Today in InfoSec Job Security News:

I was looking into an obvious ../.. vulnerability introduced into a major web framework today, and it was committed by username Claude on GitHub. Vibe coded, basically.

So I started looking through Claude commits on GitHub, there’s over 2m of them and it’s about 5% of all open source code this month.

https://github.com/search?q=author%3Aclaude&type=commits&s=author-date&o=desc

As I looked through the code I saw the same class of vulns being introduced over, and over, again - several a minute.

AI companies copy all written works they can get their hands on and call it fair use, if someone does it to their models it suddenly becomes "unauthorized distillation" and should be actionable in court.

The double-standard is ridiculous.

https://www.theregister.com/2026/02/14/ai_risk_distillation_attacks/

Five years ago I pointed out nearly all NFT's were going to break when the startup who minted them goes bust, causing people to get *extremely* mad at me until everyone concluded that I was correct.

Thought I'd check in on the two examples I used and well