[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"kb-article-35-cves-in-march-2026-how-ai-generated-code-triggered-a-security-meltdown-en":3,"ArticleBody_733gxKlusLzPUvs7TKxWoA7rSvlHagr5vQs5wZWhELM":103},{"article":4,"relatedArticles":73,"locale":63},{"id":5,"title":6,"slug":7,"content":8,"htmlContent":9,"excerpt":10,"category":11,"tags":12,"metaDescription":10,"wordCount":13,"readingTime":14,"publishedAt":15,"sources":16,"sourceCoverage":57,"transparency":58,"seo":62,"language":63,"featuredImage":64,"featuredImageCredit":65,"isFreeGeneration":69,"trendSlug":57,"niche":70,"geoTakeaways":57,"geoFaq":57,"entities":57},"69cb4820ed5916d429fe2f7f","35 CVEs in March 2026: How AI-Generated Code Triggered a Security Meltdown","35-cves-in-march-2026-how-ai-generated-code-triggered-a-security-meltdown","In March 2026, security teams logged 35 new CVEs where AI-generated or AI-assisted code was a direct factor.  \nThe cause was not a novel exploit, but AI-written code and AI-heavy libraries shipped without updated AppSec practices.\n\nMore than 40,000 vulnerabilities were tracked in NVD in 2025, already overwhelming traditional workflows [6].  \nAI accelerates both development and exploitation, widening the gap between change velocity and control coverage.\n\nThe task: treat AI as a structural shift in how vulnerabilities are created and exploited, and redesign engineering and security practices accordingly.\n\n---\n\n## 1. Why 35 AI Code CVEs in One Month Is a Structural Warning\n\nThe March 2026 spike reflects a broader trend:\n\n- 40,000+ vulnerabilities in NVD in 2025, exceeding what traditional tools can handle [6]  \n- 16,200 AI-related incidents in 2025 across 3,000 U.S. companies, up 49% YoY [3]  \n- Finance and healthcare made up over half of those incidents [3]\n\n📊 **Structural stress indicators**\n\n- Exploding CVE volume overall [6]  \n- Fast-rising AI-specific incidents [3]  \n- High-value industries disproportionately hit [3]  \n\nWhy this matters:\n\n- Coding assistants are evaluated on “passes the test,” not “is secure in production.”  \n- Sonar’s analysis of 4,000+ Java assignments shows higher-performing models often produce more verbose, cognitively complex code, harder to review and secure [5].  \n- AI output frequently introduces outdated or vulnerable dependencies when developers accept suggestions without checking packages and versions [1].\n\nThe 35 March CVEs are therefore:\n\n- Not a fluke, but evidence that AI accelerates both feature delivery and exploit-ready defects [3][5]  \n- A sign that “it compiles and passes tests” is dangerously insufficient\n\n⚠️ **Mini-conclusion**  \nTreat the spike as a structural warning: AI amplifies existing fragility in software supply chains rather than creating a separate risk category.\n\n---\n\n## 2. How AI Code and AI Libraries Became Exploit Delivery Vehicles\n\nThe March CVEs involved both unsafe snippets and vulnerable AI\u002FML libraries, echoing earlier RCE flaws in NeMo, Uni2TS, and FlexTok [2].\n\nCore pattern:\n\n- Libraries over-trusted model metadata  \n- Loading a malicious model file caused attacker-controlled metadata to be parsed and executed  \n- Result: RCE in environments using popular AI frameworks with tens of millions of downloads [2]\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215233492\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1351.359375px;\" viewBox=\"0 0 1351.359375 319\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215233492{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215233492 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215233492 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215233492 .error-icon{fill:#552222;}#diagram-1775215233492 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215233492 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215233492 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215233492 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215233492 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215233492 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215233492 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215233492 .marker{fill:#333333;stroke:#333333;}#diagram-1775215233492 .marker.cross{stroke:#333333;}#diagram-1775215233492 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215233492 p{margin:0;}#diagram-1775215233492 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215233492 .cluster-label text{fill:#333;}#diagram-1775215233492 .cluster-label span{color:#333;}#diagram-1775215233492 .cluster-label span p{background-color:transparent;}#diagram-1775215233492 .label text,#diagram-1775215233492 span{fill:#333;color:#333;}#diagram-1775215233492 .node rect,#diagram-1775215233492 .node circle,#diagram-1775215233492 .node ellipse,#diagram-1775215233492 .node polygon,#diagram-1775215233492 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215233492 .rough-node .label text,#diagram-1775215233492 .node .label text,#diagram-1775215233492 .image-shape .label,#diagram-1775215233492 .icon-shape .label{text-anchor:middle;}#diagram-1775215233492 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215233492 .rough-node .label,#diagram-1775215233492 .node .label,#diagram-1775215233492 .image-shape .label,#diagram-1775215233492 .icon-shape .label{text-align:center;}#diagram-1775215233492 .node.clickable{cursor:pointer;}#diagram-1775215233492 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215233492 .arrowheadPath{fill:#333333;}#diagram-1775215233492 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215233492 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215233492 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215233492 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215233492 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215233492 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215233492 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215233492 .cluster text{fill:#333;}#diagram-1775215233492 .cluster span{color:#333;}#diagram-1775215233492 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215233492 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215233492 rect.text{fill:none;stroke-width:0;}#diagram-1775215233492 .icon-shape,#diagram-1775215233492 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215233492 .icon-shape p,#diagram-1775215233492 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215233492 .icon-shape .label rect,#diagram-1775215233492 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215233492 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215233492 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215233492 .node .neo-node{stroke:#9370DB;}#diagram-1775215233492 [data-look=\"neo\"].node rect,#diagram-1775215233492 [data-look=\"neo\"].cluster rect,#diagram-1775215233492 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215233492 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215233492 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215233492 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M217.531,147L221.698,147C225.865,147,234.198,147,241.865,147C249.531,147,256.531,147,260.031,147L263.531,147\" id=\"diagram-1775215233492-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MjE3LjUzMTI1LCJ5IjoxNDd9LHsieCI6MjQyLjUzMTI1LCJ5IjoxNDd9LHsieCI6MjY3LjUzMTI1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M458.359,147L462.526,147C466.693,147,475.026,147,482.693,147C490.359,147,497.359,147,500.859,147L504.359,147\" id=\"diagram-1775215233492-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6NDU4LjM1OTM3NSwieSI6MTQ3fSx7IngiOjQ4My4zNTkzNzUsInkiOjE0N30seyJ4Ijo1MDguMzU5Mzc1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M696.328,147L700.495,147C704.661,147,712.995,147,720.661,147C728.328,147,735.328,147,738.828,147L742.328,147\" id=\"diagram-1775215233492-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6Njk2LjMyODEyNSwieSI6MTQ3fSx7IngiOjcyMS4zMjgxMjUsInkiOjE0N30seyJ4Ijo3NDYuMzI4MTI1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1024.328,147L1030.574,147C1036.82,147,1049.313,147,1061.138,147C1072.964,147,1084.122,147,1089.702,147L1095.281,147\" id=\"diagram-1775215233492-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTAyNC4zMjgxMjUsInkiOjE0N30seyJ4IjoxMDYxLjgwNDY4NzUsInkiOjE0N30seyJ4IjoxMDk5LjI4MTI1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(1061.8046875, 147)\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(-12.4765625, -12)\">\u003CforeignObject width=\"24.953125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Yes\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-A-0\" data-look=\"classic\" transform=\"translate(112.765625, 