87% of AI-Generated Pull Requests Contain Security Vulnerabilities, Studies Find
Multiple studies and developer reports reveal that AI-generated code carries serious security risks at alarming rates, with 87% of pull requests in one DryRun Security study containing at least one vulnerability. Veracode's GenAI Code Security Report found that 45% of unreviewed AI-generated code samples include at least one OWASP Top 10 vulnerability, with Java code failing security checks at a 72% rate. Recurring flaws include broken access control, hardcoded secrets accidentally committed to repositories, and hallucinated package names that attackers can register to deliver malicious code. Researchers tracking CVEs linked to AI coding tools recorded 35 new ones in March 2026 alone, with estimates suggesting the true figure could be five to ten times higher than officially reported. Security experts attribute the problem to AI models optimising for functional output rather than secure design, since they only implement what is explicitly requested in a prompt.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in