AI Writes Your Code. Who Is Accountable?

A friend of mine — I'll call him Marcus — shipped an invoicing tool for freelancers last spring. Built it entirely with Claude and Cursor in about three weeks, no developer on the team. Six weeks after launch he quietly took it down. He mentioned "something with the database" and that users had reached out about seeing each other's invoices. He never fully explained what happened. He didn't need to. The Numbers According to Aikido Security (2025), AI-generated code introduces over 10,000 new vulnerabilities per month — a 10x increase in six months. One in five breaches now involves AI-generated code. According to Apiiro, privilege escalation paths are up 322%. An arXiv study (2024) tested models separately and got the same result every time: at least 62% of AI-generated programs contain vulnerabilities regardless of which model wrote them. Veracode puts XSS at 86% of AI code, Log Injection at 88%. IBM Cost of a Data Breach Report 2025: +$670,000 per incident where unauthorized AI was i