147)\">\u003Crect class=\"basic label-container\" style=\"fill:#f97316 !important\" x=\"-104.765625\" y=\"-27\" width=\"209.53125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-74.765625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"149.53125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Malicious model file\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-B-1\" data-look=\"classic\" transform=\"translate(362.9453125, 147)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-95.4140625\" y=\"-27\" width=\"190.828125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-65.4140625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"130.828125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Load by AI library\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-C-3\" data-look=\"classic\" transform=\"translate(602.34375, 147)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-93.984375\" y=\"-27\" width=\"187.96875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-63.984375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"127.96875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Metadata parsed\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-D-5\" data-look=\"classic\" transform=\"translate(885.328125, 147)\">\u003Cpolygon points=\"139,0 278,-139 139,-278 0,-139\" class=\"label-container\" transform=\"translate(-138.5, 139)\">\u003C\u002Fpolygon>\u003Cg class=\"label\" style=\"\" transform=\"translate(-100, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"200\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Unsafe eval \u002F deserialization\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-E-7\" data-look=\"classic\" transform=\"translate(1221.3203125, 147)\">\u003Crect class=\"basic label-container\" style=\"fill:#ef4444 !important\" x=\"-122.0390625\" y=\"-27\" width=\"244.078125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-92.0390625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"184.078125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Arbitrary code execution\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215233492-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215233492-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1346.359375\" y=\"314\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\nAI-powered development tools also became exploit paths:\n\n- Copilot RCE (CVE‑2025‑53773) allowed hostile prompts in code comments to make the assistant generate and execute dangerous commands on 100,000+ developer machines [3].  \n- The IDE assistant effectively became a remote shell via prompt injection.\n\n💡 **AI supply chain as attack surface**\n\nResearch shows attackers increasingly target AI supply chains—models, plugins, datasets, orchestration frameworks—as entry points for:\n\n- Data exfiltration  \n- Lateral movement  \n- Privilege escalation [7]\n\nThe 2026 AI\u002FML threat landscape notes:\n\n- The effective perimeter has shifted from firewalls to model logic and data layers  \n- Vulnerabilities in AI code paths now map directly to business-critical exposure [8]\n\nQualys’ evaluation of DeepSeek-R1 variants shows:\n\n- Widely redistributed LLMs can carry jailbreak and safety-bypass weaknesses into downstream apps  \n- The model itself becomes part of the exploitable surface [10]\n\n⚠️ **Mini-conclusion**  \nThe risk is not just “bad snippets from ChatGPT.” The entire AI software and tooling supply chain—from models to plugins to assistants—is now an exploit delivery mechanism.\n\n---\n\n## 3. Why Traditional AppSec Misses AI-Generated Vulnerabilities\n\nAI-native architectures collide with AppSec practices built for deterministic web and API logic:\n\n- Classic frameworks assume fixed control flows, not probabilistic, context-driven behavior  \n- OWASP’s LLM Top 10 emerged because early adopters deployed LLMs without tailored security models; legacy checklists missed prompt injection and model abuse [9]\n\nPrompt injection illustrates the gap:\n\n- A model ingests attacker-controlled text (web page, ticket, PDF)  \n- Treats it as instructions  \n- Exfiltrates secrets or triggers tools [7]  \n- Legacy SAST\u002FDAST rarely model this risk in CI\u002FCD [8]\n\n📊 **Hidden fragility in “passing” code**\n\n- LLM-generated code can pass tests yet degrade structural quality and maintainability, correlating with higher defect density [5].  \n- Verbose, complex code paths are exactly where traditional tools struggle.\n\nNew datasets highlight the blind spots:\n\n- CVE‑Genie, a multi-agent framework, reproduced and exploited ~51% of 841 CVEs from 2024–2025 at ~$2.77 per CVE [4][6].  \n- Many issues live in intricate, environment-specific paths that trivial scanners miss.\n\nCommon early AI misuse patterns:\n\n- Sensitive data leaked via prompts and RAG pipelines  \n- Over-permissive tool calls by AI agents  \n- Misconfigured connectors between AI platforms and internal systems  \n\nThese often appear as data leaks, not classic perimeter breaches, so legacy monitoring under-detects AI-enabled intrusion chains [3][7].\n\n⚡ **Mini-conclusion**  \nYou cannot just “point existing scanners at AI” and expect coverage. AI-aware policies, datasets, and detection logic are required.\n\n---\n\n## 4. Production Guardrails: A Concrete Checklist for AI-Generated Code\n\nEngineering leaders need practical guardrails that integrate with existing SDLC tooling.\n\n💼 **1. Dependency hygiene by default**\n\nAI-generated code often suggests deprecated or insecure libraries [1]. Enforce:\n\n- Validation of maintenance status and ecosystem health  \n- CVE scans for all AI-suggested packages before merge  \n- Removal of unnecessary dependencies to reduce attack surface  \n\nTools: Snyk, Dependabot, OWASP Dependency Check [1].\n\n💼 **2. CVE-aware CI gates**\n\n- Run automated vulnerability scans in CI for every AI-generated change  \n- Block deployments on high\u002Fcritical issues in direct or transitive dependencies introduced by AI [1][6]\n\n💼 **3. Static analysis tuned for LLM output**\n\n- Use engines that flag cognitive complexity, security smells, and anti-patterns in verbose AI code  \n- Follow approaches similar to Sonar’s LLM leaderboard, which measures complexity and maintainability, not just correctness [5]\n\n💼 **4. OWASP LLM Top 10 in code and pipelines**\n\nTranslate guidance into controls:\n\n- Strict isolation between system prompts and untrusted inputs  \n- Schema-validated outputs before touching databases, shells, or payment APIs  \n- Adversarial red-teaming for jailbreak and prompt-override patterns [8][9]\n\n💼 **5. Treat AI assistants as untrusted components**\n\n- Monitor coding assistants like powerful agents, not benign helpers  \n- Detect patterns similar to Copilot RCE: unusual comments, embedded prompts, or system-level commands generated by tools [3]\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215234211\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1372.265625px;\" viewBox=\"0 0 1372.265625 199\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215234211{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215234211 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215234211 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215234211 .error-icon{fill:#552222;}#diagram-1775215234211 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215234211 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215234211 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215234211 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215234211 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215234211 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215234211 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215234211 .marker{fill:#333333;stroke:#333333;}#diagram-1775215234211 .marker.cross{stroke:#333333;}#diagram-1775215234211 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215234211 p{margin:0;}#diagram-1775215234211 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215234211 .cluster-label text{fill:#333;}#diagram-1775215234211 .cluster-label span{color:#333;}#diagram-1775215234211 .cluster-label span p{background-color:transparent;}#diagram-1775215234211 .label text,#diagram-1775215234211 span{fill:#333;color:#333;}#diagram-1775215234211 .node rect,#diagram-1775215234211 .node circle,#diagram-1775215234211 .node ellipse,#diagram-1775215234211 .node polygon,#diagram-1775215234211 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215234211 .rough-node .label text,#diagram-1775215234211 .node .label text,#diagram-1775215234211 .image-shape .label,#diagram-1775215234211 .icon-shape .label{text-anchor:middle;}#diagram-1775215234211 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215234211 .rough-node .label,#diagram-1775215234211 .node .label,#diagram-1775215234211 .image-shape .label,#diagram-1775215234211 .icon-shape .label{text-align:center;}#diagram-1775215234211 .node.clickable{cursor:pointer;}#diagram-1775215234211 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215234211 .arrowheadPath{fill:#333333;}#diagram-1775215234211 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215234211 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215234211 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215234211 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215234211 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215234211 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215234211 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215234211 .cluster text{fill:#333;}#diagram-1775215234211 .cluster span{color:#333;}#diagram-1775215234211 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215234211 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215234211 rect.text{fill:none;stroke-width:0;}#diagram-1775215234211 .icon-shape,#diagram-1775215234211 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215234211 .icon-shape p,#diagram-1775215234211 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215234211 .icon-shape .label rect,#diagram-1775215234211 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215234211 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215234211 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215234211 .node .neo-node{stroke:#9370DB;}#diagram-1775215234211 [data-look=\"neo\"].node rect,#diagram-1775215234211 [data-look=\"neo\"].cluster rect,#diagram-1775215234211 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215234211 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215234211 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215234211 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M183.5,87L187.667,87C191.833,87,200.167,87,207.833,87C215.5,87,222.5,87,226,87L229.5,87\" id=\"diagram-1775215234211-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTgzLjUsInkiOjg3fSx7IngiOjIwOC41LCJ5Ijo4N30seyJ4IjoyMzMuNSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M425.922,87L430.089,87C434.255,87,442.589,87,450.255,87C457.922,87,464.922,87,468.422,87L471.922,87\" id=\"diagram-1775215234211-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6NDI1LjkyMTg3NSwieSI6ODd9LHsieCI6NDUwLjkyMTg3NSwieSI6ODd9LHsieCI6NDc1LjkyMTg3NSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M640.797,87L644.964,87C649.13,87,657.464,87,665.13,87C672.797,87,679.797,87,683.297,87L686.797,87\" id=\"diagram-1775215234211-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6NjQwLjc5Njg3NSwieSI6ODd9LHsieCI6NjY1Ljc5Njg3NSwieSI6ODd9LHsieCI6NjkwLjc5Njg3NSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M897.531,87L901.698,87C905.865,87,914.198,87,921.865,87C929.531,87,936.531,87,940.031,87L943.531,87\" id=\"diagram-1775215234211-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6ODk3LjUzMTI1LCJ5Ijo4N30seyJ4Ijo5MjIuNTMxMjUsInkiOjg3fSx7IngiOjk0Ny41MzEyNSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1061.009,65.243L1071.634,60.203C1082.259,55.162,1103.508,45.081,1127.574,40.041C1151.641,35,1178.523,35,1191.965,35L1205.406,35\" id=\"diagram-1775215234211-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6MTA2MS4wMDg4ODEzMDg2MTQ1LCJ5Ijo2NS4yNDMyNTYzMDg2MTQ1Mn0seyJ4IjoxMTI0Ljc1NzgxMjUsInkiOjM1fSx7IngiOjEyMDkuNDA2MjUsInkiOjM1fV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1061.009,108.757L1071.634,113.797C1082.259,118.838,1103.508,128.919,1120.465,133.959C1137.422,139,1150.086,139,1156.418,139L1162.75,139\" id=\"diagram-1775215234211-L_E_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_G_0\" data-points=\"W3sieCI6MTA2MS4wMDg4ODEzMDg2MTQ1LCJ5IjoxMDguNzU2NzQzNjkxMzg1NDh9LHsieCI6MTEyNC43NTc4MTI1LCJ5IjoxMzl9LHsieCI6MTE2Ni43NSwieSI6MTM5fV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(1124.7578125, 35)\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(-16.9921875, -12)\">\u003CforeignObject width=\"33.984375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Pass\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(1124.7578125, 139)\">\u003Cg class=\"label\" data-id=\"L_E_G_0\" transform=\"translate(-12.7734375, -12)\">\u003CforeignObject width=\"25.546875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Fail\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-A-0\" data-look=\"classic\" transform=\"translate(95.75, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-87.75\" y=\"-27\" width=\"175.5\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-57.75, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"115.5\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>AI code change\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-B-1\" data-look=\"classic\" transform=\"translate(329.7109375, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-96.2109375\" y=\"-27\" width=\"192.421875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-66.2109375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"132.421875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Dependency scan\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-C-3\" data-look=\"classic\" transform=\"translate(558.359375, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-82.4375\" y=\"-27\" width=\"164.875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-52.4375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"104.875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Static analysis\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-D-5\" data-look=\"classic\" transform=\"translate(794.1640625, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-103.3671875\" y=\"-27\" width=\"206.734375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-73.3671875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"146.734375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>LLM-specific checks\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-E-7\" data-look=\"classic\" transform=\"translate(1015.1484375, 87)\">\u003Cpolygon points=\"67.6171875,0 135.234375,-67.6171875 67.6171875,-135.234375 0,-67.6171875\" class=\"label-container\" transform=\"translate(-67.1171875, 67.6171875)\">\u003C\u002Fpolygon>\u003Cg class=\"label\" style=\"\" transform=\"translate(-40.6171875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"81.234375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Policy gate\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-F-9\" data-look=\"classic\" transform=\"translate(1265.5078125, 35)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-56.1015625\" y=\"-27\" width=\"112.203125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-26.1015625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"52.203125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Deploy\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-G-11\" data-look=\"classic\" transform=\"translate(1265.5078125, 139)\">\u003Crect class=\"basic label-container\" style=\"fill:#ef4444 !important\" x=\"-98.7578125\" y=\"-27\" width=\"197.515625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-68.7578125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"137.515625\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Block & remediate\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215234211-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215234211-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1367.265625\" y=\"194\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\n⚠️ **Mini-conclusion**  \nGuardrails must be automated in pipelines. If they rely on developers “being careful” with AI suggestions, they will fail at scale.\n\n---\n\n## 5. Operationalizing AI Security: Detection, Response, and Governance\n\nPre-deployment controls will miss some AI-enabled attacks. Security operations must explicitly understand AI behavior.\n\n💡 **Map to the AI incident kill chain**\n\nModel incidents across:\n\n1. Seed: hostile text (prompt, document, email)  \n2. Model action: instructions updated, ignored, or subverted  \n3. Tool invocation: code execution, data access, workflow triggers  \n4. Exfiltration: data leaves via responses, logs, or connectors [7]\n\nPlace monitoring and alerts at each stage, not only at network egress.