IS AI Coding Causing All The Security Vulnerabilities & Issues
Microsoft has never shied away from pushing bad patches. I can think of 10 or so cases where patch Tuesday have recked havoc on IT systems in the last 20 or so years I've been in IT.
But it seems to be happening more frequently recently.
Maybe my ear is more to the ground. Maybe I'm noticing it more, but Microsoft seems to be pushing security patches more frequently, too.
So I ran the numbers.
Microsoft patched 1,360 vulnerabilities in 2024, the highest ever recorded. An 11% increase over the previous record set in 2022, with 1,294 patches recorded. And the number hasn't been getting much better.
In 2025, Microsoft deployed 1,130 CVEs. A slight decrease, but still a higher number than I'm sure anyone would like to see.
2026 has been no better. Microsoft patched 114 CVEs in January alone. In Febuary they have now patched 6 exploited zero-day bugs.
Now, in Microsoft's defense, they have a lot of code. My simple website could have 1,294 patches in a year because there aren't 1,294 modules for me to even patch. But still, it seems like something is changing in the Microsoft development world.
Maybe they are finding the security vulnerabilities faster. Maybe these security vulnerabilities have been around for years, and Microsoft is just discovering.
Or maybe, as I suspect, AI is creating the issues.
Think about it like this. Imagine every line of code in the Microsoft ecosystem goes through multiple phases.
- You have a programmer writing the code.
- A senior exec reviewing the code.
- A tester reviewing the code.
- A security expert reviewing the code.
- Then have hundreds, if not thousands, of automated tests.
Now, imagine that all of these people are using AI to perform their tasks. How many actual reviews are happening? The answer is 1.
So maybe it's a coincidence that Microsoft has had so many outages recently. Maybe I've been paying attention to the security bugs more recently.
Or maybe, AI isn't ready for production development quite yet.
