AI Slop & the Vulnerability Treadmill – console.log()

You are using an outdated browser. Please upgrade your browser to improve your experience.

Skip to Content

It has not been a relaxing few months for software security teams.

In December, React disclosed its first critical CVE: an unauthenticated remote code execution flaw in Server Components. In March, not only was Aqua Security’s Trivy, a widely-used security scanning tool, compromised twice in three weeks through a GitHub Actions misconfiguration, but hackers also compromised a maintainer account for the Axios npm cURL package in order to publish backdoored versions containing a cross-platform remote access trojan that silently exfiltrated credentials. In April, Vercel disclosed a security incident originating from a compromised third-party AI tool, Context AI, used by an employee that gave attackers access to customer environment variables.

Many in the vulnerability space lay the blame for these cascading incidents squarely on AI—and they’re not wrong, though the story is more complicated than "AI bad." AI-generated code is letting vulnerabilities slip into production at an alarming rate. Researchers at Georgia Tech’s Vibe Security Radar tracked CVEs directly attributable to AI coding tools and found that March 2026 alone produced more than all of 2025 combined. AI tools are also allowing bad actors to infiltrate systems in new and creative ways. The Axios npm compromise wasn’t a brute-force attack—it was "AI-enabled social engineering." AI allows attackers to mount more elaborate and convincing campaigns against open source maintainers, while simultaneously flooding the ecosystem with code that is outpacing security teams’ ability to keep up.

In my previous post on the AI Slopageddon I covered the contribution quality crisis. AI-generated pull requests are overwhelming maintainers. The social contract between contributors and projects is breaking down. And AI platforms are making it worse.

This piece is a companion. It’s about the state of supply chain security in the age of AI. We look at slop vulnerability reports, a CVE database that may already be too slow to matter, and a software supply chain with security defaults designed for a world that no longer exists.

Meh-trics

Rachel Stephens’s laptop boasts a "Meh-trics" sticker.

At RedMonk, we talk about metrics a lot, and often with suspicion. We’ve watched an entire ecosystem spring up around the monetization of perceived value in software—GitHub stars, contribution graphs, download counts, bounty payouts—proxy after proxy, each one promising to measure something real about the health and quality of a project, and each one an invitation to be gamed. Gaming isn’t new (Goodhart’s Law, amirite?). What’s new is the low cost of doing it well. AI has made it trivially easy to game software industry reward systems without delivering the outcomes they were designed for.

AI has collapsed the effort required to manufacture every signal of credibility the software ecosystem depends on, and the consequences are rippling through every incentive structure the community has built. Bug bounty programs are drowning in AI-generated reports that cost pennies in tokens to produce, but hours of expert time to debunk. Salaried internship programs like the Linux Foundation’s Mentorship Program, Google Summer of Code, and Outreachy are grappling with a murkier version of the same problem: maintainers I’ve spoken with are struggling to determine whether participants are actually doing the work or using AI to get their foot in the door without intending to meaningfully contribute afterwards. Even the resume-enhancing cachet of being an open-source contributor, a formerly reliable signal on a junior developer’s resumes, is losing its value as the cost of faking it approaches zero. AI is hollowing out the systems that once rewarded genuine effort from the inside.

What happens when the signals on which we’ve built our ecosystem stop meaning what we thought they meant, and what incentive structures we might build instead? To answer these questions, I looked at the vulnerability space, because that’s where the perverse incentives cut deepest and the money flows most visibly.

The Black, White, and Gray Markets for CVEs

Every vulnerability has a price. The question is who is paying, and for what?

There has always been a black market for exploits, so a white market emerged to balance it out (shout out to Bryan Boreham, Distinguished Engineer at Grafana Labs, for framing it this way in our recent conversation at Monki Gras). For this reason, a sophisticated, tiered global economy has emerged that is willing to pay for exploits.

At the bottom are the outright black market forums where weaponized exploits and stolen credentials trade hands with no pretense of legality. A threat actor claiming affiliation with ShinyHunters posted Vercel’s internal database on BreachForums that included customer API keys, environment...