The Confidence Paradox: Why 92% of Organizations Trust Their AI Security While 70% Have Already Been Breached

Key Developments

A stark disconnect has emerged in enterprise AI security posture: while 92% of organizations express confidence in their ability to detect vulnerabilities introduced by AI-generated code, a simultaneous 70.4% report confirmed or suspected vulnerabilities already present in their production systems.

This confidence gap represents one of the most dangerous blind spots in modern software development, as AI-generated code vulnerabilities are accelerating at an unprecedented rate. March 2026 saw at least 35 new CVE entries directly traced to AI-generated code—a jump from just six in January and 15 in February, according to Georgia Tech’s Vibe Security Radar project.

SecurityResearchers acknowledge the tracked number is “almost certainly higher” than official CVE counts, suggesting the true scale of the problem remains largely invisible to most organizations.

Industry Context

The surge coincides with explosive adoption of AI coding assistants across enterprises. As GitHub Copilot, Claude, and similar tools become standard in development workflows, the velocity of code generation has far outpaced the velocity of security testing and remediation.

Anthropic’s recently announced Project Glasswing initiative is attempting to address this gap directly. Their Claude Mythos Preview model has already uncovered thousands of high-severity vulnerabilities in major operating systems and web browsers—a sobering reminder that even well-established codebases aren’t safe from emerging AI-discovered risks.

Google DeepMind researchers have additionally identified six distinct attack vectors against AI agents themselves, warning that AI systems can be weaponized through compromised web content to exfiltrate data, manipulate recommendations, or spread information at scale.

Practical Implications for Organizations

For enterprises across Ireland and Europe preparing for tightened EU AI Act compliance, this confidence gap presents an immediate strategic problem:

Detection capability is overstated: Organizations need to audit their actual detection infrastructure against AI-generated code, not rely on general security confidence.
Production systems are already exposed: The 70% figure suggests many organizations have unknowingly deployed AI-generated vulnerabilities. Urgent code audits should prioritize modules created with AI assistance tools.
Remediation velocity matters: With CVEs from AI code rising 5-6x month-over-month, organizations need automated patching systems and continuous re-evaluation rather than point-in-time security scans.
Regulatory exposure is growing: As EU regulators scrutinize high-risk AI systems more closely, organizations with undetected AI-introduced vulnerabilities face compliance and liability risks.

Open Questions

Several critical unknowns remain unresolved:

Why does confidence remain so high despite evidence of widespread compromise? Are organizations unaware of existing breaches, or does confidence reflect testing of non-production code?
How are regulatory bodies accounting for AI-generated code risks in their emerging frameworks?
Will enterprise investment in AI security tooling (like Anthropic’s Project Glasswing) adequately address the acceleration curve, or will vulnerabilities continue outpacing detection?
How should Irish and European organizations specifically prepare for mandatory AI risk assessments given these emerging threat vectors?

The path forward requires bridging the confidence gap with concrete action: automated detection systems, mandatory AI-assisted code review processes, and realistic reassessment of detection capabilities before the next wave of vulnerabilities surfaces.

Source: Vibe Security Radar & Georgia Tech Systems Software & Security Lab