Agents
AI-Generated CVE Surge: Georgia Tech Tracks 35 CVEs/Month from AI Coding Tools; Black Duck Reports Open Source Vulnerabilities Doubled to 581 Per Codebase
Georgia Tech's Vibe Security Radar project tracked a near-sixfold increase in CVEs attributable to AI coding tools — from 6 in January to 35 in March 2026 — with researchers estimating true counts are 5-10x higher. Black Duck's 2026 OSSRA report confirms open source vulnerabilities doubled to 581 per codebase as AI adoption explodes. The underlying problem: AI models can sweep codebases in minutes and flag vulnerability patterns, but the open source ecosystem's patching and disclosure models were designed for a much slower pace of discovery.
↳ Follow the thread