Serious Warning Over AI‑Generated Code

As AI assistants become increasingly common in software development, new research shows that while they accelerate coding dramatically, the security and reliability of their output remain a major concern. Large language models now handle everything from refactoring to building entire applications, but traditional software vulnerabilities are merging with AI‑specific flaws—creating issues that surface almost weekly.

A study by Veracode reports that although today’s models generate error‑free code 90% of the time, 45% of that code still contains classic OWASP vulnerabilities. A separate report from Wiz confirms that 20% of vibe‑coded applications include severe security flaws. Examples such as the Enrichlead startup—whose entire codebase was written by Cursor AI and later shut down due to basic security holes—show how full reliance on model‑generated code can be costly.

Common weaknesses include missing input validation, leaked API keys, weak or client‑side authentication, the use of dangerous functions, outdated libraries, and even misconfigured databases. Recent incidents—like the breach of the Nx platform or the Base44 vulnerability—also highlight that risks aren’t limited to code; they extend to AI coding platforms and development tools themselves.

Research further shows that multiple rounds of AI‑driven rewrites gradually reduce security, and vague prompts significantly increase the chance of vulnerable code. In highly regulated sectors like finance or healthcare, the lack of domain‑specific knowledge (“depth deficit”) leads to outputs that ignore legal and technical requirements.

Experts emphasize that reducing these risks requires a mixed technical‑organizational approach: automated SAST checks, embedding security requirements into system prompts, expert human review, and developer training on secure AI usage.