That's absolutely a factor here. We are missing the stuff that no one is talking about: "AI generated inefficient loop" or "AI forgot to close file handle". The documented cases were documented precisely because they were worthy.

That said, even with survivorship bias, there's a pattern.

When humans write bad code, we see the full spectrum, form typos to total meltdowns. With AI, the failures cluster around specific security fundamentals:

- Input validation - Auth checks - Rate limiting

I've seen no AI typo, have you?

Does it mean AI learned to code from tutorials that skip the boring security chapters?... think about it.

So yes, we are definitely seeing survivor bias in severity reporting. But the "types" of survivors tell us something important about what AI consistently misses. The low-severity bugs probably exist, but perhaps not making headlines.

The real question: if this is just the visible part of the iceberg, what's underneath?