4id/comment/oxak6...
Interestingly, if true, it will also be the first time an MIT PhD graduate has won the Fields Medal.