Add some more studies on LLMs and code quality

A few weeks ago I researched the impact of LLMs and code quality to write a section for this list. This PR incorporates this research into the existing writeup.
2026-06-04 16:17:02 +02:00 · 2026-03-12 11:29:37 +00:00 · 2026-03-12 11:29:37 +00:00 · fe556254f1
commit fe556254f1
parent 39df76a380
1 changed files with 4 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -335,6 +335,7 @@ Vibe coding / agentic workflows result in poorer code quality, and relaxed overs
 * [How I Dropped Our Production Database and Now Pay 10% More for AWS](http://archive.today/2026.03.06-144058/https://alexeyondata.substack.com/p/how-i-dropped-our-production-database)
 * [Claude Tested Everything Except the One Thing That Mattered (Ai agent refuses to follow explicit instructions to test `createPost()` in increasingly erratic ways)](http://archive.today/2026.03.09-201135/https://christophermeiklejohn.com/ai/claude/2026/03/08/claude-tested-everything-except-the-one-thing-that-mattered.html)
 * [Amazon calls engineers for a “deep dive” internal meeting to discuss “GenAI”-related outages](https://ghostarchive.org/archive/3TfgF)
+* GitClear has released reports in [2024](https://www.gitclear.com/coding_on_copilot_data_shows_ais_downward_pressure_on_code_quality) and [2025](https://www.gitclear.com/ai_assistant_code_quality_2025_research) indicating a worsening of key code quality metrics correlating with increased LLM adoption.

 ### Infosec risks

@ -342,8 +343,10 @@ This also often results in massive security holes.

 * [Meta Security Researcher's AI Agent Accidentally Deleted Her Emails](http://archive.today/2026.02.26-153034/https://www.pcmag.com/news/meta-security-researchers-openclaw-ai-agent-accidentally-deleted-her-emails)
 * [Moltbook’s ‘vibe-coded’ breach is the future of security failures](https://thehill.com/opinion/cybersecurity/5744310-ai-powered-security-risks/)
+* [In a study evalulating over 500k code samples, LLM-generated code was found to contain more high-risk security vulnerabilities than human-generated code](https://arxiv.org/abs/2508.21634)
+* [LLMs make up package names, making them vulnerable to incorporating malicious code in "slopsquatting" attacks](https://www.theregister.com/2025/04/12/ai_code_suggestions_sabotage_supply_chain/) ([Arxiv study](https://arxiv.org/abs/2406.10279))

-## Healthy and Safety
+## Health and Safety

 There's been a number of high profile incidents that have resulted in endangerment or death. Here's some examples: