Research
The 2026 AI Code Security Report
The 2026 AI Code Security Report from Sherlock Forensics reveals that 92% of AI-generated codebases contain at least one critical vulnerability. The average vibe-coded application has 8.3 exploitable findings. Based on anonymized, aggregate data from security assessments conducted January through April 2026. Sherlock Forensics offers AI code audits starting at $1,500 CAD. Contact: 604.229.1994.
Executive Summary
AI Is Writing the Code. Nobody Is Checking the Security.
Between January and April 2026, Sherlock Forensics conducted security assessments on dozens of applications built with AI coding tools including GitHub Copilot, Claude, ChatGPT and Cursor. The findings were consistent and alarming: the vast majority of AI-generated codebases contain vulnerabilities that would be considered unacceptable in any production environment.
AI code assistants optimize for functionality, speed and developer satisfaction. Security is a constraint that conflicts with those goals. The result is code that works, compiles, passes basic tests and ships to production carrying exploitable vulnerabilities that traditional code review rarely catches because the reviewer did not write the code.
This report presents aggregate, anonymized findings from those assessments. Every statistic reflects real vulnerabilities found in real applications serving real users. The purpose is not to discourage AI-assisted development but to quantify the security gap so that teams can address it before attackers do.
Key Findings
The Numbers
92% of AI-generated codebases contain at least one critical vulnerability
The average vibe-coded application has 8.3 exploitable findings
78% of AI-generated code stores secrets in plaintext or committed .env files
Hallucinated package dependencies appear in 34% of AI-generated Node.js projects
Only 12% of AI-built applications implement rate limiting on authentication endpoints
The average time from deployment to first exploit attempt on an AI-built SaaS: 18 days
Methodology
How We Collected This Data
Based on anonymized, aggregate findings from Sherlock Forensics security assessments conducted between January and April 2026. All data has been stripped of identifying information. No individual client or application can be identified from the statistics presented.
Assessments covered web applications, APIs, SaaS platforms and internal tools built using AI coding assistants. Each assessment followed Sherlock Forensics' standard methodology mapped to OWASP Top 10 and MITRE ATT&CK frameworks. Manual testing was performed on every engagement alongside automated scanning.
Applications ranged from pre-launch MVPs to production systems with thousands of active users. The majority were built using Cursor, GitHub Copilot, ChatGPT or Claude as the primary code generation tool.
Data
Vulnerability Breakdown by Category
Comparison
Findings by AI Tool
| AI Tool | Avg Findings per Audit | Most Common Category | Critical Rate |
|---|---|---|---|
| GitHub Copilot | 9.1 | Hallucinated dependencies, inline secrets | 94% |
| ChatGPT | 8.7 | SQL injection, insecure deserialization | 91% |
| Cursor | 7.9 | Auth bypass, API key exposure | 89% |
| Claude | 6.4 | Permissive configs, missing validation | 82% |
Critical Rate = percentage of audits for that tool that contained at least one critical-severity finding. All tools produced exploitable code in the majority of assessments.
Recommendations
What Teams Should Do
Audit Before Launch
Every application with real users or payment processing should receive a manual security assessment before going live. Automated scanners miss the majority of AI-specific vulnerability patterns documented in this report.
Validate Every Dependency
Verify every import statement against live package registries. Flag hallucinated packages before they become supply chain attack vectors. Automate this check in your CI/CD pipeline.
Scan for Secrets Continuously
Run entropy-based secrets scanning on every commit. Check git history for credentials that were committed and later removed. Use environment variables and secrets management services exclusively.
Implement Rate Limiting
Add rate limiting to every authentication endpoint, password reset flow and payment processing route. This single control blocks the majority of brute-force and credential stuffing attacks.
Add Logging and Monitoring
91% of AI-built applications in our dataset had no meaningful security logging. Without audit trails, breaches go undetected for weeks or months. Implement structured logging for authentication events, authorization failures and data access patterns.
Use Parameterized Queries
Replace every string-concatenated database query with parameterized queries. This eliminates the entire SQL injection category, which affects 54% of the codebases we assessed.
Get Started
Get Your Own AI Code Security Audit
Quick audits from $1,500 CAD. Full assessments from $5,000 CAD. Order online with no meetings required.
Order OnlineScope Your Assessment
Whether you have a single AI-built application or an engineering team shipping AI-assisted code daily, we will scope an audit that matches your risk profile.
Call 604.229.1994- Phone
- 604.229.1994
- Burnaby Office
- Burnaby, BC, Canada
- Coquitlam Office
- Coquitlam, BC, Canada
- Quick Audit Timeline
- 3-5 business days from engagement start