- The report finds 45% of AI-Generated Code had security error
- Java is the worst offender, python, c# and javascript touched too
- Rise in vibe -coding could make these threats even worse
Almost half (45%) of AI-generated code contains security errors despite the fact that they appear that are ready, new research from Veracode has found.
Its study of more than 100 large language models across 80 different coding tasks revealed no improvement in security across recent or larger models – an alarming reality for companies that depend on AI tools to back up or even replace human productivity.
Java turned out to be the hardest hit with 70%+ failure, but Python, C# and JavaScript also had error rates of 38-45%.
Ai-Generated Code after all is not that sure
The news is coming as more and more developers are dependent on generative AI to help them get code written-so much like a third of the new Google and Microsoft Code could now be AI-generated.
“The advent of vibe coding, where developers rely on AI to generate code, typically without explicitly define security requirements, represents a fundamental shift in how software is built,” explained Veracode CTO Jens Wessling.
VeraCode found that LLMs often chose uncertain methods of coding 45%of the time, not defending against scripting across the site (86%) and logging vibration (88%).
“Our research shows that models are better for coding exactly, but is not improved on security,” Wessling added.
Vulnerabilities are also reinforced in modern times with AI artificial intelligence allows attackers to exploit them faster and in scale.
Veracode suggests that developers enable security checks in AI-driven workflows to enforce compliance and security. Companies should also adopt AI remedy guidance to educate developers, implement firewalls and use tools that help help discover deficiencies earlier.
“AI coding assistants and agent workflows represent the future of software development … Security cannot be a reflection if we want to prevent accumulation of massive security debt,” concluded Wessling.
