Slashdot: AI Code Generators Are Writing Vulnerable Software Nearly Half the Time, Analysis Finds

Jul 30, 2025

—

Source URL: https://developers.slashdot.org/story/25/07/30/150216/ai-code-generators-are-writing-vulnerable-software-nearly-half-the-time-analysis-finds?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: AI Code Generators Are Writing Vulnerable Software Nearly Half the Time, Analysis Finds

Feedly Summary:

AI Summary and Description: Yes

Summary: The excerpt discusses alarming findings from Veracode’s 2025 GenAI Code Security Report, indicating significant security flaws in AI-generated code. Nearly 45% of the tested coding tasks showed vulnerabilities, emphasizing the readiness concerns surrounding the role of AI in automated software development.

Detailed Description: The text outlines critical results from a recent report on the security of AI-generated software, revealing major risks for organizations that might leverage such technology in their development processes. Here are the main points:

– **Prevalence of Security Flaws**: Nearly 45% of code generated by large language models (LLMs) contained security vulnerabilities.
– **Severity of Vulnerabilities**: The report identifies that these vulnerabilities are not trivial; many align with the OWASP Top 10, a list that includes the most critical security risks to web applications. This suggests a potentially severe impact on application security when relying on AI-generated code.
– **AI Decision-Making**: When given the choice to generate secure or insecure code, the AI models opted for the insecure option nearly half the time. This raises concerns about the efficacy of AI in managing security best practices autonomously.

The implications are significant for security and compliance professionals:

– **Risk Assessment**: Organizations must carefully assess the security posture of AI-generated code before deploying it in production environments, thereby preventing severe security breaches.
– **Integration of Security Measures**: Incorporating robust security checks and validation processes when using AI in software development is crucial to mitigate risks associated with these hidden vulnerabilities.
– **Continued Monitoring and Governance**: Professionals in these fields must remain vigilant, integrating AI solutions into their security frameworks with stringent oversight and governance mechanisms.

In summary, the data presented in the report serves as a crucial reminder that, while AI has the potential to transform software development, it is not yet a substitute for human oversight in maintaining security standards. This poses a critical challenge that professionals in AI security, software security, and compliance must address as they navigate the evolving landscape of technology.

1 10 2 2025 3 4 5 7 a Act age AGI AI ai model AI models AI security analysis and app Application application security applications ARM as assessment at ated Auto automated software development autonomous AWS Best best practices Bi breach breaches by C CERN challenge CI CIA co code code generators code security coding coding tasks compliance compliance professionals concerns critical D data de decision decision-making developer developers development development process Development processes DoT e environment ERP event flaws for framework frameworks full g Gen GenAI generated generated code Go governance Governance Mechanism governance mechanisms gs H http HTTPS human human oversight implications in insecure code integration io Iron J k l land language language model language models large large language model large language models Large Language Models (LLMs) law led Li Link llm llms lm M making man measures Mode model models Monitor monitoring N no non o of on OPM opt organization organizations ory oS out over oversight OWASP per point post potential practices pre pro process processes product production production environment production environments professionals ps R rag Raise rate RCE re readiness report Risk Risk Assessment risks Ro robust security Role s sec secure security security and compliance security best practices security breach security breaches Security Checks Security Flaw security flaws security framework security frameworks security measure security measures security posture security risk security risks security standards Security Vulnerabilities severity Sig SoC software software development software security solutions source SSE SSO standards T Task tasks tech technology ted test text the Time to Top 10 Tor TP Transform US V val Valid Validation validation processes Veracode vulnerabilities vulnerable software Ware web web app web application web applications Wi writing x z