This article was originally published on LucidShark Blog . In March 2026, Georgia Tech's Vibe Security Radar published a dataset that should be required reading for every security team whose developers are using AI coding tools. The numbers: 35 CVEs filed that month with credible attribution to AI-generated code origin. Of those, 27 were traced back to Claude Code output specifically. Before we dig into what the data means, a brief note on methodology. Georgia Tech's attribution approach combines code similarity analysis, commit metadata (including the AI tool signatures that modern IDEs embed in commits), and in some cases direct developer attestation. It is not perfect. The 27/35 Claude Code figure reflects Claude Code's dominant market share in the agentic coding segment as much as it reflects any particular failure mode specific to Claude. But the total count is what matters most, and 35 CVEs in a single month with credible AI-origin attribution is not a rounding error.…