The productivity improvements that arise from increasing use of AI coding tools are coming at the cost of greater security risks.
While use of AI coding assistants decrease the number of shallow syntax errors, this is more than offset by an increase in more costly structural flaws, according to research by application security firm Apiiro. Apiiro’s analysis shows trivial syntax errors in AI-written code dropped and logic bugs fell but privilege escalation paths jumped and architectural design flaws also increased.
AI is multiplying flaws ranging from open-source dependencies to insecure coding patterns, exposed secrets, and cloud misconfigurations, the researchers found, adding that fewer, much larger pull requests associated with AI coding tools compounds risk.
AI code development is ‘automating risk at scale’
Independent experts quizzed by CSO agree with Apiiro’s main findings that AI-generated code often introduces deeper architectural vulnerabilities and privilege escalation risks that are both harder to detect and costlier to fix.
Zahra Timsah, co-founder and CEO of i-GENTIC AI, says that Apiiro’s findings highlight what their firm has seen in practice: AI assistants can eliminate trivial bugs while at the same time amplifying deeper systemic vulnerabilities.
“AI tools are not designed to exercise judgment,” Timsah says. “They do not think about privilege escalation paths, secure architectural patterns, or compliance nuances. That is where the risk comes in.”
Timsah adds: “Code gets shipped faster, but if oversight is thin, enterprises are effectively automating risk at scale.”
Raj Dandage, CTO and co-founder of Codespy AI, tells CSO that AI-powered software development often comes at the cost of creating hard-to-find bugs.
“We very rarely see simple bugs generated by top LLMs; instead, most bugs we come across have made it to testing or even production before being spotted,” Dandage says.
‘Shadow’ engineers and vibe coding compound risks
Ashwin Mithra, global head of information security at continuous software development firm Cloudbees, notes that part of the problem is that non-technical teams are using AI to build apps, scripts, and dashboards.
“These shadow engineers don’t realize they’re part of the software development life cycle, and often bypass critical reviews and security checks,” Mithra explains. “Furthermore, foundational security tools like SAST [static application security testing], DAST [dynamic application security testing], and manual reviews weren’t built to catch AI-generated code at time of prompt.”
The result is a growing attack surface, powered by people who were never trained to secure code, Mithra warns.
“When anyone can code, risks multiply, and security checks are limited and can’t catch everything, especially context-specific risks or complex vulnerabilities, API leaks, weak authentication, exposed PII [personally identifiable information], and unencrypted data,” Mithra says.
Chetan Conikee, founder and CTO at Qwiet AI, agrees that “vibe coding” poses a problem in bringing more untrained contributors into production pipelines.
“Large, multi-touch AI-generated pull requests overwhelm reviewers, diluting oversight and increasing the blast radius of each merge,” Conikee explains.
Massive AI pull requests complexify flaw detection
Roman Rylko, CTO at software development and consulting firm Pynest, says Apiiro’s research matched the problems his firm faced when it began using AI assistants in development, with the elimination of syntax errors being more than offset by an increase in architectural vulnerabilities and cloud configuration errors.
“In one of the projects for a fintech from Canada, AI generation created a service with ideal code formatting, but with insecure authorization logic, despite the fact that the fix looked obvious, which could lead to privilege escalation between modules,” Rylko says. “Without a deep review, such a bug could easily reach production.”
Another issue comes from AI’s tendency to make massive pull requests that involve dozens of files and even several microservices in one go.
“We saw this happen in a small retailer project — one commit by AI involved more than 10 files at the same time, and reviewers struggled to get through all of it line by line,” Rylko explains.
John Otte, senior security consultant at Resultant, agrees that the shift toward fewer but significantly larger AI-generated pull requests “amplifies the blast radius of vulnerabilities, making detection, review, and rollback far more challenging for development and security teams.”
“To mitigate these risks, enterprises should pair AI-driven development with rigorous architectural threat modelling, enforce fine-grained code review policies with automated scanning of dependencies and secrets, and integrate continuous cloud security posture management to catch design-level weaknesses before they reach production,” Otte advises.
Verbose AI coding assistants heighten risk
Neil Carpenter, principal solution architect at application security startup Minimus, says that AI coding assistants often implement more code to do the same amount of work — which results in increased attack vectors and lower reliability.
“AI assistants, when not given proper context, often rebuild or rewrite functionality, instead of calling out to other functions or modules in the application,” Carpenter says.
Mehran Farimani, CEO at RapidFort, supports the assessment that AI coding assistants are prone to generating verbose and difficult to understand software components.
“AI tools are generating larger, more complex software that often includes unnecessary components, dependencies, and configuration decisions that teams don’t fully consider or review,” Farimani says.
