- The report finds that 45% of the code generated by AI had security defects
- Java is the worst offender, Python, C# and Javascript also affected
- The increase in the coding of both could worsen these threats
Almost half (45%) of the code generated by IA contains security defects even though a new investigation ready for veracode production.
His study of more than 100 large language models in 80 different coding tasks did not reveal an improvement in safety in newer or larger models, an alarming reality for companies that depend on AI tools to make a backup, or even replace, human productivity.
It was discovered that Java was the most affected, with a 70%fault rate, but Python, C# and Javascript also had 38-45%fault rates.
The code generated by AI is not so safe after all
The news occurs as more and more developers trust the generative AI to help them write the code, up to a third of the new Google and Microsoft code could now be generated by AI.
“The increase in environments coding, where developers trust AI to generate code, generally without explicitly defining security requirements, represents a fundamental change in how software is built,” said Veracode CTO Jens Wessling.
Veracode found that the LLMs often choose insecure methods to encode 45%of the time, they do not defend against crossed sites (86%) and logarithmic injection sequences (88%).
“Our research shows that the models are improving in coding precisely, but they are not improving in security,” Wessling added.
Vulnerabilities are also amplified in the modern era of AI: artificial intelligence allows attackers to explode them faster and scale.
Veracode suggests that developers enable safety verifications in AI driven flows to enforce compliance and safety. Companies must also adopt the IA remediation orientation to train developers, implement firewalls and use tools that help detect failures before.
“IA coding assistants and agent workflows represent the future of software development … Security cannot be a last -moment idea if we want to avoid the accumulation of mass security debt,” Wessling concluded.
