Is AI-Generated Code Secure? What the Research Shows

AI coding tools are everywhere. GitHub Copilot has millions of users. Enterprises are adopting rapidly, attracted by productivity gains and competitive pressure.

But there's a conversation nobody wants to have.

Research consistently shows that 45-48% of AI-generated code contains security vulnerabilities. Not edge cases. Not theoretical risks. Real, exploitable flaws that put systems and data at risk.

This is what the research actually found.

What Studies Actually Found

Multiple independent research efforts have reached similar conclusions.

Veracode 2025 GenAI Code Security Report

The Veracode 2025 GenAI Code Security Report tested over 100 LLMs across 80 real-world coding tasks in Java, Python, C#, and JavaScript.

Key findings:

According to Veracode's analysis, nearly half of all AI-generated code contains vulnerabilities from the OWASP Top 10—the most critical security risks for web applications.

The press release put it bluntly: AI-generated code poses major security risks in nearly half of all development tasks.

Georgetown CSET Study (November 2024)

The Georgetown Center for Security and Emerging Technology evaluated five major LLMs and found 48% of generated code snippets contain vulnerabilities.

The full report identified three distinct risk categories:

1. Models generating insecure code — The most direct risk
2. Models vulnerable to attack — Prompt injection, jailbreaking
3. Downstream security impacts — Propagation through codebases

Academic Research

Earlier academic studies reached similar conclusions:

• Pearce et al. (2022): Approximately 40% of GitHub Copilot programs contain vulnerabilities
• Perry et al. (2023): Developers with AI access produced less secure code than those without
• Khoury et al. (2023): Only 5 of 21 ChatGPT-generated programs were initially secure

The consistency across studies is notable. Different researchers, different methodologies, same conclusion: AI-generated code has significant security problems.

The Velocity-Vulnerability Tradeoff

The security problem isn't static—it's accelerating.

Apiiro Research (September 2025)

Apiiro analyzed tens of thousands of repositories across Fortune 50 companies. By June 2025, they found 10,000+ new security findings per month from AI-generated code.

That represents a 10x spike compared to December 2024. And the curve is accelerating, not flattening.

The Tradeoff Made Visible

The data shows a clear pattern:

AI is making developers faster at writing code that compiles and runs. But it's simultaneously introducing security vulnerabilities at an alarming rate.

The summary: 4x velocity, 10x vulnerabilities.

Why AI Gets Security Wrong

Understanding root causes helps inform mitigation strategies.

Cause 1: Training Data

AI models learned from GitHub code. A lot of GitHub code is insecure. The models replicate common patterns—including common vulnerabilities.

When the majority of examples in training data use insecure patterns, the AI treats those patterns as "normal" and reproduces them.

Cause 2: Context Blindness

AI doesn't know your threat model. It doesn't understand your compliance requirements. It can't assess risk in your specific environment.

A code snippet that's fine for a personal project might be catastrophic in a healthcare application handling PHI. AI doesn't know the difference.

Cause 3: Optimizing for Wrong Thing

AI optimizes for "works" not "secure."

• Tests check functionality, not security
• Success means "it runs" not "it's safe"
• Adversarial thinking is absent

When you ask AI to write a login endpoint, it produces one that logs users in. Whether it's vulnerable to injection attacks isn't part of the optimization target.

Cause 4: Input Validation Gaps

The most common flaw across studies: missing input sanitization.

AI delivers endpoints without validation. The happy path works. But under attack, the code fails catastrophically.

Cloud Security Alliance Finding

The Cloud Security Alliance found that 62% of AI-generated code contains design flaws. API endpoints are especially problematic, with authorization logic frequently incomplete.

Which Languages Are Most Vulnerable

The Veracode research broke down vulnerability rates by language:

Why Java Is Worst

Java has complex security patterns. There are many ways to do things wrong. Enterprise patterns—the kind Java is used for—involve authentication, authorization, and data handling that AI doesn't reliably understand.

JavaScript Concerns

JavaScript faces specific challenges:

• XSS vulnerabilities are common
• DOM manipulation creates risks
• Client-side security is often ignored entirely

What These Vulnerabilities Look Like

Concrete examples help illustrate the risk.

SQL Injection

AI generates:

query = 'SELECT * FROM users WHERE id = ' + userId;

Should be:

query = 'SELECT * FROM users WHERE id = ?';
// With parameterized binding

Consequence: Complete database compromise. Attackers can read, modify, or delete any data.

