Today in InfoSec Job Security News:

I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.

So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.

https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc

As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.

The press have found out about this now. https://www.forbes.com/sites/the-wiretap/2026/04/22/anthropics-claude-is-pumping-out-vulnerable-code-cyber-experts-warn/

@GossiTheDog about time. Maybe this time folks will realize how bad this is. Mythos takes what’s already in a bad spot and makes it worse. We can find the vulns but nobody can design secure code. Hell, even fixing them after the fact seems improbable.

@GossiTheDog create the problem and the solution, sounds like a business model to me!

@GossiTheDog if only industry experts had warned us all about the dangers of LLM slop 😂

@GossiTheDog Is it easier to find issues when you generate them yourself? 🤪