How AI-generated prototype code accumulates auth debt and how one code review session catches it systematically.