Today in InfoSec Job Security News:

I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.

So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.

https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc

As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.

The press have found out about this now. https://www.forbes.com/sites/the-wiretap/2026/04/22/anthropics-claude-is-pumping-out-vulnerable-code-cyber-experts-warn/

@GossiTheDog about time. Maybe this time folks will realize how bad this is. Mythos takes what’s already in a bad spot and makes it worse. We can find the vulns but nobody can design secure code. Hell, even fixing them after the fact seems improbable.

@GossiTheDog create the problem and the solution, sounds like a business model to me!

@GossiTheDog if only industry experts had warned us all about the dangers of LLM slop 😂

RE: https://mastodon.online/@electrek/116450510594461594

@GossiTheDog I'm sure I saw on the #ABCNews last night that Anthropic is offering an AI tool to large tech companies (at first) to identify and resolve software vulnerabilities. Does this mean Anthropic is creating at least some of the vulnerabilities that it will now be paid to identify and resolve?

RT: https://mastodon.online/users/electrek/statuses/116450510594461594

@GossiTheDog Is it easier to find issues when you generate them yourself? 🤪