NEWSkillSec — elevating AI Skills security from malware detection to capability auditingSkillSecLearn more →
Security Research

The Security Risks of AI-Generated Code: Data, Mechanisms, and Governance

Sectrend Research·2026.07.02·3 min read

AI is already writing a meaningful share of your company's code — that is not a forecast, it is the present. The real question is the security watermark of that code, and the empirical research is not reassuring.

What the data says

  • As early as 2021, NYU's "Asleep at the Keyboard" study found that in high-risk scenarios, roughly 40% of programs generated by GitHub Copilot contained exploitable vulnerabilities.
  • Veracode's 2025 cross-model benchmark — 100+ models, 80 coding tasks — found AI introduced OWASP Top 10-class flaws in about 45% of tasks, a rate that has not meaningfully improved as models got better at making code run.
  • A Stanford controlled experiment revealed the more dangerous layer: developers using AI assistants wrote less secure code, yet were more confident in its security.

The defect rate hasn't changed qualitatively, but code volume is growing by orders of magnitude. A fixed vulnerability rate multiplied by an exploding denominator equals a flood of absolute defects.

Four risk mechanisms

Contaminated training data. Models learn from oceans of public code — including its outdated idioms, deprecated APIs and canonical vulnerability patterns.

Missing context. The model cannot see your threat model: is this input user-controlled? Is this endpoint internet-facing? Without that context it defaults to the optimistic case.

Prompts without security constraints. Developers ask models to "implement the feature," not to "implement the feature securely." Research consistently shows models don't harden code unless explicitly asked.

Hallucinated dependencies (slopsquatting). Models invent non-existent package names at a measurable rate; attackers pre-register those names and wait. It is the AI-era variant of typosquatting — more cases in our piece on the evolution of supply-chain poisoning.

Governance: move detection to the moment of production

  • Real-time detection. Analyze code the moment it is written — whether the author is human or AI. That requires an engine that understands business semantics and data flow rather than matching rules, or false positives will bury the team at AI's output rate. Sectrend CleanCode Security Agent keeps false positives under 15% with incremental scans under 60 seconds — built for exactly this cadence.
  • A closed repair loop. Detection, triage and fix converge in the same turn, so issues introduced by AI are fixed by AI on the spot instead of joining a backlog.
  • Dependency admission. Verify the existence and reputation of every dependency an AI proposes, cutting off hallucinated and impersonated packages.
  • CI gates as the backstop. Keep a final checkpoint in the pipeline for anything that slips past real-time checks.

Three metrics for the engineering org

Governance without measurement is posture. Put three indicators on the dashboard: AI code share and its defect density, tracked separately — know how much AI writes, and how many flaws per thousand lines that share introduces; detection latency — the time from code written to issue found, compressed from days to seconds, which directly determines repair cost; and same-turn fix rate — how many findings are resolved within the same development turn, the one metric that separates a scanning tool from a security capability.

The security team's role changes accordingly: from gatekeeper reviewing lines to supplier of rules and context — encoding the org's threat model, secure-coding standards and approved-component list into the AI's working context and pipeline gates. The era of guarding one tap is over; you now run the waterworks.

AI-generated codevibe codingcode securitySASTCleanCode

Related

Deep Dive

SBOM Is More Than a Compliance Checklist

Many teams treat an SBOM as a document to hand in. But a valuable SBOM drives decisions — which vulns are exploitable, which dependency to fix first, which license carries risk.