Veracode has released a report highlighting significant security concerns related to AI-generated code. The study examined 80 coding tasks across over 100 large language models, finding that AI introduces security vulnerabilities in 45% of cases. Despite advancements in AI-assisted development, security measures have not kept pace, with AI models often opting for insecure coding methods. This trend raises alarms as developers increasingly rely on AI without explicitly defining security requirements, potentially leaving crucial decisions to AI systems.
AI tools are also enabling attackers to exploit vulnerabilities more efficiently, increasing the sophistication and speed of attacks. Veracode’s research found that Java, among other languages, presents the highest risk, with AI-generated code often failing to address vulnerabilities like cross-site scripting and log injection. Larger AI models do not significantly outperform smaller ones in security, indicating a systemic issue.
To mitigate these risks, Veracode recommends integrating AI-powered tools into development workflows to address security flaws in real-time. Organizations are encouraged to adopt comprehensive risk management strategies, including static analysis and software composition analysis, to prevent vulnerabilities from reaching production. As AI-driven development continues to evolve, ensuring security remains a primary focus is crucial to prevent accumulating security debt.