It has nothing to do with vibe coding. It’s an issue of workload.

Finding a lot of vulnerabilities creates a lot of work.

If a company has the dev team that is capable of responding to and fixing 5 vulnerabilities in a month and then suddenly they have 75 vulnerabilities then there is less time to devote to each vulnerability which can result in things like additional bugs or stability issues.

Those issues can make people hesitant to apply patches and having a known vulnerability go unpatched is worse than having an unknown vulnerability that’s unpatched. The short-term effect will be that there will be secondary issues caused by the high workload and that will lead to an increase in the amount of time that known vulnerabilities exist without being patched.

From the article:

Now that models have become really good at finding bugs in code, security shops are using AI to scan their own software, hopefully to uncover and fix flaws before the baddies do. And this trickles down to two things: more patches, and more work for admins.

Zero Day Initiative’s chief vuln finder Dustin Childs agrees with this assessment.

“At first, yes, this means more patches and thus more work for admins,” he told The Register. “The goal over time would be to eliminate as many as possible, and, over time, that monthly number goes down.”

What will make this whole AI bug hunting season “really painful,” he continued, is if the patches don’t work or - worse yet - break things.

“Many customers don’t trust patches as it is, so if AI-related patches break things, they are less likely to apply as time goes on,” Childs added. “This will be true even if AI only finds the bugs and doesn’t make the patches.”