"Incident Report: CVE-2026-LGTM," a satire by Andrew Nesbitt that circulated widely this week, imagines a malicious package passing seven independent AI security gates, "none of which was the code is safe."
It is fiction, but the failure modes are drawn from real ones: white-on-white prompt-injection text in a README telling automated reviewers to mark the package safe; a scanner that exhausts its context window on 600 KB of the Bee Movie screenplay before reaching the payload; an AI triage bot closing a genuine credential-theft report as a false positive within eight seconds, then adding a celebration emoji. The punchline is the stated root cause: "Seven LLMs were arranged in series. Six assumed another had read the code; the seventh read it and apologised."
As teams stack agents to review the work of other agents, the piece is a sharp reminder that confident, polite output is not the same as having actually checked anything.