Vibe Coding’s Hidden Cost: AI‑Generated Code Is Creating Real CVEs

Hosts• Professor CyberRisk• Cyber Cowboy---Live Cyber Maps• Bitdefender Threat Map — https://threatmap.bitdefender.com/• Check Point Threat Map — https://threatmap.checkpoint.com/• Kaspersky Cyber Threat Map — https://cybermap.kaspersky.com/• Talos Intelligence Spam Map — https://talosintelligence.com/ebc_spam---Episode InformationTitle: Vibe Coding’s Hidden Cost: AI‑Generated Code Is Creating Real CVEsEpisode Number: March 27, 2026---OverviewSecurity researchers at Georgia Tech have uncovered a disturbing trend: AI coding assistants are now directly responsible for at least 35 newly reported CVEs, each introduced by AI‑generated code. This marks a fundamental shift in software security — vulnerabilities are no longer just human mistakes or malicious injections, but systemic flaws created by the tools meant to accelerate development.This episode explores how AI‑generated vulnerabilities, leaked iPhone exploits, macOS malware using fake CAPTCHAs, human psychology at RSAC 2026, and a cyberattack on medical device manufacturer Stryker all point to the same conclusion: the threat landscape is evolving faster than traditional defenses can keep up.From the document:“At least 35 new Common Vulnerabilities and Exposures entries have been identified where the flaw was introduced specifically by AI-generated code.”---Guest InformationNone this episode.---Topics Covered• AI‑generated vulnerabilities and the rise of “vibe coding”• Leaked nation‑state iPhone exploits targeting older devices• Infiniti Stealer: macOS malware using ClickFix and fake CAPTCHAs• RSAC 2026: Why phishing still works on everyone• Stryker cyberattack and the fragility of healthcare manufacturing---Top Stories1. AI‑Generated Code Is Creating Real CVEsGeorgia Tech researchers identify at least 35 CVEs introduced by AI coding tools.Link: https://www.infosecurity-magazine.com/news/ai-generated-code-vulnerabilities/2. Leaked iPhone Exploits Leave Millions ExposedNation‑grade spyware targeting older iOS versions is now in the wild.Link: https://techcrunch.com/2026/03/26/apple-made-strides-with-ios-26-security-but-leaked-hacking-tools-still-leave-millions-exposed-to-spyware-attacks/3. Infiniti Stealer Targets macOS UsersA new infostealer uses fake CAPTCHA pages and ClickFix to trick users into running malicious commands.Link: https://www.malwarebytes.com/blog/threat-intel/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka4. RSAC 2026: Phishing Still Works Because of Human PsychologyResearchers show that cognitive biases—not weak passwords—drive phishing success.Link: https://uk.pcmag.com/security/164040/rsac-2026-the-surprising-reason-phishing-still-works-on-everyone5. Stryker Recovers After Major CyberattackA cyberattack disrupts medical device manufacturing, highlighting cyber‑physical risk.Link: https://www.channelnewsasia.com/business/stryker-says-manufacturing-mostly-restored-after-cyberattack-6019376---Additional Cybersecurity News – Titles and URLsNone beyond the top stories this episode.---Resources & LinksNone this episode.---Call to Action• Subscribe: Stay updated on cybersecurity threats.• Leave a Review: Tell us what you think.• Join the Conversation: Follow our community and ask questions.---Sponsor (if applicable)No sponsors this episode.---Podcast Socials & Website• Website: https://www.youvealreadybeenhacked.com• X: @professorcyberrisk• YouTube: https://www.youtube.com/@YABHPodcast• Discord – The Neural Network: https://discord.gg/cz3xdsrqAE