- Average AI-generated pull request has 10.83 issues, compared to 6.45 for human code, report says
- Quality may be better in terms of typos, leaving room for human reviewers
- Microsoft code fixes are available, but so is the global release
AI-generated code is actually subject to more vulnerabilities than human-generated code, raising questions about the reliability of some tools, according to new data from CodeRabbit.
Pull requests made with AI tools had an average of 10.83 issues, compared to 6.45 issues in human-generated pull requests, ultimately leading to longer reviews and the possibility of more bugs making it to the finished product.
In addition to having 1.7 times more issues overall, AI-generated pull requests also had 1.4 times more critical issues and 1.7 times more major issues, so these aren’t just minor issues.
AI-generated code is not as secure as you might think
Logic and correctness errors (1.75x), code quality and maintainability (1.64x), security (1.57), and performance (1.42x) all recorded above-average code errors, with the report criticizing AI for introducing more serious bugs for human reviewers to fix.
Some of the problems that AI was most likely to introduce include poor password handling, insecure object references, XSS vulnerabilities, and insecure deserialization.
“AI coding tools dramatically increase throughput, but they also introduce predictable and measurable weaknesses that organizations must actively mitigate,” commented David Loker, Director of AI at CodeRabbit.
However, this is not necessarily a bad thing, with AI improving efficiency from the earliest stages of code generation. The technology also introduced 1.76 times fewer spelling errors and 1.32 times fewer testability issues.
So while the study highlights some of AI’s flaws, it also serves the important purpose of demonstrating how humans and AI agents might interact with each other in the future. Rather than replacing human workers, we see human work shifting to AI management and review: computers just handle some of the tedious tasks that slow humans down in the first place.
Although Microsoft claims to have fixed 1,139 CVEs in 2025, making it the second highest year on record, that doesn’t necessarily mean a bad thing. With AI, developers create more code to begin with, so the total percentage of questionable code may not be as bad as these numbers initially suggest.
Then there’s the fact that AI models, like OpenAI’s GPT family, are constantly being improved to produce more accurate and less imperfect results.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
