Broken by Default: A Formal Verification Study of Security Vulnerabilities in AI-Generated Code

The project is currently a research-centric artifact with zero stars and minimal community engagement (2 forks), suggesting it functions primarily as a static benchmark rather than a living tool. While the use of formal verification (Z3) via the COBALT pipeline is a rigorous approach to LLM security, this methodology is rapidly being internalized by frontier labs (OpenAI, Google DeepMind) for RLHF and automated red-teaming. The defensibility is low because the core 'moat'—the 500 prompts and the verification logic—can be easily replicated or superseded by established security vendors like Snyk or GitHub (Microsoft), who are already integrating AI-specific security scanning into their IDEs. The displacement horizon is short (under 6 months) as frontier labs are incentivized to provide 'secure by default' generation to maintain enterprise trust, effectively absorbing this type of analysis into their core platform offerings.