In three months, 74 vulnerabilities were directly attributed to code generated by artificial intelligence. "Vibe coding", which involves describing desired features in natural language and letting AI generate the corresponding code, has become widespread in 2026. While this approach offers considerable productivity, it poses a major risk when the generated code is deployed to production without going through an adequate verification process.
The Vibe Security Radar project, launched in 2025 by the Systems Software & Security Lab at Georgia Tech, tracks CVEs directly introduced by AI-generated code. Its methodology relies on analysing vulnerability databases and tracing each fix back to its original commit, to determine whether an AI coding tool introduced the flaw.
The results speak for themselves. In January 2026, 6 CVEs were directly attributed to AI-generated code. In February, 15, and in March, 35. 74 confirmed vulnerabilities in three months, with an acceleration curve that mirrors the adoption of AI coding tools. And researchers estimate that the real figure is 5 to 10 times higher, as most AI-generated commits carry no signature that would identify them as such.
The risk does not come so much from artificial intelligence itself as from the volume of code it produces without sufficient verification. This results in recurring vulnerabilities (SQL injections, XSS, insecure storage, hardcoded secrets, insufficient authentication, weak cryptography) reaching production at an unprecedented scale and speed. AI-assisted developers produce code 3 to 4 times faster, and introduce security flaws at a proportional rate.
This is amplified by a confidence bias. The generated code compiles, passes functional tests, and is often integrated with less human review than manually written code. OWASP has updated its Top 10 in 2026, integrating for the first time risks related to the software supply chain, a vector directly amplified by AI-generated code.
Another risk vector stems from AI's tendency to reference dependencies that do not exist. According to a USENIX Security study, nearly 20% of packages referenced in AI-generated code are purely fictitious. Attackers exploit this phenomenon, called "slopsquatting", by registering these package names invented by AI to place malicious code in them, creating an entirely new supply chain attack vector.
The risk is not limited to the code AI produces. AI coding tools themselves have become attack targets, opening a new vector for software supply chain compromise.
In July 2025, an attacker exploited a misconfigured GitHub token to inject malicious code into the Amazon Q Developer extension, Amazon's AI coding assistant, for VS Code. The compromised extension was distributed via the VS Code Marketplace for several days before AWS published a fix. The injected code aimed to execute commands on the developer's machine, and only a syntax error in the payload prevented exploitation.
The AI code editor Cursor, used by more than one million developers, has also been subject to several CVEs in 2025. The CurXecute vulnerability allowed an attacker to execute code remotely via a prompt injection through a connected MCP server. MCPoison exploited a similar mechanism by poisoning an MCP configuration file in a shared repository, a developer approving a legitimate configuration could be silently redirected to a malicious one.
GitHub Copilot was not spared either. Researchers have already demonstrated that it was possible to inject invisible Unicode characters into Copilot and Cursor rule files, silently directing the AI to insert malicious code into all generated output, without the developer being able to detect it visually.
AI-generated code ends up in web and mobile applications deployed in production. And the researchers' recommendation is clear: it must be treated with the same rigour as any unverified third-party code.
This is precisely the core expertise of Yagaan, powered by Pradeo, whose application security solutions enable the analysis and security of application code, whether written by a developer or generated by artificial intelligence.
As AI-generated code represents a growing share of applications in production, systematic static analysis is no longer optional. It becomes the first line of defence before market release.