The 2026 State of GitHub Security: What 100 Repos Taught Me About Dependency CVEs, AI Code, and False Positives

Introduction Three months ago, I started an experiment. I took 100 GitHub repositories some huge, some tiny, some built by AI, some maintained for a decade and ran them through 9 security engines. The