Vulnerabilities in AI-Generated Code - Researchers Warn

The Flaw

Researchers at Georgia Tech have raised alarms about vulnerabilities introduced by AI-generated code. Their study revealed a staggering increase in reported Common Vulnerabilities and Exposures (CVEs) directly linked to these coding tools. In March 2026 alone, at least 35 new CVEs were documented, a significant rise from just six in January. This trend is part of the Vibe Security Radar project, which aims to track vulnerabilities that stem from AI-assisted coding.

The Vibe Security Radar, initiated in May 2025, is a proactive approach to understanding how AI tools contribute to security flaws. Hanqing Zhao, the project's founder, emphasized the importance of tracking these vulnerabilities, stating, "Everyone is saying AI code is insecure, but nobody is actually tracking it." This initiative seeks to provide real numbers and insights into how AI-generated code affects software security.

What's at Risk

The implications of these vulnerabilities are significant. As more developers rely on AI tools like Claude Code and GitHub Copilot, the potential for security flaws increases. Zhao noted that even with code reviews, it is challenging to catch every issue when a substantial portion of the codebase is machine-generated. The risk extends beyond just the identified CVEs; Zhao estimates that the actual number of vulnerabilities could be five to ten times higher, potentially affecting 400 to 700 cases across the open-source ecosystem.

Moreover, many vulnerabilities lack public identifiers, making them difficult to track. This hidden risk poses a challenge for developers and organizations that rely on AI-generated code, as they may unknowingly introduce flaws into their software.

Patch Status

Currently, the Vibe Security Radar tracks about 50 AI-assisted coding tools, including popular options like Claude Code and GitHub Copilot. Researchers utilize public vulnerability databases to trace back the origins of reported vulnerabilities. If a commit shows an AI tool's signature, it is flagged for further investigation. However, many AI tools do not leave a trace, complicating the detection process.

The researchers are working to improve their tracking methods. The next phase involves analyzing broader project patterns and coding styles to identify AI-generated code without relying solely on metadata. This approach aims to enhance the accuracy of their findings and provide a clearer picture of the vulnerabilities introduced by AI tools.

Immediate Actions

For developers and organizations, the rise in AI-generated vulnerabilities calls for immediate attention. Here are some recommended actions:

• Conduct thorough code reviews: Ensure that code generated by AI tools is scrutinized for potential vulnerabilities.
• Stay informed: Keep up with the latest CVE reports related to AI-generated code and adjust coding practices accordingly.
• Implement security training: Educate teams about the risks associated with AI coding tools and promote best practices in secure coding.
• Monitor AI tool usage: Track which AI tools are being used in projects and assess their impact on security.

As the use of AI in software development continues to grow, so too does the need for vigilance. The Vibe Security Radar will evolve to keep pace with these changes, aiming to provide developers with the insights they need to mitigate risks effectively.