A significant threat arises from organizations knowingly deploying vulnerable code, a practice made critically dangerous by AI tools that have reduced the time-to-exploit window to less than two days. This is compounded by the proliferation of "vibe-coded" AI applications, which often contain basic security flaws and have been found exposing sensitive corporate, personal, and medical data. The risk is particularly acute for sectors like healthcare, which are already facing escalating ransomware attacks.
DevSecOps Organizations knowingly ship vulnerable code amid shrinking exploit windows May 22, 2026 Share By SC Staff (Adobe Stock) Tech Radar reports that organizations are knowingly shipping vulnerable code, despite the increasing risks posed by rapidly shrinking time-to-exploit windows, a trend exacerbated by AI-generated applications. New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable. This practice, once manageable with exploit windows of hundreds of days, has become significantly riskier. AI tools have drastically reduced the time to exploit vulnerabilities to less than two days, with predictions that this window could shrink to just one minute within two years. This poses an urgent threat, particularly to sectors like healthcare, which are already grappling with escalating ransomware attacks and third-party software risks. The rise of "vibe-coded" apps, built entirely by AI without manual code review, further compounds these exposure risks. Recent findings indicated over 5,000 such apps were pushing sensitive corporate, personal, and medical data onto the open web, often with basic security flaws. Source: Tech Radar SC Staff Related Critical Infrastructure Security TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge Laura French May 15, 2026 The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say. AI/ML OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery Laura French May 14, 2026 The program aims to leverage GPT models and Codex Security to improve software resilience. AI/ML Vibe coding has cybersecurity asking what AI can — and can’t — replace Laura French May 11, 2026 Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms. Related Events Cybercast The Next Evolution of Application Security: AI- Accelerated DevSecOps On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Applet Banner Browser Cache Cramming Common Gateway Interface (CGI) Client Cookie DLL Injection Dynamic Link Library Fuzzing You can skip this ad in 5 seconds