XSS (Cross-Site Scripting)

AI generates:

element.innerHTML = userInput;

Should be:

element.textContent = userInput;
// Or sanitized HTML

Consequence: User session hijacking, credential theft, malware distribution.

Log Injection

AI generates:

logger.info("User: " + username)

Should be:

logger.info("User: %s", sanitize(username))

Consequence: Log forgery, audit trail corruption, compliance violations.

Insecure Deserialization

AI generates:

obj = pickle.loads(data)

Should be:

# Safe deserialization with validation
obj = json.loads(data, cls=SafeDecoder)

Consequence: Remote code execution. Attackers can run arbitrary code on your servers.

What This Means for Organizations

The Risk Equation

• More code = more attack surface
• AI enables more code faster
• Security review capacity stays flat
• Gap widens

Organizations are shipping 4x more code while security team capacity remains constant. The math doesn't work.

Compliance Concerns

Regulated industries face specific challenges:

• SOC 2, HIPAA, PCI-DSS have specific code security requirements
• AI-generated code may not meet standards
• Audit trail questions: Who wrote the code? Who reviewed it?
• Accountability becomes murky

The Acceleration Problem

Technical debt compounds. Each vulnerable component creates risk. Each risk creates potential incident. Incidents create costs—financial, reputational, regulatory.

The faster organizations ship AI-generated code, the faster they accumulate security debt.

How to Use AI Code Safely

The answer isn't to ban AI coding tools. The answer is to use them carefully.

Strategy 1: Automated Scanning

Run static application security testing (SAST) tools on all AI-generated code. Integrate into CI/CD pipeline. Block deployment of code with known vulnerabilities.

This catches the obvious problems automatically.

Strategy 2: Human Review for Sensitive Areas

Some code needs human eyes:

• Authentication and authorization
• Payment processing
• Data handling and PII
• API endpoints
• Cryptographic operations

Don't trust AI output in security-critical paths without review.

Strategy 3: Security-Focused Prompting

Include security requirements in prompts:

• "Include input validation for all parameters"
• "Use parameterized queries for database access"
• "Consider OWASP Top 10 vulnerabilities"

AI produces better security code when explicitly asked. It just doesn't do it by default.

Strategy 4: Training and Awareness

Developers need to know the risks. Treat AI output with appropriate skepticism. Review with a security lens. Don't trust—verify.

Strategy 5: Architecture-Level Controls

Defense in depth:

• Don't rely on any single layer
• Assume AI code might be vulnerable
• Use firewalls, rate limiting, monitoring
• Implement least privilege everywhere

How AI Coding Tools Are Addressing This

Current State

• Some tools add security warnings
• Some integrate with SAST tools
• Most still default to "just make it work"

Security is improving but remains secondary to functionality in most AI coding tools.

What to Look For

When evaluating tools:

• Built-in security scanning
• Secure coding patterns by default
• Compliance-aware generation
• Security-focused model fine-tuning

The Gap

One sobering finding from the research: larger models don't perform significantly better on security.

This isn't a scaling problem. GPT-4 doesn't write more secure code than GPT-3.5 in meaningful ways. The issue is architectural—how models are trained and what they optimize for.

Solving AI code security requires more than bigger models.

The Bottom Line

AI-generated code has real security risks. The 45-48% vulnerability rate is not acceptable for production systems handling sensitive data.

But the answer isn't to ban AI coding tools.

The answer is:

• Automated scanning on all AI-generated code
• Human review for security-critical paths
• Security requirements in prompts
• Defense in depth architecture
• Treating AI as a junior developer who doesn't think about security

AI coding tools are powerful. They're also naive about security. Use them accordingly.

Build Securely with Full Context

Solo IDE provides AI coding with full project awareness. Agents understand your entire codebase, not just the current file—enabling more contextually appropriate and secure code generation.

Join the waitlist →

Sources & Further Reading

Veracode 2025 GenAI Code Security Report

• Report Landing Page — Overview and key findings
• Blog Summary — Analysis and implications
• Full PDF Report — Complete methodology and data
• Press Release — Official announcement

Georgetown CSET Study

• Publication Page — Overview and summary
• Full PDF Report — Complete analysis with three risk categories

Additional Research

• Pearce et al. (2022) — GitHub Copilot vulnerability analysis
• Perry et al. (2023) — AI impact on developer security practices
• Khoury et al. (2023) — ChatGPT code security evaluation
• Apiiro (2025) — Enterprise AI code security trends
• Cloud Security Alliance — AI code design flaw analysis