Orders of magnitude
Apiiro used its Deep Code Analysis (DCA) engine to analyze code from tens of thousands of code repositories involving several thousand developers and a variety of coding assistants. By June 2025, AI-generated code was introducing more than 10,000 new security findings per month across the repositories in Apiiro’s study — a 10-fold spike in just six months.
Flaws ranged from open-source dependencies to insecure coding patterns, exposed secrets, and cloud misconfigurations.
Jeff Williams, co-founder and CTO at runtime application security vendor Contrast Security, disputes Apiiro’s conclusions that AI coding assistants quadruple development speed while resulting in a 10-fold increase in vulnerabilities. Other studies point to much lower figures for both metrics, Williams notes.
“I’m reading studies suggesting 10% increased velocity (Google) to 19% decrease (METR),” Williams tells CSO. “I was also surprised to hear about 10x vulnerabilities. Again, the studies I’m reading are suggesting that AI-generated code is roughly the same amount of vulnerabilities.”
Williams adds: “I wish they had addressed the recent studies (Semgrep) that show AI-based vulnerability detection finding only 10-20% of true positive vulnerabilities along with high false positive rates.”
Reached for comment, Apiiro said differences in the scope, methodology, and population explain the gap between its research and earlier lab-based studies.
“Apiiro’s findings reflect a broader scope than earlier studies. We looked not only at code-level flaws, but also at open-source dependency risks and secret exposures, all of which create critical enterprise risk,” says Itay Nussbaum, product manager at Apiiro. “Unlike Semgrep’s work, we weren’t measuring the accuracy of AI-based vulnerability detection. Instead, our research examined the output of AI coding assistants in real-world enterprise environments over time.”
Pieter Danhieux, CEO & co-founder of Secure Code Warrior, said its research into LLM comparisons performed 24 months ago revealed that while more straightforward vulnerability classes, such as injection flaws, were handled accurately in many cases, more subjective classes such as access control and security misconfiguration had a poor accuracy rate, failing to compete with security-skilled developers.
“Additionally, our research has shown that AI coding assistants — and the LLM versions they use — can sometimes be good at producing secure code in one coding language (e.g., TypeScript) but way worse in another (e.g., PHP),” Danhieux says.
“There is no world yet where the human [developer] should be taken out of the loop,” he adds.
AI is not a replacement for accountability
Rich Marcus, CISO at audit, compliance, and risk management software platform provider AuditBoard, argues that failure to recognize the limitations of AI represents the greatest risk in using the technology.
Before enabling developers with AI, enterprises should provide training on the risks, and usage best practices.
“Developers must understand that AI is not a replacement for accountability,” Marcus explains. “Each developer is responsible for the code they commit, even if AI wrote it.”
Marcus continues: “That means AI-generated code is still subject to the same secure software development principles and practices like code review, SCA [static code analysis], SAST, and manual testing. If a flaw in there results in bugs or an incident, they will be called upon to address it — so they better understand it and own it.”
AI should accelerate workflows but not at the expense of proper vetting, others agree.
“Pull requests tied to AI-generated code should always be reviewed by experienced engineers who understand the code, the business logic, and the compliance context,” i-GENTIC AI’s Timsah says. “Organizations should also prioritize transparency and lineage by treating AI-authored code like any other third-party dependency.”
Timsah adds: “They need full traceability into who wrote it, what model generated it, and under what parameters, which makes it easier to audit and remediate issues later.”
Mitigation strategies
AI coding assistants can be a force multiplier for development teams but only if enterprises build guardrails to manage the associated risk.
“With strong governance, automated oversight, and human accountability organizations can harness the speed of AI without multiplying vulnerabilities,” i-GENTIC AI’s Timsah advises.
Other experts put forward recommendations on mitigating the risks associated with AI coding assistants:
Integrate security tooling into AI code assistants, for example, by taking advantage of MCP (model context protocol) servers.
Limit the volume of AI-generated changes depending on the project so that pull requests remain manageable.
Strictly enable automatic checks in CI/CD — secret scanners, static analysis, and cloud configuration control.
Mitigation of flaws created by AI coding assistants requires a different mindset, i-GENTIC AI’s Timsah says.
“Enterprises should use AI to watch AI by deploying agentic AI solutions that automatically scan AI-generated code against policies, security standards, and regulatory requirements before code is merged,” he argues.
Enterprises should also adopt shift-left security and continuous monitoring.
“Security checks cannot be bolted on at the end of the pipeline,” Timsah says. “They must be integrated directly into CI/CD processes so that AI-generated code receives the same scrutiny as open-source contributions.”
Pynest’s Rylko adds: “We treat AI assistants as ‘junior developers’ — their code is always checked by seniors.”
No Responses