Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Staff Editor 2026-03-26
Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

https://www.infosecurity-magazine.com/news/ai-generated-code-vulnerabilities/

Publish Date: 2026-03-26 12:40:00

Source Domain: www.infosecurity-magazine.com

Vibe coding tools like Anthropic’s Claude Code are flooding software with new vulnerabilities, Georgia Tech researchers have warned.

At least 35 new common vulnerabilities and exposures (CVE) entries were disclosed in March 2026 that were the direct result of AI-generated code. This is up from from six in January and 15 in February.

The vulnerabilities are being tracked as part of the ‘Vibe Security Radar’ project which was started in May 2025 by the Systems Software & Security Lab (SSLab), part of Georgia Tech’s School of Cybersecurity and Privacy.

How Georgia Tech Tracks Flaws Introduced by AI Coding Tools

The Vibe Security Radar aims to track vulnerabilities directly introduced by AI coding tools that made it into public advisories, such as the CVE.org, the US National Vulnerability Database (NVD), GitHub Advisory Database (GHSA), Open Source Vulnerabilities (OSV), RustSec and others.

Speaking to Infosecurity, Hanqing Zhao, founder of the Vibe Security Radar, “Everyone is saying AI code is insecure, but nobody is actually tracking it. We want real numbers. Not benchmarks, not hypotheticals, real vulnerabilities affecting real users.”

He emphasized that this tracking work was fundamental now that more people have stated vibe coding entire projects “straight to production.”

“Realistically, even teams that do code review aren’t going to catch everything when half the codebase is machine-generated,” he added.

50 Vibe Coding Tool Covered, 74 Vulnerabilities Tracked

Zhao claimed that his team tracks approximately 50 AI-assisted coding tools, including Claude Code, GitHub Copilot, Cursor, Devin, Windsurf, Aider, Amazon Q and Google Jules.

To develop the Vibe Security Radar dashboard, researchers first pull data from public vulnerability databases, find the commit that fixed each vulnerability, then trace backwards to find who introduced the bug in the first place.

“If that commit has an AI tool’s signature on it, like a co-author tag…

Source

More Stories

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

The Mythos Race: Trump’s New EO and Glasswing’s Expansion

Staff Editor 2026-06-07
Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Intech to Perform OT Cybersecurity Assessment for Middle East Liquid Terminal Operator – News and Statistics

Staff Editor 2026-06-07
DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy