# AI Code Is Shipping Vulnerabilities at Scale: The 2026 Data

> Source: <https://byteiota.com/ai-code-is-shipping-vulnerabilities-at-scale-the-2026-data/>
> Published: 2026-07-19 03:19:53+00:00

Georgia Tech’s Systems Software and Security Lab is tracking confirmed CVEs directly attributed to AI-generated code. In January 2026 there were 6. By February, 15. By March, 35. That is not a linear trend — that is an acceleration. And the actual number is estimated at five to ten times higher, because most commits strip the AI-attribution metadata that would make them detectable.

## The Productivity Tradeoff Nobody Is Saying Clearly

Apiiro deployed its deep code analysis engine across Fortune 50 enterprises and found that AI-assisted developers commit code at three to four times the rate of non-AI peers. That is the headline companies put in their earnings calls. The less-shared finding: monthly security findings in those same organizations rose from roughly 1,000 to more than 10,000 in six months — a tenfold surge. Privilege escalation vulnerabilities climbed 322%. Architectural design flaws increased 153%.

The flip side is real: syntax errors dropped 76% and logic bugs fell 60%. AI coding tools genuinely reduce the bugs that make code annoying. They do not reduce the bugs that make code dangerous. If anything, they trade one category for the other at an unfavorable rate.

## The 74 CVEs You Did Not Hear About

The [Cloud Security Alliance’s Vibe Security Radar](https://labs.cloudsecurityalliance.org/research/csa-research-note-ai-generated-code-vulnerability-surge-2026/) has confirmed 74 CVEs tied to AI-generated code so far in 2026, across roughly 50 tools including Claude Code, GitHub Copilot, Cursor, Devin, and Amazon Q. These are documented, verified, production vulnerabilities — not theoretical attack surfaces. Claude Code appears most frequently, though this partly reflects the consistency of its commit metadata, which makes attribution easier than for tools that leave no trace.

Georgia Tech researcher Hanqing Zhao put the problem plainly: “Everyone is saying AI code is insecure, but nobody is actually tracking it.” Now someone is, and the numbers are not reassuring. The 74 confirmed CVEs likely represent between 400 and 700 actual cases in the open-source ecosystem alone. Enterprise codebases are not counted.

## Developers Are Confidently Wrong

Veracode tested more than 100 LLMs across 80 coding tasks against the OWASP Top 10. [Forty-five percent of AI-generated code introduced at least one OWASP vulnerability](https://www.ox.security/blog/vibe-coding-security/). Cross-site scripting failures appeared in 86% of samples. Log injection failures appeared in 88%. The pass rate across all models remained flat at around 55% from 2025 through March 2026 — no meaningful improvement despite vendor claims.

Compounding this: nearly 80% of developers believe AI tools generate more secure code than humans. Controlled studies show developers using GitHub Copilot submitted more insecure code with higher confidence than those writing manually. The confidence is the problem. Security reviews that used to be standard are being skipped because the code “looks fine” and “Copilot reviewed it.”

## Your Secrets Are Already Out There

[GitGuardian’s State of Secrets Sprawl 2026](https://www.gitguardian.com/state-of-secrets-sprawl-report-2026) found 28.65 million new hardcoded secrets in public GitHub commits in 2025 — a 34% year-over-year increase and the largest single-year jump ever recorded. AI-assisted commits leak secrets at a 3.2% rate compared to a 1.5% baseline. Eight of the ten fastest-growing categories of leaked secrets are AI service credentials — API keys for the very tools being used to write the vulnerable code.

The persistence problem is worse than the exposure problem: 64% of valid secrets from 2022 are still not revoked in 2026. If your organization adopted AI coding tools in the past two years without adding credential scanning to CI, you have almost certainly leaked something that is still active.

## Five Things to Do Before You Merge Another PR

The [Apiiro enterprise data](https://apiiro.com/blog/4x-velocity-10x-vulnerabilities-ai-coding-assistants-are-shipping-more-risks/) and CSA guidance distills to five actions worth implementing immediately, not next quarter:

**Scan every repository for leaked secrets now.** GitGuardian and TruffleHog have free tiers. One scan of your entire GitHub organization will tell you what is already out there. Run it before you start worrying about anything else.**Block AI-assisted code from merging without SAST and secret detection.** Add gitleaks, Semgrep, or an equivalent as a required CI check — not advisory, required. Code that fails does not merge.**Restrict AI assistance on auth, cryptography, and data-access code.** These are precisely the categories where privilege escalation and architectural flaws cluster. Human review is not optional for these paths.**Generate SBOMs with AI tool provenance.** When a CVE ships in AI-generated code, you need to know which module, which tool, and which commit. Without provenance metadata, remediation is guesswork at scale.**Set up automatic credential revocation workflows.** Leaked secrets staying valid for four years is a governance failure, not a discovery failure. The detection tools exist. Build the rotation pipeline.

## The Honest Assessment

AI coding tools are not going away, and they should not. The productivity gains are real — four-times faster commits and significantly fewer trivial bugs are meaningful improvements. But the security industry is not moving at the same speed as the adoption curve. Forty-five percent OWASP failure rates, a 322% rise in privilege escalation paths, and 74 publicly confirmed CVEs in six months represent a gap between “AI makes development faster” and “AI makes development safer” that the ecosystem has not closed.

Gartner projects AI approaches will increase software defects by 2,500% by 2028 if current practices continue. Even discounting that as an analyst projection designed for impact, the trajectory is serious. The data is there. The tools to address it exist. The question is whether engineering teams will treat AI-generated code with the same skepticism they apply to open-source dependencies — which is to say, with verification, not faith.
