Skills
CSA Research Note: Vibe Coding's Security Debt — 87% of AI-Generated Pull Requests Contain Security Issues, AI Devs Introduce Findings at 10x Rate
The Cloud Security Alliance published research showing AI-assisted developers produce commits 3-4x faster but introduce security findings at 10x the rate of non-AI peers. In a single week (March 27), 35 AI-generated CVEs were disclosed. 87% of AI-generated pull requests contain security issues. Combined with the finding that mean time from vulnerability disclosure to confirmed exploitation has fallen below one day in 2026 (down from 2.3 years in 2019), the velocity gap between AI-generated vulnerabilities and human remediation capacity is widening. CSA recommends mandatory automated security scanning in CI/CD as a minimum countermeasure.
↳ Follow the thread