\n\n💡 **Layered prompt injection defenses**\n\nUse multiple layers [8]:\n\n- Clear separation between trusted instructions and untrusted content  \n- Guardrail LLMs to pre-screen inputs for malicious intent  \n- Output sanitization and strict schema enforcement before downstream actions\n\n💡 **Governance for AI assets**\n\nContinuously inventory and assess:\n\n- Models and distilled variants  \n- Prompts and system instructions  \n- Datasets and embeddings  \n- Plugins, tools, and connectors  \n\nQualys’ DeepSeek-R1 evaluation shows jailbreak-prone models can silently propagate unless you maintain an AI bill of materials and vulnerability assessments [10][9].\n\n💡 **AI-first incident response**\n\nDesign IR for AI-specific failure modes:\n\n- Treat leaks via prompts, RAG content, or tool calls as first-class incidents  \n- Contain by revoking API keys, rotating model credentials, disabling tools\u002Fconnectors  \n- Update prompts, guardrails, routing logic, and access policies after incidents, not just network rules [7]\n\nAutomated exploit frameworks like CVE‑Genie—reproducing ~51% of CVEs at low cost—show the value of:\n\n- Internal pipelines to reproduce, validate, and regression-test AI-related vulnerabilities [4]  \n- Turning ad hoc panics into repeatable security checks\n\n⚡ **Mini-conclusion**  \nOperational excellence for AI security means treating models, prompts, and agents as monitored, governed assets, on par with microservices and databases.\n\n---\n\n## Conclusion: Treat AI as High-Speed, Untrusted Input\n\nThe 35 AI-linked CVEs in March 2026 show what happens when AI-accelerated development meets legacy security assumptions.  \nLLMs and AI libraries act like high-speed, semi-trusted contributors that can introduce vulnerable code, unsafe dependencies, and new attack surfaces faster than traditional reviews can keep up.\n\nOrganizations must:\n\n- Recognize AI as a structural change in how vulnerabilities are created and exploited  \n- Extend AppSec to cover AI-specific risks, from prompt injection to model supply chain compromise  \n- Embed AI-aware guardrails into CI\u002FCD and operations, treating models and assistants as untrusted components requiring continuous monitoring and governance  \n\nTeams that adapt now can harness AI’s speed without inheriting its worst security liabilities. Those that do not should expect March 2026 to look mild in hindsight.","\u003Cp>In March 2026, security teams logged 35 new CVEs where AI-generated or AI-assisted code was a direct factor.\u003Cbr>\nThe cause was not a novel exploit, but AI-written code and AI-heavy libraries shipped without updated AppSec practices.\u003C\u002Fp>\n\u003Cp>More than 40,000 vulnerabilities were tracked in NVD in 2025, already overwhelming traditional workflows \u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>.\u003Cbr>\nAI accelerates both development and exploitation, widening the gap between change velocity and control coverage.\u003C\u002Fp>\n\u003Cp>The task: treat AI as a structural shift in how vulnerabilities are created and exploited, and redesign engineering and security practices accordingly.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>1. Why 35 AI Code CVEs in One Month Is a Structural Warning\u003C\u002Fh2>\n\u003Cp>The March 2026 spike reflects a broader trend:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>40,000+ vulnerabilities in NVD in 2025, exceeding what traditional tools can handle \u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>16,200 AI-related incidents in 2025 across 3,000 U.S. companies, up 49% YoY \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Finance and healthcare made up over half of those incidents \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>📊 \u003Cstrong>Structural stress indicators\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exploding CVE volume overall \u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Fast-rising AI-specific incidents \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>High-value industries disproportionately hit \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why this matters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Coding assistants are evaluated on “passes the test,” not “is secure in production.”\u003C\u002Fli>\n\u003Cli>Sonar’s analysis of 4,000+ Java assignments shows higher-performing models often produce more verbose, cognitively complex code, harder to review and secure \u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>AI output frequently introduces outdated or vulnerable dependencies when developers accept suggestions without checking packages and versions \u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The 35 March CVEs are therefore:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Not a fluke, but evidence that AI accelerates both feature delivery and exploit-ready defects \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>A sign that “it compiles and passes tests” is dangerously insufficient\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚠️ \u003Cstrong>Mini-conclusion\u003C\u002Fstrong>\u003Cbr>\nTreat the spike as a structural warning: AI amplifies existing fragility in software supply chains rather than creating a separate risk category.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>2. How AI Code and AI Libraries Became Exploit Delivery Vehicles\u003C\u002Fh2>\n\u003Cp>The March CVEs involved both unsafe snippets and vulnerable AI\u002FML libraries, echoing earlier RCE flaws in NeMo, Uni2TS, and FlexTok \u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Core pattern:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Libraries over-trusted model metadata\u003C\u002Fli>\n\u003Cli>Loading a malicious model file caused attacker-controlled metadata to be parsed and executed\u003C\u002Fli>\n\u003Cli>Result: RCE in environments using popular AI frameworks with tens of millions of downloads \u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215233492\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1351.359375px;\" viewBox=\"0 0 1351.359375 319\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215233492{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215233492 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215233492 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215233492 .error-icon{fill:#552222;}#diagram-1775215233492 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215233492 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215233492 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215233492 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215233492 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215233492 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215233492 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215233492 .marker{fill:#333333;stroke:#333333;}#diagram-1775215233492 .marker.cross{stroke:#333333;}#diagram-1775215233492 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215233492 p{margin:0;}#diagram-1775215233492 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215233492 .cluster-label text{fill:#333;}#diagram-1775215233492 .cluster-label span{color:#333;}#diagram-1775215233492 .cluster-label span p{background-color:transparent;}#diagram-1775215233492 .label text,#diagram-1775215233492 span{fill:#333;color:#333;}#diagram-1775215233492 .node rect,#diagram-1775215233492 .node circle,#diagram-1775215233492 .node ellipse,#diagram-1775215233492 .node polygon,#diagram-1775215233492 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215233492 .rough-node .label text,#diagram-1775215233492 .node .label text,#diagram-1775215233492 .image-shape .label,#diagram-1775215233492 .icon-shape .label{text-anchor:middle;}#diagram-1775215233492 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215233492 .rough-node .label,#diagram-1775215233492 .node .label,#diagram-1775215233492 .image-shape .label,#diagram-1775215233492 .icon-shape .label{text-align:center;}#diagram-1775215233492 .node.clickable{cursor:pointer;}#diagram-1775215233492 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215233492 .arrowheadPath{fill:#333333;}#diagram-1775215233492 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215233492 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215233492 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215233492 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215233492 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215233492 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215233492 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215233492 .cluster text{fill:#333;}#diagram-1775215233492 .cluster span{color:#333;}#diagram-1775215233492 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215233492 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215233492 