Using AI to code does not mean your code is more secure

As more people use AI tools to write code, the tools themselves are introducing more vulnerabilities.

Researchers affiliated with Georgia Tech SSLab have been tracking CVEs attributable to flaws in AI-generated code. 

Last August, they found just two CVEs that could be definitively linked to Claude Code – CVE-2025-55526, a 9.1 severity directory traversal vulnerability in n8n-workflows, and GHSA-3j63-5h8p-gf7c, an improper input handling bug in the x402 SDK.

In March, they identified 35 CVEs – 27 of which were authored by Claude Code, 4 by GitHub Copilot, 2 by Devin, and 1 each by Aether and Cursor.

Claude Code's overrepresentation appears to follow from its recent surge in popularity. In the past 90 days, Claude Code has added more than 30.7 billion lines of code to public repositories, according to Claude's Code, an analytics website created by software engineer Jodan Alberts.

The Georgia Tech researchers started their measurements ...