AI Code Is 2.74x More Vulnerable Than Human Code — And Nobody's Talking About It

The Number Nobody Wants to Say Out Loud

The AI coding wave has a dirty secret: code generated by AI assistants contains significantly more security vulnerabilities than code written by humans.

A December 2025 study by CodeRabbit, which analyzed 470 open-source GitHub pull requests co-authored by generative AI, found:

2.74x more security vulnerabilities vs. human-written code
75% more misconfigurations across infrastructure and application settings
1.7x more "major" issues overall, including logic errors and incomplete implementations

These aren't edge cases. This is the baseline behavior of AI-generated code across hundreds of real-world pull requests submitted to active open-source projects.

Why This Happens

AI coding assistants are trained on vast corpora of code from the internet. That code includes millions of examples of insecure patterns: SQL injection vulnerabilities, hardcoded credentials, missing input validation, overly permissive CORS settings, and insecure defaults. The models learn to generate code that looks right — and insecure-but-functional code looks exactly like secure-but-functional code to a language model without explicit security training.

Three specific failure modes show up consistently in the research:

1. Insecure defaults: AI models tend to generate the shortest working solution. The shortest working solution often skips security hardening. Missing authentication checks, open S3 buckets, and world-readable database configs all fit this pattern.

2. Copy-paste vulnerability propagation: If a vulnerable pattern appears frequently in training data, the model will reproduce it. Classic SQL injection patterns, for example, appear in millions of tutorial-style code examples online.

3. Missing context between files: When an AI generates code across multiple files, it can miss security implications that only emerge from understanding how components interact. A JWT token correctly validated in one function but assumed valid in another is safe code that creates an unsafe system.

The Open Source Crisis

The security problem is already reshaping the open source ecosystem. Maintainers are drowning in AI-generated contributions — what RedMonk analyst Kate Holterhoff calls "AI Slopageddon."

Daniel Stenberg shut down cURL's six-year bug bounty program in January 2026, citing an overwhelming volume of AI-generated vulnerability reports of questionable quality. Mitchell Hashimoto banned all AI-generated code from Ghostty. Steve Ruiz at tldraw auto-closes all external pull requests.

These are respected, experienced open-source maintainers responding rationally to an irrational volume of low-quality submissions.

The Exploit That Made Headlines

In February 2026, security researcher Etizaz Mohsin demonstrated the real-world consequences by identifying and exploiting a critical authentication bypass in Orchid, a popular vibe coding platform. The vulnerability — in AI-generated backend code — allowed unauthenticated users to access any account on the platform.

The flaw: the AI-generated authentication middleware validated JWT tokens but didn't verify the token's sub field matched the resource being requested. Any valid token granted access to any resource.

What Vibe Coders Need to Do

The research doesn't condemn AI coding — it demands a different kind of review.

Use AI-specific security scanners (Snyk's AI Code Security scanner, GitHub's Copilot security integration) as mandatory CI pipeline steps
Audit every security surface explicitly: every data input, authentication boundary, and external service call
Bridge the context gap: AI tools don't know your threat model or user trust levels — you do
If you've shipped a vibe-coded product without a security review, do one now

The productivity gains from AI coding are real. The question is whether the industry will treat the security implications with the same seriousness as the productivity benefits. Right now, mostly no.

Sources: CodeRabbit Research (December 2025), BBC News, InfoQ, RedMonk Analysis