Georgia Tech’s Vibe Security Radar tracks 74 confirmed CVEs from AI-generated code — 35 in March 2026 alone, up from 6 in January. CodeRabbit finds AI produces 1.7× more bugs across 470 repos. Sonatype reports 28% of AI dependency recommendations are hallucinations. An estimated 8,000+ startups need $50K–$500K rebuilds. The code compiles. The tests pass. The intent has drifted. The cascade is accelerating across all six dimensions.
AI coding tools have entered a new phase. They generate code that compiles, passes tests, and ships to production — while embedding vulnerabilities, logic errors, and hallucinated dependencies at a rate that traditional quality systems were never designed to detect. The result is not occasional bugs. It is a structural failure mode: correct code with drifted intent, deployed at scale, faster than any review process can intercept.[1][2]
The evidence arrived from multiple independent sources within weeks of each other. Georgia Tech’s Systems Software & Security Lab launched the Vibe Security Radar, tracking CVEs directly attributable to AI-generated code. Their data shows an exponential curve: 6 confirmed AI CVEs in January 2026, 15 in February, 35 in March. Of the 74 total, 27 were authored by Claude Code, 4 by GitHub Copilot, 2 by Devin. The researchers estimate the true count is 5–10× higher — 400 to 700 cases across the open-source ecosystem — because most AI tool signatures are stripped before commit.[1][3]
90% of developers use AI. PRs per author up 20%. 10× code velocity. Ship faster. Releases accelerated 75%.
1.7× more bugs. 2.74× more XSS vulns. 28% hallucinated packages. Incidents per PR up 23.5%. Change failure rates up 30%.
Simultaneously, CodeRabbit analysed 470 open-source GitHub pull requests and found AI-generated code produces 1.7× more issues overall, with 75% more logic errors, 1.5–2× more security vulnerabilities, and 8× more performance inefficiencies compared to human-authored code. The problems are not just more frequent — they are more severe: AI-authored PRs contain 1.4× more critical issues and 1.7× more major issues.[2][4]
Then Sonatype published the 2026 State of the Software Supply Chain report. Analysing nearly 37,000 real dependency upgrade recommendations across Maven, npm, PyPI, and NuGet, they found that 27.8% of AI-generated dependency recommendations were hallucinations — versions that do not exist in any live repository. Worse, some recommendations pointed to confirmed protestware and packages compromised in known supply chain attacks.[5][6]
The SSLab begins systematically tracking CVEs attributable to AI-generated code by tracing commit histories and co-author metadata across public vulnerability databases.[1]
D5 Quality Measurement BeginsAnalysis of 470 GitHub PRs reveals AI-generated code introduces significantly more defects across logic, security, maintainability, and performance categories. AI-authored PRs average 10.83 issues versus 6.45 for human PRs.[2]
D5 Empirical ConfirmationTesting of 15 applications built by five major vibe coding tools uncovers 69 vulnerabilities, including six critical. Every single application lacked CSRF protection. Every tool introduced SSRF vulnerabilities.[7]
D5 + D6 Systemic WeaknessThe Engineering in the Age of AI benchmark report surveys 50+ engineering leaders and finds that while PRs per author increased 20%, incidents per PR jumped 23.5% and change failure rates rose approximately 30%. Only 32% of organisations have formal AI governance policies.[8]
D6 Operational DegradationThe 2026 State of the Software Supply Chain report analyses 37,000 dependency recommendations and finds 27.8% reference non-existent package versions. Some recommendations include confirmed protestware and supply chain attack vectors. Over 1.2 million malicious packages detected in open-source registries.[5]
D6 Supply Chain ContaminationPalo Alto Networks launches a governance framework specifically designed for vibe coding security, acknowledging the emergence of a new threat category requiring dedicated controls.[9]
D4 Governance FrameworkA social networking platform built entirely through vibe coding suffers a major data breach. Security firm Wiz discovers a misconfigured database with public read/write access. The founder stated he had not written a single line of code manually.[10]
D1 Customer Data BreachUK National Cyber Security Centre CEO Dr. Richard Horne delivers keynote at RSA Conference calling for immediate vibe coding safeguards. NCSC publishes blog warning AI-generated code poses “intolerable risks.” The cybersecurity establishment now treats AI code quality as a national security concern.[11]
D4 National Security ResponseAutomated scanning of thousands of applications built through AI coding tools reveals widespread vulnerability patterns. The volume confirms that this is not an edge case problem — it is the default condition of AI-generated production code.[12]
D5 Ecosystem-Wide PatternThe vibe coding cascade is not a story about bad AI. It is a story about a new failure mode that traditional quality systems were not designed to detect. AI-generated code optimises for local correctness — the function works, the test passes, the build succeeds — while the semantic intent drifts. The code does what it says, but not what was meant. At the scale AI now operates, this gap between syntactic correctness and semantic intent is where vulnerabilities, logic errors, and supply chain contamination originate.
