Surge in CVE-classified vulnerabilities linked to AI-generated code in production environments

Timeline

1. 26.03.2026 18:40 1 articles · 2h ago

   AI-generated code directly linked to surge in CVE-classified vulnerabilities in March 2026

   Georgia Tech researchers report at least 35 new CVEs in March 2026 introduced by AI coding tools, with 74 confirmed cases tracked via metadata signatures. The Vibe Security Radar project highlights underreporting due to metadata stripping and the dominance of Anthropic’s Claude Code in detectable cases. Estimates suggest 400–700 total AI-induced vulnerabilities in open-source projects, with future detection methods shifting to commit patterns and coding style analysis.

   Show sources

   • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

   Open in new tab

Information Snippets

• At least 35 new CVEs in March 2026 were directly introduced by AI-generated code, compared to six in January and 15 in February 2026.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

• The Vibe Security Radar project, initiated in May 2025 by Georgia Tech’s SSLab, tracks vulnerabilities across public advisories including NVD, GHSA, OSV, RustSec, and GitHub Advisory Database.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

• Researchers analyze commit history to identify AI tool signatures (e.g., co-author tags, bot emails) and use AI agents to determine root causes of vulnerabilities contributed by AI-generated code.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

• Claude Code is the most frequently identified AI coding tool in tracked CVEs, but this is attributed to its persistent metadata signatures rather than higher inherent risk compared to other tools.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

• Estimated total AI-induced vulnerabilities in open-source projects may be 400–700 cases (5–10x the confirmed 74), with many traces stripped from commits, leaving only ~20 confirmable cases in projects like OpenClaw.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

• In February 2026, Claude Code accounted for over 4% of public GitHub commits, a figure expected to rise, correlating with increased AI-introduced vulnerabilities.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40

• Future tracking aims to detect AI-generated code patterns without relying on metadata, using project-wide commit analysis and coding style recognition.

  First reported: 26.03.2026 18:40
  1 source, 1 article
  Show sources

  • Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code — www.infosecurity-magazine.com — 26.03.2026 18:40