AI‑Generated Code Is Risky

Georgia Tech’s Vibe Security Radar logged 72 AI‑linked advisories covering May 1, 2025–Mar 13, 2026 and flagged 40 high/critical findings after scanning 40,801 advisories. (vibe-radar-ten.vercel.app) Researchers reported at least 35 CVEs in March 2026 that were attributable to AI‑generated code, up from six in January and 15 in February. (infosecurity-magazine.com) The Register’s analysis shows the March surge was concentrated: 27 of those CVEs were linked to Anthropic’s Claude Code, four to GitHub Copilot, two to Devin, and one each to Aether and Cursor. (theregister.com) Veracode’s Spring 2026 update found AI models reach syntax correctness rates above 95% but security pass rates remain roughly 55%, unchanged from prior years. (veracode.com) DryRun Security’s testing found AI coding agents introduced vulnerabilities in a very high share of pull requests—reporting insecure logic or access‑control gaps in roughly 87% of sampled PRs across Claude, Codex and Gemini builds. (helpnetsecurity.com) Black Duck’s 2026 OSSRA data shows open‑source codebases doubled average vulnerability counts (to 581 per codebase) while the mean number of files per codebase rose 74% year‑over‑year as AI adoption scaled. (blackduck.com) Databricks’ red‑team experiments show targeted “security prompting” and language‑specific guardrails reduce insecure AI outputs in benchmarks like Secure Coding and HumanEval, offering a practical mitigation path for teams deploying coding assistants. (databricks.com)