AI-generated PRs contain 1.7× more issues, with 75% more logic errors, 2.74× more XSS vulnerabilities, and 1.88× more improper password handling than human code.[2]
Monthly AI-attributed CVEs grew from 6 in January to 35 in March 2026. Researchers estimate 400–700 real cases exist across the ecosystem, with most AI signatures stripped.[1]
Nearly one in four AI dependency recommendations are hallucinations. Some point to confirmed malware, protestware, and compromised packages. 1.2 million malicious packages detected in registries.[5]
Incidents per PR jumped 23.5% while PRs per author rose 20%. Change failure rates up 30%. More output, more damage per unit of output. Only 32% of organisations have formal AI governance.[8]
An estimated 8,000+ startups need $50K–$500K rebuilds after building production apps with AI assistants. Total estimated remediation: $400M–$4B. Rescue engineering is emerging as a new discipline.[13]
GitClear analysis of 211 million changed lines found code churn (written then reverted within two weeks) nearly doubled between 2020 and 2024, correlating with AI tool adoption. Copy-pasted code rose from 8.3% to 12.3%.[14]
The attractions of vibe coding are clear. Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own.
— Dr. Richard Horne, CEO, UK National Cyber Security Centre, RSA Conference, March 24, 2026[11]
The cascade originates from Quality (D5) — AI-generated code quality failures at scale — and propagates through Operational (D6, supply chain contamination and pipeline inadequacy), Revenue (D3, remediation costs), Customer (D1, trust erosion and data breaches), Employee (D2, skill atrophy and review fatigue), and Regulatory (D4, emerging governance frameworks). All six dimensions are activated. The volume of AI-generated code outpaces the capacity to review it meaningfully.
| Dimension | Score | Diagnostic Evidence |
|---|---|---|
| Quality (D5)Origin — 72 | 72 | 1.7× more bugs. 35 CVEs in one month. 8× performance issues. AI-generated code introduces more defects across every major quality category. 74 confirmed CVEs directly attributed to AI code, with estimated 400–700 real cases. 75% more logic errors. 2.74× more XSS vulnerabilities. AI dependency recommendations hallucinate 28% of the time. 69 vulnerabilities across 15 apps built by 5 major AI tools. Every app lacked CSRF protection.[1][2][5] Semantic Intent Drift |
| Operational (D6)L1 — 70 | 70 | 28% hallucinated dependencies. 1.2M malicious packages. CI/CD not designed for this volume. Supply chain contamination via AI-recommended packages that do not exist or contain malware. 454,648 new malicious packages detected in open-source registries in 2025. Change failure rates up 30%. Pipelines built for human-speed review cannot absorb AI-speed code generation. Code churn doubled.[5][6][8] Supply Chain Contamination |
| Revenue (D3)L1 — 68 | 68 | $400M–$4B remediation. 8,000+ startup rebuilds needed. Startups that built production apps with AI assistants face $50K–$500K rebuild costs each. First-year maintenance costs estimated at 12% above traditional development. Code that looks finished but cannot support real usage creates a technical debt time bomb. Rescue engineering is emerging as a new discipline.[13][14] Remediation Wave |
| Customer (D1)L1 — 65 | 65 | Trust erosion accelerating. Developer confidence declining. Stack Overflow’s 2025 survey found only 29% of developers trust the accuracy of AI-generated code, down from 40% previously. Moltbook breach exposed 1.5M API keys and 35,000 emails from a fully vibe-coded platform. End users bear the cost of invisible quality drift they have no visibility into.[10][14] Trust Erosion |
| Employee (D2)L2 — 60 | 60 | Reviewer fatigue at scale. AI-generated code looks correct, compiles cleanly, and passes superficial checks while hiding subtle logical errors. Median PR size increased 33% in 2025. Engineers shifting from writing to reviewing, but review capacity has not scaled. Refactoring dropped from 25% to under 10% of changed lines. Skill atrophy as developers accept AI output without comprehending functionality.[8][14] Review Fatigue & Skill Atrophy |
| Regulatory (D4)L2 — 55 | 55 | NCSC CEO calling for vibe coding safeguards at RSA Conference. Palo Alto SHIELD framework launched. NCSC blog warns AI-generated code poses “intolerable risks.” EU Cyber Resilience Act and AI Act converging on proof of provenance. Cambridge/MIT AI Agent Index found only 4 developers publish safety documentation covering autonomy levels. Governance arriving reactively, not proactively.[9][11] Emerging Governance |
-- The Vibe Coding Cascade: Software Engineering Diagnostic
-- Sense -> Analyze -> Measure -> Decide -> Act
FORAGE ai_code_quality_drift
WHERE ai_cve_monthly_count > 30
AND ai_bug_multiplier > 1.5
AND dependency_hallucination_pct > 25
AND incidents_per_pr_delta > 20
AND startup_rebuild_count > 5000
AND national_security_response = true
ACROSS D5, D6, D3, D1, D2, D4
DEPTH 3
SURFACE vibe_coding_cascade
DIVE INTO semantic_intent_drift
WHEN code_correctness = true -- compiles, passes tests
AND semantic_intent_preserved = false -- but intent has drifted
AND review_capacity_exceeded = true -- volume outpaces review
AND supply_chain_contaminated = true -- hallucinated packages in production
TRACE vibe_coding_cascade -- D5 -> D6+D3+D1 -> D2+D4
EMIT quality_cascade_at_scale
DRIFT vibe_coding_cascade
METHODOLOGY 85 -- SAST/DAST, code review, dependency pinning, deployment gates all exist
PERFORMANCE 35 -- 28% hallucinated deps, 32% have governance, review collapsing under volume
FETCH vibe_coding_cascade
THRESHOLD 1000
ON EXECUTE CHIRP critical "6/6 dimensions, semantic intent drift at scale, CVEs tripling monthly"
SURFACE analysis AS jsonRuntime: @stratiqx/cal-runtime · Spec: cal.cormorantforaging.dev · DOI: 10.5281/zenodo.18905193
The defining characteristic of this cascade is code that is syntactically correct but semantically wrong. It compiles. It passes tests. It ships. And it contains 1.7× more bugs than human-written code because AI optimises for pattern completion, not intent preservation. Traditional quality gates test whether code does what it says. They do not test whether it does what was meant. This is a new failure mode, and it requires new quality systems to detect.
When 28% of AI-recommended dependencies are hallucinations — including confirmed malware and protestware — the software supply chain is being contaminated at the point of creation, not the point of attack. Sonatype found that AI models confidently recommend packages that do not exist, enabling attackers who register those names. The attack vector is no longer exploitation of existing code. It is the generation of new code that references phantom dependencies.
PRs per author up 20%. Median PR size up 33%. Incidents per PR up 23.5%. The math does not work. AI generates code faster than humans can meaningfully review it. And the code it generates is harder to review: it looks correct, compiles cleanly, and hides subtle errors that surface only under specific conditions. The human quality gate that prevented production failures for decades is being overwhelmed by volume, not bypassed by malice.
At the centre of this cascade is a structural problem that has been formally identified: the decoupling of behavioral intent from code implementation. AI tools translate natural language descriptions into code, but the translation is lossy. Each iteration compounds the drift. The Semantic Intent pattern (semanticintent.dev) addresses this origin directly, proposing structured intent preservation as a first-class engineering concern — evidence that the problem has been formally named and solutions are emerging.
One conversation. We’ll tell you if the six-dimensional view adds something new — or confirm your current tools have it covered.