The unit tests pass. The PR merges. And you won't find the problem for six months.

Two papers landed this week — one on LLM-generated code, one on GitHub Actions workflows. Different researchers. Same finding.

When agents write code, they pin library versions that trained well. Not versions that are safe.

The mechanism is simple. A model has seen one popular version of a library thousands of times. It reaches for that version because it minimizes prediction loss. Pin-by-popularity and pin-by-safety are different jobs. The model only knows one of them.

The GitHub Actions paper found the same shape. Right syntax. Wrong threat model.

So the code looks clean. The tests pass. The PR merges. And six months later a security audit finds a CVE that was public before the agent ever touched the file.

This is not a model p ...