Vibe Coding
CrowdStrike: 25%+ of AI-Generated Skills Contain Vulnerabilities, Claude Opus 4.5 Secure Only 56% of the Time
CrowdStrike analysis of 30,000+ AI-generated skills found over a quarter contained at least one exploitable vulnerability. CVE-2026-21852 (RCE via Claude Code project files) and CVE-2025-59536 (API token exfiltration, CVSS 8.7) are among the disclosures. Claude Opus 4.5 Thinking generates correct and secure code only ~56% of the time baseline, improving to ~66% when security reminder prompts are explicitly included in the system prompt.
Source
↳ Follow the thread