Fetching from the wire…
Top 5 · 2026-03-28 · source-backed
Forget the productivity gains for a second. DryRun Security tested three of the most popular coding agents, Claude Code (Sonnet 4.6), OpenAI Codex (GPT 5.2), and Google Gemini (2.5 Pro), by having each build two complete applications from scratch. They ran 38 security scans across 30 pull requests. The result: 143 security issues total. 26 of 30 PRs (87%) contained at least one vulnerability.
Not one agent. All three. Broken access control was universal across every agent tested. Claude introduced a bypass that disabled two-factor authentication entirely. Gemini had the highest count of high-severity findings. Codex performed best, but "best" still means most of its PRs shipped with security holes.
I want to connect this to something I keep thinking about. We've spent the last year optimizing for speed. Tokens per second, lines generated per minute, time-to-PR. The entire AI coding ecosystem is built around the assumption that faster is better. And it is, until you look at what's being shipped. If 87% of your output needs security remediation, you haven't saved time. You've created a review bottleneck that's worse than writing the code yourself, because now you need a security expert reviewing machine-speed output.
This also lands differently when you pair it with today's CISA story (Story #5). The security scanners you'd use to catch these vulnerabilities are themselves getting compromised. So your AI agents write vulnerable code at industrial scale, and the tools meant to catch it before deploy have been backdoored. That's a compounding problem, not a linear one.
What should builders actually do? First, add static analysis specifically targeting AI-generated code to your CI pipeline. Snyk, Semgrep, and the new Harness Secure AI Coding (announced at RSAC this week) all have patterns tuned for AI-specific vulnerability classes. Second, treat AI-generated PRs like untrusted third-party code. Full review. Every time. Third, if you're running an agent that can push to production without human review, stop. The 87% stat means your default state is shipping vulnerabilities.
Codex producing fewer remaining issues than Claude and Gemini is interesting but I don't know what's driving the difference yet. Could be model architecture, could be system prompt differences, could be how each agent structures its PR workflow. DryRun's methodology is specific enough to reproduce, so I'd expect independent validation soon.
The uncomfortable truth: we're generating security debt faster than any human team could manually write it. And we're celebrating the speed.
Each link below shares sources, entities, or timing with this story.
Snyk uses Claude / Shared entities / Shared topic / What happened next / Tension
Linked by a graph relationship (Snyk uses Claude); both cover Claude, Claude Code, Codex, Gemini; overlapping topics (agent, best, claude, code, coding).
Vibe Security Radar criticizes Claude Code / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Vibe Security Radar criticizes Claude Code); both cover Claude Code, Harness Secure AI Coding, RSAC, Semgrep; overlapping topics (ai-generated, catch, code, coding, security).
Snyk uses Claude / Shared entities / Shared topic / What happened next / Tension
Linked by a graph relationship (Snyk uses Claude); both cover Claude, Claude Code, Codex, GPT; overlapping topics (agent, best, claude, code, codex).