AI-generated code is driving a rising CVE trend in March 2026
Trend
Summary
Hide ▲
Show ▼
AI-generated code is driving a rising CVE trend, with 35 disclosures in March 2026 showing a material increase in flaws across public advisories and open-source projects. Counts rose from six in January to 15 in February, suggesting the problem is accelerating as AI-assisted coding spreads. The trend matters because it ties developer automation directly to more exploitable software risk.
Related Happenings
AI coding assistant adoption becomes near-universal while governance lags in software development teams
Trend
H score16
First: 09.06.2026 18:00
Last: 09.06.2026 18:00
Sources 1
About this happening:
**AI coding assistants** are now used by **97%** of software engineers and DevOps professionals, but only **30%** have fully governed oversight, leaving security and compliance co...
AI coding assistant adoption becomes near-universal while governance lags in software development teams
TrendAbout this happening: **AI coding assistants** are now used by **97%** of software engineers and DevOps professionals, but only **30%** have fully governed oversight, leaving security and compliance co...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical Analysis
H score16
First: 04.06.2026 16:00
Last: 04.06.2026 16:00
Sources 1
About this happening:
Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical AnalysisAbout this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
H score26
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Timeline
-
26.03.2026 18:40 2 articles · 3mo ago
AI-generated code is driving a rising CVE trend in March 2026
Initial DisclosureThe tracking effort began in **May 2025** and focused on tracing public vulnerability disclosures back to the commit that introduced the flaw. Early results showed that some CVEs could be attributed to AI-generated code by following commit history and metadata signatures.
Show sources
- Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40
- Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40