rect.text{fill:none;stroke-width:0;}#diagram-1775215233492 .icon-shape,#diagram-1775215233492 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215233492 .icon-shape p,#diagram-1775215233492 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215233492 .icon-shape .label rect,#diagram-1775215233492 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215233492 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215233492 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215233492 .node .neo-node{stroke:#9370DB;}#diagram-1775215233492 [data-look=\"neo\"].node rect,#diagram-1775215233492 [data-look=\"neo\"].cluster rect,#diagram-1775215233492 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215233492 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215233492 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215233492 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215233492 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215233492_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M217.531,147L221.698,147C225.865,147,234.198,147,241.865,147C249.531,147,256.531,147,260.031,147L263.531,147\" id=\"diagram-1775215233492-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MjE3LjUzMTI1LCJ5IjoxNDd9LHsieCI6MjQyLjUzMTI1LCJ5IjoxNDd9LHsieCI6MjY3LjUzMTI1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M458.359,147L462.526,147C466.693,147,475.026,147,482.693,147C490.359,147,497.359,147,500.859,147L504.359,147\" id=\"diagram-1775215233492-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6NDU4LjM1OTM3NSwieSI6MTQ3fSx7IngiOjQ4My4zNTkzNzUsInkiOjE0N30seyJ4Ijo1MDguMzU5Mzc1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M696.328,147L700.495,147C704.661,147,712.995,147,720.661,147C728.328,147,735.328,147,738.828,147L742.328,147\" id=\"diagram-1775215233492-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6Njk2LjMyODEyNSwieSI6MTQ3fSx7IngiOjcyMS4zMjgxMjUsInkiOjE0N30seyJ4Ijo3NDYuMzI4MTI1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1024.328,147L1030.574,147C1036.82,147,1049.313,147,1061.138,147C1072.964,147,1084.122,147,1089.702,147L1095.281,147\" id=\"diagram-1775215233492-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTAyNC4zMjgxMjUsInkiOjE0N30seyJ4IjoxMDYxLjgwNDY4NzUsInkiOjE0N30seyJ4IjoxMDk5LjI4MTI1LCJ5IjoxNDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215233492_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(1061.8046875, 147)\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(-12.4765625, -12)\">\u003CforeignObject width=\"24.953125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Yes\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-A-0\" data-look=\"classic\" transform=\"translate(112.765625, 147)\">\u003Crect class=\"basic label-container\" style=\"fill:#f97316 !important\" x=\"-104.765625\" y=\"-27\" width=\"209.53125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-74.765625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"149.53125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Malicious model file\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-B-1\" data-look=\"classic\" transform=\"translate(362.9453125, 147)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-95.4140625\" y=\"-27\" width=\"190.828125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-65.4140625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"130.828125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Load by AI library\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-C-3\" data-look=\"classic\" transform=\"translate(602.34375, 147)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-93.984375\" y=\"-27\" width=\"187.96875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-63.984375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"127.96875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Metadata parsed\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-D-5\" data-look=\"classic\" transform=\"translate(885.328125, 147)\">\u003Cpolygon points=\"139,0 278,-139 139,-278 0,-139\" class=\"label-container\" transform=\"translate(-138.5, 139)\">\u003C\u002Fpolygon>\u003Cg class=\"label\" style=\"\" transform=\"translate(-100, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"200\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Unsafe eval \u002F deserialization\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215233492-flowchart-E-7\" data-look=\"classic\" transform=\"translate(1221.3203125, 147)\">\u003Crect class=\"basic label-container\" style=\"fill:#ef4444 !important\" x=\"-122.0390625\" y=\"-27\" width=\"244.078125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-92.0390625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"184.078125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Arbitrary code execution\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215233492-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215233492-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1346.359375\" y=\"314\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Cp>AI-powered development tools also became exploit paths:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Copilot RCE (CVE‑2025‑53773) allowed hostile prompts in code comments to make the assistant generate and execute dangerous commands on 100,000+ developer machines \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>The IDE assistant effectively became a remote shell via prompt injection.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💡 \u003Cstrong>AI supply chain as attack surface\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Research shows attackers increasingly target AI supply chains—models, plugins, datasets, orchestration frameworks—as entry points for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data exfiltration\u003C\u002Fli>\n\u003Cli>Lateral movement\u003C\u002Fli>\n\u003Cli>Privilege escalation \u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The 2026 AI\u002FML threat landscape notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The effective perimeter has shifted from firewalls to model logic and data layers\u003C\u002Fli>\n\u003Cli>Vulnerabilities in AI code paths now map directly to business-critical exposure \u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Qualys’ evaluation of DeepSeek-R1 variants shows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widely redistributed LLMs can carry jailbreak and safety-bypass weaknesses into downstream apps\u003C\u002Fli>\n\u003Cli>The model itself becomes part of the exploitable surface \u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚠️ \u003Cstrong>Mini-conclusion\u003C\u002Fstrong>\u003Cbr>\nThe risk is not just “bad snippets from ChatGPT.” The entire AI software and tooling supply chain—from models to plugins to assistants—is now an exploit delivery mechanism.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>3. Why Traditional AppSec Misses AI-Generated Vulnerabilities\u003C\u002Fh2>\n\u003Cp>AI-native architectures collide with AppSec practices built for deterministic web and API logic:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Classic frameworks assume fixed control flows, not probabilistic, context-driven behavior\u003C\u002Fli>\n\u003Cli>OWASP’s LLM Top 10 emerged because early adopters deployed LLMs without tailored security models; legacy checklists missed prompt injection and model abuse \u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Prompt injection illustrates the gap:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A model ingests attacker-controlled text (web page, ticket, PDF)\u003C\u002Fli>\n\u003Cli>Treats it as instructions\u003C\u002Fli>\n\u003Cli>Exfiltrates secrets or triggers tools \u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Legacy SAST\u002FDAST rarely model this risk in CI\u002FCD \u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>📊 \u003Cstrong>Hidden fragility in “passing” code\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LLM-generated code can pass tests yet degrade structural quality and maintainability, correlating with higher defect density \u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Verbose, complex code paths are exactly where traditional tools struggle.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>New datasets highlight the blind spots:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CVE‑Genie, a multi-agent framework, reproduced and exploited ~51% of 841 CVEs from 2024–2025 at ~$2.77 per CVE \u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Many issues live in intricate, environment-specific paths that trivial scanners miss.