← Back to Blog
securityaicopilot

Why 40% of AI-Generated Code Has Vulnerabilities

BitsPlus Team·

The Rise of AI-Assisted Development

AI coding assistants have become the fastest-adopted developer tools in history. GitHub reported that Copilot had over 1.8 million paying subscribers by the end of 2024, with the tool generating an estimated 46% of all new code in files where it was active. Developers love these tools because they eliminate boilerplate, accelerate prototyping, and help them work with unfamiliar languages or frameworks.

But there is a cost that is rarely discussed in the excitement around AI-powered productivity: the security implications of code that was written by a machine trained on the public internet.

The Research

Multiple independent research groups have studied the security properties of AI-generated code, and the results are concerning.

A landmark 2023 study from Stanford University found that developers who used AI coding assistants produced significantly less secure code than those who wrote code manually. More troublingly, the AI-assisted developers were also more confident that their code was secure, a dangerous combination of increased vulnerability and decreased vigilance.

Researchers at the University of Montreal analyzed thousands of code snippets generated by large language models and found that approximately 40% contained at least one security vulnerability. The most common issues were:

  • SQL injection: AI models frequently generate database queries using string concatenation or interpolation rather than parameterized queries
  • Cross-site scripting (XSS): Generated code often renders user input without proper sanitization or escaping
  • Hardcoded credentials: Models sometimes generate example code with placeholder API keys or passwords that developers forget to remove
  • Insecure cryptographic practices: AI suggestions may use outdated hash algorithms like MD5 or SHA-1, or implement custom encryption rather than using established libraries
  • Path traversal: File handling code generated by AI often fails to validate or sanitize file paths

A 2024 study from the University of Illinois went further, testing GitHub Copilot specifically across 89 different security-sensitive coding scenarios. They found that Copilot generated vulnerable code in 40% of cases, with some categories (particularly those involving cryptography and injection attacks) showing vulnerability rates above 60%.

Why AI Models Generate Insecure Code

Understanding why this happens requires understanding how these models are trained. Large language models learn patterns from enormous datasets of existing code, much of it scraped from public GitHub repositories, Stack Overflow, blog posts, and documentation.

The Training Data Problem

The internet is full of insecure code. Stack Overflow answers often prioritize brevity and clarity over security. Tutorial blog posts demonstrate concepts using the simplest possible implementation, which is rarely the most secure. Open-source repositories contain legacy code written before modern security best practices were established.

When an AI model learns from this data, it learns the statistical distribution of how code is written, not how code should be written. If 70% of the SQL query examples in its training data use string concatenation, the model will tend to generate string concatenation. It has no inherent understanding of why parameterized queries are safer.

The Confidence Problem

AI coding assistants present their suggestions with no indication of uncertainty. When Copilot suggests a function, it does not flag potential security issues or indicate that the suggestion might be using an insecure pattern. To the developer, the AI-generated code looks identical to any other code. It compiles, it passes basic tests, and it appears to work correctly.

This creates a false sense of security. Developers who would normally think carefully about security-sensitive operations may accept AI suggestions without the same level of scrutiny, assuming that a sophisticated AI tool would not generate vulnerable code.

The Context Window Problem

AI models generate code based on the immediate context: the current file, recent edits, and perhaps a few related files. They do not have a holistic understanding of your application's architecture, threat model, or security requirements. A model might generate a perfectly reasonable-looking authentication function that is completely inappropriate for your specific security context.

Real-World Examples

Let us look at some concrete examples of how AI-generated code introduces vulnerabilities.

