Top 5 · 2026-05-08 · source-backed
Your AI-Written Code Works. Its Dependencies Don't.
Story
A large-scale study on arXiv found that 36-56% of LLM coding tasks contain at least one known CVE in specified dependencies. Not in the generated code itself. In the packages the model tells you to install.
The numbers get worse. 62-75% of those CVEs are rated Critical or High severity. In 72-91% of cases, the vulnerability was publicly disclosed before the model's training cutoff. The models knew, or should have known, these versions were compromised. They recommended them anyway.
The killer finding: all models converge on the same small set of risky dependency versions. This isn't random error. It's systemic bias baked into training data. The models learned which versions appear most frequently in tutorials, Stack Overflow answers, and README files, and those happen to be the versions people were using when the vulnerabilities existed.
This hits the vibe coding community's biggest blind spot. The workflow is: describe what you want, get working code, ship it. The code passes tests. The app runs. Everything looks fine. But under the hood, you've installed a dependency version with a known critical vulnerability because the LLM suggested it and you didn't question it.
I've caught this in my own projects. Claude suggested a specific version of a package that had a known SSRF vulnerability patched two minor versions later. The code worked perfectly. The vulnerability was silent until I checked.
What to do about it: treat every AI-suggested dependency version as untrusted input. Run pip audit or npm audit after every AI-generated requirements change. Pin to latest patched versions, not the versions the model suggests. If you're using Dependabot or Renovate, make sure they run against AI-generated lockfiles too. The code quality revolution doesn't matter if the foundation is compromised.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source domain / Shared topic / What happened next
AI Coding Agents Don't Write Clean Patches. They Can't.
Both cover CVEs, LLM; reported by the same outlet (arxiv.org); overlapping topics (ai-generated, code, coding, model, training).
Shared entities / Shared topic / Earlier coverage
One in Four AI-Generated Code Snippets Ships With Exploitable Vulnerabilities
Both cover CLAUDE, CVE, CVEs; overlapping topics (ai-generated, code, coding, model); earlier CLAUDE coverage from 2026-03-15.
Shared entities / Same source domain / Earlier coverage / Tension
10 actionable skills from today's findings:
Both cover CLAUDE, LLM, SSRF; reported by the same outlet (arxiv.org); earlier CLAUDE coverage from 2026-03-22.
Shared entities / Same source domain / Shared topic / Earlier coverage / Tension
Architecture Descriptors Cut AI Coding Agent Navigation by 33-44%: 7,012 Claude Code Sessions Analyzed
Both cover CLAUDE, README; reported by the same outlet (arxiv.org); overlapping topics (code, coding).
Shared entities / Same source domain / What happened next
GitLost turns a plain-English GitHub Issue into a private-repo leak
Both cover CLAUDE, CVE, LLM; reported by the same outlet (arxiv.org); picks up the CLAUDE thread on 2026-07-08.
Shared entities / Shared topic / What happened next / Tension
The Fable 5 export ban was triggered by "fix this code." That should scare you.
Both cover Claude, CVE; overlapping topics (against, code, model); picks up the Claude thread on 2026-06-17.
Shared entities / Same source domain / Earlier coverage
Claude Opus 4.6 Discovers 22 Firefox Vulnerabilities in Two Weeks — 14 High-Severity
Both cover CLAUDE, CVEs, High; reported by the same outlet (arxiv.org); earlier CLAUDE coverage from 2026-03-22.
Shared entities / Shared topic / Earlier coverage
Skills to Practice Today
Both cover Claude, Critical, LLM; overlapping topics (code, critical); earlier Claude coverage from 2026-03-03.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-05-08
- AI generated
- no
- Story unit
- 2026-05-08-your-ai-written-code-works-its-dependencies-don-t
- Labels
- source-backed, canonical briefing excerpt