Skills
Sherlock Forensics 2026 Report: 92% of AI-Generated Codebases Contain at Least One Critical Vulnerability, Average 8.3 Exploitable Findings Per Application
A security assessment report covering web apps, APIs, and SaaS platforms built with Cursor, Copilot, ChatGPT, and Claude between January-April 2026 found that 92% of AI-generated codebases contain critical vulnerabilities, with an average of 8.3 exploitable findings per application. This aligns with Veracode's spring 2026 update showing only 55% of AI generation tasks produce secure code. The data provides hard numbers for the 'vibe coding hangover' — the security debt accumulating as teams ship AI-generated code without review.
↳ Follow the thread