The Open Worldwide Application Security Project (OWASP) community has released an out of band update to their famous "Top 10" list of critical security risks. Each category title, like "Injection" or "Broken Access Control", is abstract to fit a wide range of risks, like how your code is one big risk.
The new category, "Your Code" is at the #2 spot. It replaced the previous #6 category, "Insecure Design". And I think we can all agree it's the same thing, but with a more descriptive name than before.
The community usually releases an update every 3 years. Having just released an update in 2025, you can understand how severe of a security risk your code actually is. At press time there is no suggested workaround. You'll just have to tell Claude to write everything for you instead. That's also insecure, but better than what you're doing.
This marks the first time a new category has been added to the OWASP Top 10 list since Log4J inspired "Software Supply Chain Failures".