Fetching from the wire…
Public story · 2026-03-15 · source-backed
CrowdStrike analyzed 30,000+ AI-generated code skills and found over 25% contained at least one exploitable vulnerability. Claude Opus 4.5 Thinking — the model many teams trust for security-sensitive work — produces correct and secure code only 56% of the time at baseline. That number climbs to roughly 66% when a security reminder prompt is explicitly included in the system prompt. A ten-percentage-point improvement from a single prompt addition is the highest-ROI security intervention currently documented for coding agents. CrowdStrike
The disclosed CVEs are concrete: CVE-2026-21852 enables remote code execution via Claude Code project files, and CVE-2025-59536 (CVSS 8.7) allows API token exfiltration. These aren't theoretical — they're the kind of bugs that get past code review because the surrounding code looks competent.
The mitigation is straightforward: add an OWASP-aligned security checklist to your system prompt instructing the agent to evaluate each code change against common injection patterns before submitting. CrowdStrike's data shows this single addition moves the needle more than switching models or adding static analysis post-hoc. If you're running Claude Code, Cursor, or any coding agent in production without a security reminder in your CLAUDE.md or system prompt, you're leaving the easiest 10pp improvement on the table. The broader signal: trust but verify is no longer sufficient — instruct and verify is the 2026 baseline.
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / What happened next
Both cover CLAUDE, Claude Code, Cursor, CVE; overlapping topics (agent, claude, code, security); picks up the CLAUDE thread on 2026-06-14.
Both cover Claude Code, CrowdStrike, CVE, CVEs; overlapping topics (ai-generated, code, coding, security); picks up the Claude Code thread on 2026-03-27.
Both cover Claude, Claude Code, Cursor; overlapping topics (agent, claude, code, coding, prompt); picks up the Claude thread on 2026-06-07.