SShortSingh.
Back to feed

45% of AI-Generated Code Fails Security Tests, Study Finds No Improvement in Newer Models

0
·1 views

A 2025 Veracode report testing over 100 large language models found that 45% of AI-generated code samples introduced OWASP Top 10 vulnerabilities, with Java recording the highest failure rate at 72%. Cross-Site Scripting was the most poorly handled vulnerability category, with models failing 86% of relevant tasks. Notably, larger and newer models such as GPT-5 and Claude Sonnet 4.5 showed no meaningful security improvement over their predecessors, clustering around a 50–55% pass rate. A separate CodeRabbit analysis of 470 real-world GitHub pull requests found that AI-co-authored code contained roughly 1.7 times more issues than human-only code, with XSS vulnerabilities 2.74 times more likely to appear. Security researchers attribute the pattern to LLMs generating statistically probable code completions drawn from training data that itself contains vulnerabilities, rather than applying any built-in security review.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingHacker News ·

Developer builds browser page displaying opening lines of classic literary works

A developer has launched a personal project called 'Opening Lines of Famous Literary Works', showcasing the first lines of well-known books as a browser start page. The idea had been in development for several years, stemming from the creator's habit of collecting notable literary opening lines. After experimenting with various visual styles, the developer settled on a minimalist design that lets the text take center stage. The collection has grown to nearly 60 opening lines, allowing users to refresh the page for a new quote each visit. The project was shared on Hacker News, where it received modest early attention.

0
ProgrammingHacker News ·

Debate grows over whether AI tools are eroding human critical thinking

A discussion is emerging around whether people are increasingly delegating their cognitive tasks to artificial intelligence tools. The concern centers on the potential long-term effects of relying on AI for thinking, reasoning, and decision-making. Critics suggest that outsourcing mental effort to AI could weaken independent thought and problem-solving skills over time. The topic has gained traction in tech and intellectual communities, prompting reflection on how humans should balance AI assistance with maintaining their own cognitive abilities.

0
ProgrammingDEV Community ·

Microsoft Shuts Down Fox Tempest Malware-Signing Service Tied to Ransomware Gangs

Microsoft announced on May 19, 2026, the dismantling of Fox Tempest, a criminal operation that exploited the company's own Artifact Signing system to issue fraudulent code-signing certificates to malware. The service generated over 1,000 fake certificates and charged cybercriminals between $5,000 and $9,000 per signing, earning millions in revenue. Fox Tempest provided ongoing signing infrastructure to ransomware groups behind families including Qilin, Akira, and INC, enabling their malware to bypass security defenses by appearing as trusted software. Microsoft seized associated websites and shut down hundreds of virtual machines running the service, though previously issued certificates may remain valid until revoked or expired. The operation compromised thousands of systems globally, including at least 12 machines belonging to Microsoft itself, with victims spanning healthcare, critical infrastructure, and enterprise sectors.

0
ProgrammingDEV Community ·

Step-by-Step Guide: Build a JavaScript UI Framework From Scratch

A tutorial published on DEV Community walks developers through building a working JavaScript UI framework from first principles. The guide explains that a UI framework is fundamentally about representing interface elements as plain JavaScript data objects rather than HTML. It introduces a simple three-field object structure — tag, attributes, and children — to describe DOM elements in memory. A core function called construct() is then built to convert these descriptions into real browser DOM nodes. The tutorial aims to demystify framework concepts like virtual DOM and rendering by showing that the underlying logic requires no special magic.

45% of AI-Generated Code Fails Security Tests, Study Finds No Improvement in Newer Models · ShortSingh