Example 1: SQL Injection

A developer asks Copilot to write a function to look up a user by email:

def get_user_by_email(email):
    query = f"SELECT * FROM users WHERE email = '{email}'"
    cursor.execute(query)
    return cursor.fetchone()

This code is vulnerable to SQL injection. An attacker could provide an email like ' OR '1'='1' -- to bypass authentication or extract data. The secure version uses parameterized queries:

def get_user_by_email(email):
    query = "SELECT * FROM users WHERE email = %s"
    cursor.execute(query, (email,))
    return cursor.fetchone()

Example 2: Cross-Site Scripting

A developer working on a React application asks for a component to display user comments:

function Comment({ text }) {
  return <div dangerouslySetInnerHTML={{ __html: text }} />;
}

The AI generates code using dangerouslySetInnerHTML because it has seen this pattern frequently in its training data. This allows an attacker to inject malicious scripts through user comments. The secure approach is to let React handle escaping automatically:

function Comment({ text }) {
  return <div>{text}</div>;
}

Example 3: Hardcoded Secrets

When asked to set up an API client, an AI assistant might generate:

const stripe = new Stripe("sk_live_abc123xyz789", {
  apiVersion: "2024-01-01",
});

Even though the key is obviously a placeholder, developers under time pressure sometimes commit code like this, especially when working quickly and relying heavily on AI suggestions. The secure pattern uses environment variables:

const stripe = new Stripe(process.env.STRIPE_SECRET_KEY, {
  apiVersion: "2024-01-01",
});

Example 4: Insecure Cryptography

A developer asks for a password hashing function:

import hashlib

def hash_password(password):
    return hashlib.md5(password.encode()).hexdigest()

MD5 is cryptographically broken and should never be used for password hashing. The secure approach uses a purpose-built password hashing library:

from argon2 import PasswordHasher

ph = PasswordHasher()

def hash_password(password):
    return ph.hash(password)

The Scale of the Problem

The concerning thing is not just that AI generates vulnerable code. It is the scale at which it is happening. With millions of developers using AI assistants daily, and those assistants generating a large share of new code, the number of opportunities for vulnerabilities to slip through has grown significantly.

To be clear, human-written code has always had security bugs too. AI assistants did not invent SQL injection or hardcoded credentials. But the speed and volume at which AI-assisted developers produce code can outpace traditional review processes. A vulnerability introduced by accepting a Copilot suggestion today might not surface in a security scan until weeks later, by which time it may already be in production.

How CodeVigil Helps

CodeVigil is one practical tool for closing this feedback gap. By performing security scanning in real-time inside VS Code, it catches common vulnerable patterns the moment they appear, whether you wrote them yourself or accepted them from an AI assistant.

When you accept a Copilot suggestion that contains a SQL injection vulnerability, CodeVigil flags it with an inline diagnostic. You see the warning before you even save the file, while the context is fresh and the fix is straightforward. It is not a substitute for a thorough security review or a CI/CD pipeline with enterprise SAST tools, but it catches the low-hanging fruit early, which makes everything downstream easier.

What makes CodeVigil's approach unusual is the Copilot Chat integration. You can ask @codevigil to review a specific function or file for security issues, getting natural-language explanations and fix suggestions right in the conversational workflow you already use. No other free VS Code extension currently combines real-time scanning, dependency CVE checking, secret detection, and an AI chat interface in a single package.

What Developers Can Do Today

Beyond installing CodeVigil, here are practical steps every developer can take to write more secure code when using AI assistants:

  • Review AI suggestions critically: Do not accept code with a Tab press without reading it first, especially for security-sensitive operations like authentication, database queries, file handling, and cryptography
  • Learn the common vulnerability patterns: Understanding the OWASP Top 10 gives you a mental checklist to apply when reviewing AI-generated code
  • Use parameterized queries exclusively: Never accept AI-generated code that constructs SQL queries with string concatenation
  • Keep secrets out of source code: Always use environment variables for API keys, passwords, and other credentials
  • Test security assumptions: Write unit tests that specifically attempt to exploit common vulnerabilities in your code

AI coding assistants are powerful tools that are here to stay. The goal is not to stop using them, but to use them thoughtfully, with appropriate safeguards in place. CodeVigil is one of those safeguards. It will not catch everything, but it covers the most common vulnerability patterns across 10 languages and gives you a meaningful safety net right where you write code. Combined with good habits and your team's existing security practices, it helps you move fast without leaving obvious doors open.

← All Posts