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Common early AI misuse patterns:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sensitive data leaked via prompts and RAG pipelines\u003C\u002Fli>\n\u003Cli>Over-permissive tool calls by AI agents\u003C\u002Fli>\n\u003Cli>Misconfigured connectors between AI platforms and internal systems\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These often appear as data leaks, not classic perimeter breaches, so legacy monitoring under-detects AI-enabled intrusion chains \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>⚡ \u003Cstrong>Mini-conclusion\u003C\u002Fstrong>\u003Cbr>\nYou cannot just “point existing scanners at AI” and expect coverage. AI-aware policies, datasets, and detection logic are required.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>4. Production Guardrails: A Concrete Checklist for AI-Generated Code\u003C\u002Fh2>\n\u003Cp>Engineering leaders need practical guardrails that integrate with existing SDLC tooling.\u003C\u002Fp>\n\u003Cp>💼 \u003Cstrong>1. Dependency hygiene by default\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>AI-generated code often suggests deprecated or insecure libraries \u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>. Enforce:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Validation of maintenance status and ecosystem health\u003C\u002Fli>\n\u003Cli>CVE scans for all AI-suggested packages before merge\u003C\u002Fli>\n\u003Cli>Removal of unnecessary dependencies to reduce attack surface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tools: Snyk, Dependabot, OWASP Dependency Check \u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>💼 \u003Cstrong>2. CVE-aware CI gates\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run automated vulnerability scans in CI for every AI-generated change\u003C\u002Fli>\n\u003Cli>Block deployments on high\u002Fcritical issues in direct or transitive dependencies introduced by AI \u003Ca href=\"#source-1\" class=\"citation-link\" title=\"View source [1]\">[1]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💼 \u003Cstrong>3. Static analysis tuned for LLM output\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use engines that flag cognitive complexity, security smells, and anti-patterns in verbose AI code\u003C\u002Fli>\n\u003Cli>Follow approaches similar to Sonar’s LLM leaderboard, which measures complexity and maintainability, not just correctness \u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💼 \u003Cstrong>4. OWASP LLM Top 10 in code and pipelines\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Translate guidance into controls:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Strict isolation between system prompts and untrusted inputs\u003C\u002Fli>\n\u003Cli>Schema-validated outputs before touching databases, shells, or payment APIs\u003C\u002Fli>\n\u003Cli>Adversarial red-teaming for jailbreak and prompt-override patterns \u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💼 \u003Cstrong>5. Treat AI assistants as untrusted components\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Monitor coding assistants like powerful agents, not benign helpers\u003C\u002Fli>\n\u003Cli>Detect patterns similar to Copilot RCE: unusual comments, embedded prompts, or system-level commands generated by tools \u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215234211\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1372.265625px;\" viewBox=\"0 0 1372.265625 199\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215234211{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215234211 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215234211 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215234211 .error-icon{fill:#552222;}#diagram-1775215234211 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215234211 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215234211 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215234211 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215234211 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215234211 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215234211 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215234211 .marker{fill:#333333;stroke:#333333;}#diagram-1775215234211 .marker.cross{stroke:#333333;}#diagram-1775215234211 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215234211 p{margin:0;}#diagram-1775215234211 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215234211 .cluster-label text{fill:#333;}#diagram-1775215234211 .cluster-label span{color:#333;}#diagram-1775215234211 .cluster-label span p{background-color:transparent;}#diagram-1775215234211 .label text,#diagram-1775215234211 span{fill:#333;color:#333;}#diagram-1775215234211 .node rect,#diagram-1775215234211 .node circle,#diagram-1775215234211 .node ellipse,#diagram-1775215234211 .node polygon,#diagram-1775215234211 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215234211 .rough-node .label text,#diagram-1775215234211 .node .label text,#diagram-1775215234211 .image-shape .label,#diagram-1775215234211 .icon-shape .label{text-anchor:middle;}#diagram-1775215234211 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215234211 .rough-node .label,#diagram-1775215234211 .node .label,#diagram-1775215234211 .image-shape .label,#diagram-1775215234211 .icon-shape .label{text-align:center;}#diagram-1775215234211 .node.clickable{cursor:pointer;}#diagram-1775215234211 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215234211 .arrowheadPath{fill:#333333;}#diagram-1775215234211 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215234211 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215234211 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215234211 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215234211 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215234211 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215234211 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215234211 .cluster text{fill:#333;}#diagram-1775215234211 .cluster span{color:#333;}#diagram-1775215234211 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215234211 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215234211 rect.text{fill:none;stroke-width:0;}#diagram-1775215234211 .icon-shape,#diagram-1775215234211 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215234211 .icon-shape p,#diagram-1775215234211 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215234211 .icon-shape .label rect,#diagram-1775215234211 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215234211 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215234211 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215234211 .node .neo-node{stroke:#9370DB;}#diagram-1775215234211 [data-look=\"neo\"].node rect,#diagram-1775215234211 [data-look=\"neo\"].cluster rect,#diagram-1775215234211 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215234211 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215234211 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215234211 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215234211 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215234211_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M183.5,87L187.667,87C191.833,87,200.167,87,207.833,87C215.5,87,222.5,87,226,87L229.5,87\" id=\"diagram-1775215234211-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTgzLjUsInkiOjg3fSx7IngiOjIwOC41LCJ5Ijo4N30seyJ4IjoyMzMuNSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M425.922,87L430.089,87C434.255,87,442.589,87,450.255,87C457.922,87,464.922,87,468.422,87L471.922,87\" id=\"diagram-1775215234211-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6NDI1LjkyMTg3NSwieSI6ODd9LHsieCI6NDUwLjkyMTg3NSwieSI6ODd9LHsieCI6NDc1LjkyMTg3NSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M640.797,87L644.964,87C649.13,87,657.464,87,665.13,87C672.797,87,679.797,87,683.297,87L686.797,87\" id=\"diagram-1775215234211-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6NjQwLjc5Njg3NSwieSI6ODd9LHsieCI6NjY1Ljc5Njg3NSwieSI6ODd9LHsieCI6NjkwLjc5Njg3NSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M897.531,87L901.698,87C905.865,87,914.198,87,921.865,87C929.531,87,936.531,87,940.031,87L943.531,87\" id=\"diagram-1775215234211-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6ODk3LjUzMTI1LCJ5Ijo4N30seyJ4Ijo5MjIuNTMxMjUsInkiOjg3fSx7IngiOjk0Ny41MzEyNSwieSI6ODd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1061.009,65.243L1071.634,60.203C1082.259,55.162,1103.508,45.081,1127.574,40.041C1151.641,35,1178.523,35,1191.965,35L1205.406,35\" id=\"diagram-1775215234211-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6MTA2MS4wMDg4ODEzMDg2MTQ1LCJ5Ijo2NS4yNDMyNTYzMDg2MTQ1Mn0seyJ4IjoxMTI0Ljc1NzgxMjUsInkiOjM1fSx7IngiOjEyMDkuNDA2MjUsInkiOjM1fV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1061.009,108.757L1071.634,113.797C1082.259,118.838,1103.508,128.919,1120.465,133.959C1137.422,139,1150.086,139,1156.418,139L1162.75,139\" id=\"diagram-1775215234211-L_E_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_G_0\" data-points=\"W3sieCI6MTA2MS4wMDg4ODEzMDg2MTQ1LCJ5IjoxMDguNzU2NzQzNjkxMzg1NDh9LHsieCI6MTEyNC43NTc4MTI1LCJ5IjoxMzl9LHsieCI6MTE2Ni43NSwieSI6MTM5fV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215234211_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(1124.7578125, 