87% of AI-Agent PRs Had Security Bugs: DryRun's New Study Is a Wake-Up Call
DryRun Security tested Claude Code, OpenAI Codex, and Google Gemini on realistic app builds. Across 30 pull requests, 87% contained at least one vulnerability. The pattern: broken access control, missing WebSocket auth, weak JWT secrets, and unmounted rate limits.