Well doesn’t Relying Parties using the BankID API for signatures and authentication have private keys to start the flows for users scanning QR codes etc?

Could you, having the right private keys, impersonate some company soliciting a BankID signature?

I’m not sure what you can do with that though. You cannot steal some other ongoing signature I guess.

Are they the same model?

Not that it matters, I just think the joke is more fun if they are different.

> If you're feeding an LLM GPL'd code and it "creates" something "new" from it, that's not "clean room", right?

I didn’t RTFA but I suppose that by clean room here they mean you feed the code to ”one” LLM and tell it to write a specification. Then you give the specification to ”another” LLM and tell it to implement the specification.

> All of these were built with varying levels of assistance from agentic coding. None of them were purely vibe-coded and there was a great deal of manual and unit testing to verify functionality as it was built.

It also seems like none of them are relatively unique and all of them have been done before.