{"id":307744,"date":"2025-07-31T23:06:14","date_gmt":"2025-07-31T23:06:14","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/307744\/"},"modified":"2025-07-31T23:06:14","modified_gmt":"2025-07-31T23:06:14","slug":"read-this-before-you-trust-any-ai-written-code","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/307744\/","title":{"rendered":"Read This Before You Trust Any AI-Written Code"},"content":{"rendered":"<p>We are in the era of vibe coding, allowing artificial intelligence models to generate code based on a developer\u2019s prompt. Unfortunately, under the hood, the vibes are bad. <a href=\"https:\/\/www.veracode.com\/wp-content\/uploads\/2025_GenAI_Code_Security_Report_Final.pdf\" target=\"_blank\" rel=\"noopener\">According to a recent report<\/a> published by data security firm Veracode, about half of all AI-generated code contains security flaws.<\/p>\n<p>Veracode tasked over 100 different large language models with completing 80 separate coding tasks, from using different coding languages to building different types of applications. Per the report, each task had known potential vulnerabilities, meaning the models could potentially complete each challenge in a secure or insecure way. The results were not exactly inspiring if security is your top priority, with just 55% of tasks completed ultimately generating \u201csecure\u201d code.<\/p>\n<p>Now, it\u2019d be one thing if those vulnerabilities were little flaws that could easily be patched or mitigated. But they\u2019re often pretty major holes. The 45% of code that failed the security check produced a vulnerability that was part of the <a href=\"https:\/\/owasp.org\/www-project-top-ten\/\" target=\"_blank\" rel=\"noopener\">Open Worldwide Application Security Project\u2019s top 10<\/a> security vulnerabilities\u2014issues like broken access control, cryptographic failures, and data integrity failures. Basically, the output has big enough issues that you wouldn\u2019t want to just spin it up and push it live, unless you\u2019re looking to get hacked.<\/p>\n<p>Perhaps the most interesting finding of the study, though, is not simply that AI models are regularly producing insecure code. It\u2019s that the models don\u2019t seem to be getting any better. While syntax has significantly improved over the last two years, with LLMs producing compilable code nearly all the time now, the security of said code has basically remained flat the whole time. Even newer and larger models are failing to generate significantly more secure code.<\/p>\n<p>The fact that the baseline of secure output for AI-generated code isn\u2019t improving is a problem, because the use of AI in programming is <a href=\"https:\/\/www.techradar.com\/pro\/ai-coding-assistants-are-getting-ever-more-popular-especially-in-this-country\" target=\"_blank\" rel=\"noopener\">getting more popular<\/a>, and the surface area for attack is increasing. Earlier this month, <a href=\"https:\/\/www.404media.co\/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent\/\" target=\"_blank\" rel=\"noopener\">404 Media<\/a> reported on how a hacker managed to get Amazon\u2019s AI coding agent to delete the files of computers that it was used on by injecting malicious code with hidden instructions into the GitHub repository for the tool.<\/p>\n<p>Meanwhile, as AI agents become more common, so do <a href=\"https:\/\/www.wired.com\/story\/ai-agents-are-getting-better-at-writing-code-and-hacking-it-as-well\/\" target=\"_blank\" rel=\"noopener\">agents capable of cracking the very same code<\/a>. Recent <a href=\"https:\/\/arxiv.org\/abs\/2506.02548\" target=\"_blank\" rel=\"noopener\">research<\/a> out of the University of California, Berkeley, found that AI models are getting very good at identifying exploitable bugs in code. So AI models are consistently generating insecure code, and other AI models are getting really good at spotting those vulnerabilities and exploiting them. That\u2019s all probably fine.<\/p>\n","protected":false},"excerpt":{"rendered":"We are in the era of vibe coding, allowing artificial intelligence models to generate code based on a&hellip;\n","protected":false},"author":2,"featured_media":307745,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3163],"tags":[323,76072,1942,33477,751,53,16,15,112835],"class_list":{"0":"post-307744","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-artificial-intelligence","8":"tag-ai","9":"tag-artificial-intellience","10":"tag-artificial-intelligence","11":"tag-code","12":"tag-generative-ai","13":"tag-technology","14":"tag-uk","15":"tag-united-kingdom","16":"tag-vulnerability"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114950359165899761","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/307744","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=307744"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/307744\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/307745"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=307744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=307744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=307744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}