The New York Times just dropped the most important story about AI coding that nobody wanted to hear: the code is coming faster than anyone can check it, and it is full of holes.

A financial services company recently started using Cursor, one of the hottest AI coding tools on the market. The productivity gains were immediate and impressive. The problem? The company generated a backlog of one million lines of code that needed security review. "The sheer amount of code being delivered, and the increase in vulnerabilities, is something they can't keep up with," said Joni Klippert, CEO of StackHawk, the security startup working with the firm.

This is the dirty secret of the vibe coding revolution. AI tools from Anthropic, OpenAI, and Cursor have made it possible for anyone to produce software at a pace that was unimaginable a year ago. But producing code and producing safe code are two very different things. Nearly half of AI-generated code contains security vulnerabilities, according to industry research. And the humans who are supposed to catch those flaws are being buried alive under the output.

Everyone Is a Coder. Nobody Is a Reviewer.

"The blessing and the curse is that now everyone inside your company becomes a coder," said Michele Catasta, president and head of AI at one of the firms quoted in the Times piece. That sounds great in a pitch deck. In practice, it means marketing teams, sales teams, and customer support teams are all generating code that the security team has never seen and cannot possibly audit at the rate it arrives.

The downstream effects are cascading. As software development accelerated, it forced every other department to keep pace, creating what Klippert called "a lot of stress" across organizations. The code overload is not just a technical problem. It is an organizational one.

Here is what makes this particularly dangerous: the companies shipping AI coding tools have zero incentive to slow down. Cursor, Anthropic, and OpenAI are locked in a speed war. The product that generates the most code the fastest wins. Security review? That is someone else's problem.

We wrote about this exact risk two weeks ago when we covered the vibe coding trust bottleneck. Now the New York Times is confirming it with real-world examples from real companies. The gap between code generation speed and code review capacity is widening every day. And somewhere in that gap, the next major security breach is already written.

First reported by The New York Times.