45% of AI-Generated Code Fails Security Tests, Study Finds No Improvement in Newer Models
A 2025 Veracode report testing over 100 large language models found that 45% of AI-generated code samples introduced OWASP Top 10 vulnerabilities, with Java recording the highest failure rate at 72%. Cross-Site Scripting was the most poorly handled vulnerability category, with models failing 86% of relevant tasks. Notably, larger and newer models such as GPT-5 and Claude Sonnet 4.5 showed no meaningful security improvement over their predecessors, clustering around a 50–55% pass rate. A separate CodeRabbit analysis of 470 real-world GitHub pull requests found that AI-co-authored code contained roughly 1.7 times more issues than human-only code, with XSS vulnerabilities 2.74 times more likely to appear. Security researchers attribute the pattern to LLMs generating statistically probable code completions drawn from training data that itself contains vulnerabilities, rather than applying any built-in security review.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in