Free Monthly Digest
Slop Tracker
AI-generated code is ~42% of committed code. It ships 2.7x more vulnerabilities. Insurers are excluding it. Governments are fining it. This newsletter tracks what matters.
42%
of committed code is now AI-generated
Sonar 2026, n=1,100+
2.74x
more vulnerabilities in AI code vs human
Veracode 2025
19%
slower with AI tools (devs think 20% faster)
METR RCT, arxiv 2507.09089
21%
of enterprises have mature AI governance
Deloitte 2026
What you get each month
- Incident card — one named production incident, dissected: what happened, who caught it, what governance primitive would have prevented it
- By the numbers — 5-7 hard stats with primary-source citations you can drop into a board deck
- Regulatory watch — EU AI Act enforcement, US state patchwork, insurance exclusions, case law (Moffatt, Mobley, Berkley)
- The wedge — what the governance vendor landscape is missing and where the market is heading
- Quote of the month — one positioning line backed by evidence
Issue #1 Preview
HUMMBL Slop Tracker — Issue #1
April 2026
5 things you should know:
- AI code is 42% of commits and ships 2.74x more vulnerabilities — the security pass rate has been stuck at ~55% for 2 years despite model improvements
- SWE-bench is inverted: Claude Opus 4.6 hits 79.3% Verified but produces vulnerable code in 29.2% of samples
- Berkley wrote absolute AI exclusions into D&O and E&O policies — no governance = no coverage
- Moffatt v. Air Canada (2024) + Mobley v. Workday (cert. July 2025) are settling the liability chain
- EU AI Act enforcement goes live August 2, 2026 — Finland has been enforcing since January
Full issue: ~1,500 words, 7 cited stats, 3 court cases, 1 incident card. Evidence corpus on GitHub.
Who reads this
CISOs evaluating AI code risk. CAIOs building governance programs. GCs tracking AI liability exposure. Engineering leaders who need cited evidence, not vibes, for their next board presentation.
Want a governance posture check?
Take the 20-question self-assessment. Get a scored report mapped to NIST AI RMF and ISO 42001.
Start Assessment