Veracode tested over 100 large language models on security-sensitive coding tasks and found that 45% of the code they produced introduced OWASP Top 10 vulnerabilities — a pass rate that did not improve across multiple testing cycles. That single number explains why AI in 2026 did not add one attack …