As more people write code using AI tools, the tools themselves introduce more vulnerabilities.
Researchers at Georgia Tech’s SSLab have been tracking CVEs caused by defects in AI-generated code.
Last August, they discovered only two CVEs that could be conclusively linked to the Claude code. CVE-2025-55526 (n8n-workflows severity 9.1 directory traversal vulnerability) and GHSA-3j63-5h8p-gf7c (x402 SDK improper input handling bug).
In March, they identified 35 CVEs. 27 of them were created by Claude Code, 4 by GitHub Copilot, 2 by Devin, and 1 by Aether and Cursor.
Claude Chord’s excesses seem to follow his recent surge in popularity. In the past 90 days, Claude Code has added more than 30.7 billion lines of code to public repositories, according to Claude’s Code, an analytics website created by software engineer Jordan Alberts.
Georgia Tech researchers began measuring on May 1, 2025, and as of March 20, 2026, the CVE scorecard looked like this:
- 49 (critical 11) for Claude code
- 15 (critical 2) for GitHub Copilot
- 2 for ether
- 2 for Google Jules (severity is 1)
- Devin’s 2
- 2 for cursor
- Atlassian for Rovo 1
- 1 for Roo code
This equates to 74 CVEs due to AI-generated code out of 43,849 advisories analyzed.
said Hanqing Zhao, a researcher at Georgia Tech’s SSLab. register The email stated that these AI CVEs could be considered as lower bounds rather than ratios.
“These 74 cases are confirmed cases where we found clear evidence that AI-generated code contributed to the vulnerability,” he said. “That does not mean that the remaining approximately 50,000 cases were written by humans, which means we could not detect AI involvement in these cases.
“Take OpenClaw as an example. OpenClaw has over 300 security advisories and appears to be heavily vibe-coded, but most AI traces have been removed. Only about 20 cases can we confidently see a clear AI signal. Based on such projects, we estimate that the actual number is likely 5-10 times what is currently being detected.”
Zhao said a low number of CVEs should not be interpreted as a sign that AI code tools will provide more secure code.
“Claude Code alone now makes up over 4% of public commits on GitHub,” he explained. “If AI is actually responsible for only 74 out of 50,000 public vulnerabilities, that would mean that AI-generated code is orders of magnitude more secure than code written by humans. We don’t think it can be trusted.”
He said the low numbers “reflect blind spots in detection rather than superior quality of the AI code.”
Georgia Tech’s findings amplify research published in November 2024 by Georgetown University’s Center for Security and Emerging Technologies.
Based on tests of GPT-3.5-turbo, GPT-4, Code Llama 7B Instruct, WizardCoder 7B, and Mistral 7B Instruct, Georgetown researchers found that “for all five models, approximately 48 percent of all code snippets generated were compilable but contained bugs flagged by ESBMC.” [the Efficient SMT-based Context-Bounded Model Checker]We define this as unsafe code. ”
Approximately 30% of the generated code snippets passed ESMBC validation and were deemed secure.
Zhao said the amount of AI-generated code being committed is rapidly increasing. “End-to-end coding agents are now becoming more prevalent,” he explained. “Claude Code alone has over 15 million total commits on GitHub, accounting for over 4% of all public commits.
“This is partly a reflection of more people using AI tools. But it’s not just the volume. The way people use these tools is changing. A year ago, most developers were using AI for autocomplete. Now, people are vibe-coding entire projects and shipping code that few have ever read. It’s a different risk profile.” ®