35)\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(-16.9921875, -12)\">\u003CforeignObject width=\"33.984375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Pass\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(1124.7578125, 139)\">\u003Cg class=\"label\" data-id=\"L_E_G_0\" transform=\"translate(-12.7734375, -12)\">\u003CforeignObject width=\"25.546875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Fail\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-A-0\" data-look=\"classic\" transform=\"translate(95.75, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-87.75\" y=\"-27\" width=\"175.5\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-57.75, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"115.5\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>AI code change\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-B-1\" data-look=\"classic\" transform=\"translate(329.7109375, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-96.2109375\" y=\"-27\" width=\"192.421875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-66.2109375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"132.421875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Dependency scan\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-C-3\" data-look=\"classic\" transform=\"translate(558.359375, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-82.4375\" y=\"-27\" width=\"164.875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-52.4375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"104.875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Static analysis\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-D-5\" data-look=\"classic\" transform=\"translate(794.1640625, 87)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-103.3671875\" y=\"-27\" width=\"206.734375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-73.3671875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"146.734375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>LLM-specific checks\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-E-7\" data-look=\"classic\" transform=\"translate(1015.1484375, 87)\">\u003Cpolygon points=\"67.6171875,0 135.234375,-67.6171875 67.6171875,-135.234375 0,-67.6171875\" class=\"label-container\" transform=\"translate(-67.1171875, 67.6171875)\">\u003C\u002Fpolygon>\u003Cg class=\"label\" style=\"\" transform=\"translate(-40.6171875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"81.234375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Policy gate\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-F-9\" data-look=\"classic\" transform=\"translate(1265.5078125, 35)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-56.1015625\" y=\"-27\" width=\"112.203125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-26.1015625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"52.203125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Deploy\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215234211-flowchart-G-11\" data-look=\"classic\" transform=\"translate(1265.5078125, 139)\">\u003Crect class=\"basic label-container\" style=\"fill:#ef4444 !important\" x=\"-98.7578125\" y=\"-27\" width=\"197.515625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-68.7578125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"137.515625\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Block & remediate\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215234211-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215234211-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1367.265625\" y=\"194\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Cp>⚠️ \u003Cstrong>Mini-conclusion\u003C\u002Fstrong>\u003Cbr>\nGuardrails must be automated in pipelines. If they rely on developers “being careful” with AI suggestions, they will fail at scale.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>5. Operationalizing AI Security: Detection, Response, and Governance\u003C\u002Fh2>\n\u003Cp>Pre-deployment controls will miss some AI-enabled attacks. Security operations must explicitly understand AI behavior.\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Map to the AI incident kill chain\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Model incidents across:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Seed: hostile text (prompt, document, email)\u003C\u002Fli>\n\u003Cli>Model action: instructions updated, ignored, or subverted\u003C\u002Fli>\n\u003Cli>Tool invocation: code execution, data access, workflow triggers\u003C\u002Fli>\n\u003Cli>Exfiltration: data leaves via responses, logs, or connectors \u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Place monitoring and alerts at each stage, not only at network egress.\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Layered prompt injection defenses\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use multiple layers \u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Clear separation between trusted instructions and untrusted content\u003C\u002Fli>\n\u003Cli>Guardrail LLMs to pre-screen inputs for malicious intent\u003C\u002Fli>\n\u003Cli>Output sanitization and strict schema enforcement before downstream actions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💡 \u003Cstrong>Governance for AI assets\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Continuously inventory and assess:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Models and distilled variants\u003C\u002Fli>\n\u003Cli>Prompts and system instructions\u003C\u002Fli>\n\u003Cli>Datasets and embeddings\u003C\u002Fli>\n\u003Cli>Plugins, tools, and connectors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Qualys’ DeepSeek-R1 evaluation shows jailbreak-prone models can silently propagate unless you maintain an AI bill of materials and vulnerability assessments \u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>AI-first incident response\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Design IR for AI-specific failure modes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Treat leaks via prompts, RAG content, or tool calls as first-class incidents\u003C\u002Fli>\n\u003Cli>Contain by revoking API keys, rotating model credentials, disabling tools\u002Fconnectors\u003C\u002Fli>\n\u003Cli>Update prompts, guardrails, routing logic, and access policies after incidents, not just network rules \u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Automated exploit frameworks like CVE‑Genie—reproducing ~51% of CVEs at low cost—show the value of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Internal pipelines to reproduce, validate, and regression-test AI-related vulnerabilities \u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Turning ad hoc panics into repeatable security checks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚡ \u003Cstrong>Mini-conclusion\u003C\u002Fstrong>\u003Cbr>\nOperational excellence for AI security means treating models, prompts, and agents as monitored, governed assets, on par with microservices and databases.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Conclusion: Treat AI as High-Speed, Untrusted Input\u003C\u002Fh2>\n\u003Cp>The 35 AI-linked CVEs in March 2026 show what happens when AI-accelerated development meets legacy security assumptions.\u003Cbr>\nLLMs and AI libraries act like high-speed, semi-trusted contributors that can introduce vulnerable code, unsafe dependencies, and new attack surfaces faster than traditional reviews can keep up.\u003C\u002Fp>\n\u003Cp>Organizations must:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recognize AI as a structural change in how vulnerabilities are created and exploited\u003C\u002Fli>\n\u003Cli>Extend AppSec to cover AI-specific risks, from prompt injection to model supply chain compromise\u003C\u002Fli>\n\u003Cli>Embed AI-aware guardrails into CI\u002FCD and operations, treating models and assistants as untrusted components requiring continuous monitoring and governance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Teams that adapt now can harness AI’s speed without inheriting its worst security liabilities. Those that do not should expect March 2026 to look mild in hindsight.