Lead Story | High — SDLC Exposure · AI-Generated Code | Dev · Enterprise |
|
Vibe Security Radar Tracked 35 AI-Attributable CVEs in a Single Month — CSA’s Research Puts SDLC Governance in the Frame for Every Organization Using AI Coding Tools
CVEs formally attributed to AI-generated code increased from 6 in January to 35 in March, tracked by Georgia Tech’s Vibe Security Radar. The slopsquatting attack pattern — claiming the names AI tools hallucinate, then publishing them as real packages before developers install them — has a confirmed attack vector. The governance question in both cases is the same: does AI-generated code pass through your SDLC security controls?
The Cloud Security Alliance’s May 2026 research note “Vibe Coding’s Security Debt” documents a CVE trend tracked by Georgia Tech’s Vibe Security Radar: vulnerabilities formally attributable to AI-generated code increased from 6 in January to 35 in March. Georgia Tech researchers estimate the actual count is five to ten times higher since most AI tools leave no commit metadata. Veracode found 45% of AI-generated code samples introduce at least one OWASP-aligned vulnerability. Slopsquatting has a confirmed attack vector: in January 2026, Aikido Security researcher Charlie Eriksen claimed the hallucinated npm package name react-codeshift before any attacker could, and found it had already spread to 237 repositories via forks of 47 AI-generated agent-skill files. CSA Research → Veracode GenAI Report →
AI coding tools are production-grade software-producing systems, and their outputs carry the same risk profile as any code entering the build pipeline without security review. Treating AI-assisted commits as exempt from dependency scanning, secrets detection, and SAST is the governance gap the CSA research documents — and the gap slopsquatting attacks and credential-exposing commits exploit.
→ Key Takeaway The CSA’s research identifies three recurring exposure paths from AI-generated code reaching production without SDLC controls: package names AI tools hallucinate, claimed by attackers through slopsquatting; overly broad permission grants in AI-written infrastructure code; and secrets committed in AI-generated configuration files. Ask your engineering and security leads whether AI-assisted commits trigger your SAST, SCA, and secrets-detection pipeline — and whether there is a defined policy for reviewing AI-generated package lists before installation. HARDENED does not endorse or recommend specific vendors. Tools are listed for awareness only. |
Quick Hits
| 01 |
Grafana Confirms Codebase Stolen After “Pwn Request” Attack on GitHub Actions — Extortion Demand Refused
Grafana disclosed on May 16, 2026 that attackers exploited a “Pwn Request” vulnerability — a pull_request_target GitHub Actions misconfiguration granting external fork contributors access to production CI secrets — to extract privileged tokens, clone the entire codebase, and demand a ransom. A group calling itself CoinbaseCartel claimed responsibility; Grafana refused to pay and the compromised credentials have been invalidated. No customer data was accessed. The Pwn Request pattern applies to any repository using pull_request_target without strict permission scoping: audit all GitHub Actions workflows using that trigger and confirm forked-branch runs cannot access production secrets. The Hacker News → Bleeping Computer →
| High — CI/CD Credential Theft · Source Code Exposure | Cloud+DevOps · Dev |
|
CVE Watch
|
CVE Watch
CVE-2026-8043 (Ivanti Xtraction, CVSS 9.6): Path Traversal Lets Authenticated Attackers Read Sensitive Files and Write Arbitrary HTML — Patch Available
Ivanti patched CVE-2026-8043 (CVSS 9.6) in Xtraction, its enterprise IT reporting and business intelligence platform, on May 13, 2026. The flaw is a path traversal and external file-name control vulnerability (CWE-22, CWE-73) allowing an authenticated remote attacker to pull files from the server’s file system and drop attacker-controlled HTML into web-served paths — allowing the server to deliver client-side attacks against any internal user who trusts it. No exploitation has been confirmed in the wild. Update Xtraction to version 2026.2 or later; the internal-trust attack path makes this high priority even without a KEV listing — confirm with your team that the patch has been applied to any Xtraction instance accessible from corporate networks. Ivanti Advisory → NIST NVD →
| Vendor: Ivanti · CVE: CVE-2026-8043 · CVSS: 9.6 (Critical) · Affected: Ivanti Xtraction before version 2026.2 · Fix: Xtraction 2026.2 (May 13, 2026) · Exploitation: No exploitation confirmed in wild |
|
Compliance Tip of the Day
|
NIST CSF 2.0 — PR.PS-02 — Protect: Platform Security
AI Coding Tools Are Platforms — Their Outputs Belong in Your Software Maintenance Policy
NIST PR.PS-02 requires software to be maintained, replaced, and removed commensurate with risk — a standard organizations routinely apply to production systems but rarely to AI coding tools and the code they produce. The CSA’s vibe coding research documents the consequence: AI tools generating production-bound commits without triggering SAST, SCA, or secrets-detection pipelines carry the same security profile as a developer bypassing code review. Concrete action (PR.PS-02): Inventory which AI coding tools are authorized in your development environment, confirm that AI-assisted commits are subject to the same automated security scanning as human-written code, and establish a version and update policy for the tools themselves — an outdated AI tool configuration is a platform security gap as much as outdated software. NIST CSF 2.0 reference: nist.gov/cyberframework.
|
On Our Radar
Windows YellowKey + GreenPlasma (no CVE, no patch, PoC public): Researcher Chaotic Eclipse published PoC exploits on May 13, 2026 for two unpatched Windows vulnerabilities: YellowKey, a BitLocker bypass using crafted FsTx files on removable media to access TPM-only protected disks on Windows 11 and Server 2022/2025 with physical access and a USB drive, and GreenPlasma, a CTFMON privilege escalation to SYSTEM affecting Windows 11 and Server 2022/2026 with no physical access requirement. No CVE has been assigned and Microsoft has not issued a statement. HARDENED is watching for vendor acknowledgement and escalation. Bleeping Computer →
|
