Research
AI-Generated Code CVE Surge: 35 Vulnerabilities in March 2026 Alone, More Than All of 2025
The Cloud Security Alliance's Vibe Security Radar reports 35 new CVE entries from AI-generated code in March 2026 — up from 6 in January and 15 in February, exceeding the entire second half of 2025 (18 cases across seven months). To date, 74 confirmed CVEs are traceable to AI-generated code, including 14 critical-risk and 25 high-risk vulnerabilities. Authentication bypass, command injection, and SSRF are the three most common vulnerability types. Veracode testing of 100+ LLMs finds the overall security pass rate stuck at ~55%.
↳ Follow the thread