\u003C\u002Fp>\n","In March 2026, security teams logged 35 new CVEs where AI-generated or AI-assisted code was a direct factor.  \nThe cause was not a novel exploit, but AI-written code and AI-heavy libraries shipped wit...","security",[],1479,7,"2026-03-31T04:08:28.373Z",[17,22,26,30,34,38,41,45,49,53],{"title":18,"url":19,"summary":20,"type":21},"Before You Deploy AI-Generated Code: A Production Checklist","https:\u002F\u002Fdev.to\u002Fgaurav_talesara\u002Fbefore-you-deploy-ai-generated-code-a-production-checklist-1m80","AI can generate working code in seconds. Tools like ChatGPT, Claude, and GitHub Copilot have dramatically accelerated development.\n\nBut generating code is not the same as shipping production-ready sof...","kb",{"title":23,"url":24,"summary":25,"type":21},"Remote Code Execution With Modern AI\u002FML Formats and Libraries","https:\u002F\u002Funit42.paloaltonetworks.com\u002Frce-vulnerabilities-in-ai-python-libraries\u002F","Executive Summary\n\nWe identified vulnerabilities in three open-source artificial intelligence\u002Fmachine learning (AI\u002FML) Python libraries published by Apple, Salesforce and NVIDIA on their GitHub reposi...",{"title":27,"url":28,"summary":29,"type":21},"AI Agents Security Incidents and related CVEs for Enterprise Security Teams - DataBahn","https:\u002F\u002Fwww.databahn.ai\u002Fblog\u002Fai-agents-security-incidents-and-related-cves-for-enterprise-security-teams","AI Agents Security Incidents and related CVEs for Enterprise Security Teams - DataBahn\n\nOverall Incident Trends\n\n- 16,200 AI-related security incidents in 2025 (49% increase YoY)\n- ~3.3 incidents per ...",{"title":31,"url":32,"summary":33,"type":21},"From CVE Entries to Verifiable Exploits: An Automated Multi-Agent Framework for Reproducing CVEs","https:\u002F\u002Farxiv.org\u002Fhtml\u002F2509.01835v1","# From CVE Entries to Verifiable Exploits: \n\nAn Automated Multi-Agent Framework for Reproducing CVEs\n\nReport issue for preceding element\n\n Saad Ullah \n\nBoston University \n\nsaadu@bu.edu Praneeth \n\nBala...",{"title":35,"url":36,"summary":37,"type":21},"New data on code quality: GPT-5.2 high, Opus 4.5, Gemini 3, and more","https:\u002F\u002Fwww.sonarsource.com\u002Fblog\u002Fnew-data-on-code-quality-gpt-5-2-high-opus-4-5-gemini-3-and-more","Functional benchmarks remain a standard for evaluating AI models, effectively measuring whether generated code can pass a test case. As LLMs evolve, they are becoming increasingly proficient at solvin...",{"title":31,"url":39,"summary":40,"type":21},"https:\u002F\u002Farxiv.org\u002Fhtml\u002F2509.01835v2","From CVE Entries to Verifiable Exploits: An Automated Multi-Agent Framework for Reproducing CVEs\n\nAbstract\nHigh-quality datasets of real-world vulnerabilities and their corresponding verifiable exploi...",{"title":42,"url":43,"summary":44,"type":21},"Minimum Viable AI Incident Response Playbook","https:\u002F\u002Fmedium.com\u002F@nikhilrajiiita\u002Fminimum-viable-ai-incident-response-playbook-21c3594eda36","The first real AI incidents are not sci-fi. They look like classic data leaks that start from non-classic places: prompts, retrieved documents, model outputs, tool calls, and misconfigured AI pipeline...",{"title":46,"url":47,"summary":48,"type":21},"The 2026 AI\u002FML Threat Landscape","https:\u002F\u002Fwww.linkedin.com\u002Fpulse\u002F2026-aiml-threat-landscape-mark-e-s--egmoc","Executive Overview\n\nIn 2026, the integration of Artificial Intelligence into core business operations has shifted the security perimeter from traditional firewalls to the logic and data layers of the ...",{"title":50,"url":51,"summary":52,"type":21},"OWASP LLM Top 10: AI Security Risks to Know in 2026","https:\u002F\u002Felevateconsult.com\u002Finsights\u002Fowasp-llm-top-10-security-vulnerabilities-every-ai-developer-must-know-in-2026\u002F","Elevate Consult — March 20, 2026\n\nThe OWASP LLM Top 10 framework addresses the most critical security vulnerabilities threatening AI applications today. Organizations deploy large language models in p...",{"title":54,"url":55,"summary":56,"type":21},"DeepSeek Jailbreak Vulnerability Analysis | Qualys","https:\u002F\u002Fblog.qualys.com\u002Fvulnerabilities-threat-research\u002F2025\u002F01\u002F31\u002Fdeepseek-failed-over-half-of-the-jailbreak-tests-by-qualys-totalai","DeepSeek-R1, a groundbreaking Large Language Model recently released by a Chinese startup, DeepSeek, has captured the AI industry’s attention. The model demonstrates competitive performance while bein...",null,{"generationDuration":59,"kbQueriesCount":60,"confidenceScore":61,"sourcesCount":60},100445,10,100,{"metaTitle":6,"metaDescription":10},"en","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1736101911089-677b276239f2?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxjdmVzJTIwbWFyY2glMjAyMDI2JTIwZ2VuZXJhdGVkfGVufDF8MHx8fDE3NzQ5MzAxMDl8MA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress",{"photographerName":66,"photographerUrl":67,"unsplashUrl":68},"Francesco Ungaro","https:\u002F\u002Funsplash.com\u002F@francesco_ungaro?utm_source=coreprose&utm_medium=referral","https:\u002F\u002Funsplash.com\u002Fphotos\u002Fa-green-background-with-the-words-205-written-in-yellow-9ghzvFeqc1Y?utm_source=coreprose&utm_medium=referral",false,{"key":71,"name":72,"nameEn":72},"ai-engineering","AI Engineering & LLM Ops",[74,82,89,96],{"id":75,"title":76,"slug":77,"excerpt":78,"category":79,"featuredImage":80,"publishedAt":81},"6a1b1b957037f29365deb8c7","Anthropic Mythos vs OpenAI GPT‑5.5‑Cyber: Architecting with Hacking‑Capable AI Models Safely","anthropic-mythos-vs-openai-gpt-5-5-cyber-architecting-with-hacking-capable-ai-models-safely","From Mythos to GPT‑5.5‑Cyber: why hacking‑capable LLMs exist now\n\nAnthropic’s Mythos\u002FGlasswing and OpenAI’s Daybreak launch with GPT‑5.5‑Cyber mark a 2026 shift: cyber‑optimized large language models...","hallucinations","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1675865254433-6ba341f0f00b?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxhbnRocm9waWMlMjBteXRob3MlMjBvcGVuYWklMjBncHR8ZW58MXwwfHx8MTc4MDA3MTE2OXww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-05-30T17:21:12.749Z",{"id":83,"title":84,"slug":85,"excerpt":86,"category":87,"featuredImage":80,"publishedAt":88},"6a1ab666fa1d6b0ff1fcd0a1","Anthropic Mythos vs OpenAI GPT‑5.5‑Cyber: Hacking‑Capable AI Under Security Scrutiny","anthropic-mythos-vs-openai-gpt-5-5-cyber-hacking-capable-ai-under-security-scrutiny","1. From Research Demos to Operational Hacking‑Capable Models\n\nAnthropic’s Mythos preview and Glasswing program showed that frontier models can scan large, real production codebases for subtle security...","safety","2026-05-30T10:10:31.640Z",{"id":90,"title":91,"slug":92,"excerpt":93,"category":87,"featuredImage":94,"publishedAt":95},"6a1a700e197de28733027edb","Inside Japan’s Digital Agency GENAI Stack for Secure Government AI","inside-japan-s-digital-agency-genai-stack-for-secure-government-ai","Japan’s public sector wants generative AI for faster policy work, better citizen services, and smarter operations—without losing sovereignty, compliance, or trust.  \n\nThe Digital Agency must build a G...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1478436127897-769e1b3f0f36?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxpbnNpZGUlMjBqYXBhbnxlbnwxfDB8fHwxNzgwMTE3OTQ1fDA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-05-30T05:12:24.608Z",{"id":97,"title":98,"slug":99,"excerpt":100,"category":79,"featuredImage":101,"publishedAt":102},"6a1a1a90197de2873302394f","Grok V9-Medium: 1.5T Model Architecture & MLOps Guide","grok-v9-medium-1-5t-model-architecture-mlops-guide","Grok AI’s V9-Medium 1.5T model lands in a world where GPT-5.4, Gemini 3.x, and strong open-source models are already routine production tools with strict SLOs, observability, and governance. [6][2]\n\nT...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1717143587138-2532a35ce9b2?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxncm9rJTIwbWVkaXVtJTIwbW9kZWwlMjBhcmNoaXRlY3R1cmV8ZW58MXwwfHx8MTc4MDEwOTk3NHww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-05-29T23:04:36.405Z",["Island",104],{"key":105,"params":106,"result":108},"ArticleBody_733gxKlusLzPUvs7TKxWoA7rSvlHagr5vQs5wZWhELM",{"props":107},"{\"articleId\":\"69cb4820ed5916d429fe2f7f\",\"linkColor\":\"red\"}",{"head":109},{}]