- The report finds that 45% of the code generated by AI had security defects
- Java is the worst offender, Python, C # and JavaScript also affected
- The coding of the atmosphere to be increased could worsen these threats
Almost half (45%) of the AI code contains security defects despite the presence of new searches of Veracode.
His study of more than 100 large languages models on 80 different coding tasks has not revealed any improvement in security on newer or larger models – an alarming reality for companies that rely on AI tools to save, even replace human productivity.
Java turned out to be the least affected, with a failure rate of 70% +, but Python, C # and JavaScript also had failure rates from 38 to 45%.
The code generated by Ai-Ai is not so secure after all
The news occurs while more and more developers are based on a generative AI to help them write code – up to a third of the new Google and Microsoft code could now be generated by AI.
“The rise in the atmosphere coding, where the developers rely on the AI to generate code, generally without explicitly defining security requirements, represents a fundamental change in the way the software is built,” said CTO Jens Wessling Veracode.
Veracode found that LLMs have often chosen unusual coding methods of 45%of the time, not defending itself against cross scripts (86%) and log injection (88%).
“Our research shows that the models improve in coding precisely but do not improve safety,” added Wessling.
Vulnerabilities are also amplified in the modern AI era – artificial intelligence allows attackers to exploit them faster and large.
Veracode suggests that developers allow security checks in the worksflows led by AI to apply compliance and security. Companies should also adopt AI sanitation advice to train developers, deploy firewalls and use tools that help detect faults earlier.
“AI coding assistants and agency workflows represent the future of software development … Security cannot be a reflection afterwards if we want to prevent the accumulation of massive security debt,” concluded Wessling.
