AI-generated code is outpacing every manual remediation model in existence': Nearly all firms admit they have shipped code they know is vulnerable

Date:
Fri, 22 May 2026 11:45:00 +0000

Description:
Organizations are rushing to push the code live, ignoring the obvious
security risks.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Checkmarx research found 75% of organizations knowingly ship vulnerable code The timetoexploit window is expected to shrink to just one minute, raising urgent risks for some sectors Vibecoded apps built entirely via AI chat are compounding exposure Artificial Intelligence (AI) has made it unaffordable for organizations to ship code
they already know is vulnerable, but they seem to be doing so anyway, new research has claimed.

Security experts Checkmarx found shipping vulnerable code became standard operating behavior, with 75% of organizations admitting they often or sometimes deploy code they already know is vulnerable. It is hinted in the announcement that companies were making somewhat calculated risks: less than
a decade ago (in 2018), the average time to exploit a software vulnerability was 840 days. That was more than enough time to ship a product, get it running, and then sort out the kinks along the way. Latest Videos From You
may like AI code security risk: The need for a smarter layer between
detection and remediation Why software defects are now the biggest security threat Patch window is officially dead as AI finds bugs faster than humans
can squash them AI ex machina However, AI tools have completely flipped the script - with the report arguing today, it takes less than two days to
exploit a vulnerability, and that in less than two years, the time-to-exploit window will shrink even further, down to just one minute.

Checkmarx says this warning will be particularly relevant for healthcare, given the fact that hospitals and health systems are already facing
escalating ransomware attacks, third-party software risk, and growing regulatory pressure, especially in the aftermath of the Change Healthcare incident.

Vibe-coded apps (solutions built entirely by chatting with an AI, without manual review of the code) will only compound the problem, it seems. Recent Wired research suggested that plenty of vibe-coded web apps were being pushed live with weak or nonexistent auth, exposed data, and basic security flaws.

The report, which was released earlier this month, claims that the
researchers found more than 5,000 apps that were exposing corporate or personal data on the open web. It included medical data, financial information, internal corporate data, as well as customer chats. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



======================================================================
Link to news story: https://www.techradar.com/pro/security/ai-generated-code-is-outpacing-every-ma nual-remediation-model-in-existence-nearly-all-firms-admit-they-have-shipped-c ode-they-know-is-vulnerable


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)