Vibe Coding's Security Debt: AI-Generated CVE Surge Reaches 74 Confirmed Cases in 2026

Summary

Georgia Tech's Vibe Security Radar documented 74 confirmed CVEs directly attributable to AI coding tools through March 2026, with a dramatic acceleration: 6 in January, 15 in February, and 35 in March. Researchers estimate the actual count is five to ten times higher across the broader open-source ecosystem, suggesting 400–700 cases in public repositories. Claude Code leads confirmed attributions with 27 CVEs, followed by GitHub Copilot, Cursor, Devin, and Aether — though the research notes Clau