CSA Research: Vibe Coding's Security Debt — AI-Generated Code CVE Surge

Summary

The Cloud Security Alliance's April 2026 research note documents a structural security crisis in AI-assisted development: AI-assisted developers produce commits at 3–4× the rate of peers but introduce security findings at 10× the rate. In March 2026 alone, 35 CVEs were directly attributed to AI coding tools, up from 6 in January and 15 in February — a trajectory researchers estimate reflects only 10–20% of the actual vulnerability count given attribution challenges. Approximately 45% of AI-gener