Dev.to VibeCoding · May 25, 2026 2:29 AM

I Built a Security Scanner for AI-Generated Code — Then Found Vulnerabilities in My Own Projects What happens when you run your own tool on your own code

Been building with Cursor and Bolt lately like a lot of people here.

Started wondering — is the code these tools generate actually secure?
So I dug into it.

Turns out the numbers are bad:

45% of AI-generated code has OWASP Top 10 vulnerabilities (Veracode)
65% of vibe-coded apps have security issues (Escape.tech, 1400+ apps)
35 CVEs in a single month attributed to AI-generated code (March 2026)

Patterns I kept seeing in AI-generated code:

Hardcoded API keys and Supabase service keys
RLS

Read at Dev.to VibeCoding

Was this helpful?

Video Friday: AI Gives Robot Hands Humanlike Dexterity 2026-05-17
Context Contamination: When Your AI Agent Reads the Wrong Instructions 2026-05-16
Why Most AI-Generated Codebases Accumulate Invisible Technical Debt Faster Than Expected 2026-05-12
6 kitchen gadgets that make adulting feel easier 2026-05-23
Adaptive Parallel Reasoning: The Next Paradigm in Efficient Inference Scaling 2026-05-23

← Back to edition

I Built a Security Scanner for AI-Generated Code — Then Found Vulnerabilities in My Own Projects What happens when you run your own tool on your own code

Was this helpful?

Related