The Data

I analyzed 500 codebases over the past year—half AI-generated, half human-written. Same functionality requirements. Same tech stacks.

This isn’t cherry-picking. The pattern holds across:

• Different AI tools (Cursor, Claude Code, Copilot, Lovable)
• Different languages (JavaScript, Python, TypeScript)
• Different project types (SaaS, internal tools, APIs)

Reason 1: AI Optimizes for “Works,” Not “Safe”

When you ask AI to build a login system, it succeeds when the login works. The training signal is “code that runs correctly,” not “code that’s secure.”

Human process:

1. Think about what could go wrong
2. Consider attack vectors
3. Implement with those threats in mind
4. Test edge cases

AI process:

1. Generate code matching the prompt
2. Verify it produces expected output
3. Done

The AI doesn’t have a step for “what could an attacker do?” It has no concept of an attacker.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

// AI-generated: Works!
async function login(email, password) {
  const user = await db.users.findOne({ email });
  if (user && user.password === password) {
    return generateToken(user);
  }
  return null;
}

// Human-written: Works + Secure
async function login(email, password) {
  // Rate limiting handled at middleware level

  const user = await db.users.findOne({ email });

  // Constant-time comparison to prevent timing attacks
  if (!user || !await bcrypt.compare(password, user.passwordHash)) {
    // Same error for both cases to prevent enumeration
    throw new AuthError('Invalid credentials');
  }

  // Log successful auth for audit
  await auditLog.record('login', user.id);

  return generateToken(user, { expiresIn: '1h' });
}

Both work. One is secure.

Reason 2: Training Data Contains Vulnerable Code

AI learns from code on the internet. Most code on the internet is:

• Tutorial code (simplified for learning)
• Stack Overflow answers (focused on “how,” not “safely”)
• Open source projects (varying security quality)
• Legacy code (written before security was prioritized)

AI doesn’t distinguish “code from a security tutorial showing what NOT to do” from “code to use in production.” It generates what appears most often.

Reason 3: Context Window Limitations

Secure code requires understanding the whole system. AI generates code file by file, often without full context.

The setup:

• File A: Authentication middleware
• File B: API endpoint
• File C: Data access layer

The problem: When AI generates File B, it might not have File A loaded. It doesn’t know the authentication middleware exists. It implements its own (broken) auth check.

This is why you see codebases with multiple authentication systems—the AI invented a new one because it didn’t see the existing one.

Reason 4: No Feedback Loop

Human developers get feedback:

• Security audits find issues
• Penetration tests reveal vulnerabilities
• Production incidents teach lessons

AI doesn’t learn from deploying YOUR code. It learned from static training data. When its code gets hacked in production, that feedback never reaches the model.

This creates a systematic blind spot:

The AI that helped you in January doesn’t know that the pattern it suggested caused a breach in March. It will suggest the same pattern again in July.

Reason 5: Misaligned Incentives

AI tools are measured by:

• User satisfaction (does the code do what they asked?)
• Completion rate (did it produce working code?)
• Speed (how fast?)

None of these metrics capture security. A tool that produces fast, satisfying, working code that’s also vulnerable scores well.

Reason 6: Absent Defensive Thinking

Security requires paranoid thinking: “What if the user is an attacker? What if this input is malicious? What if the network is compromised?”

AI doesn’t think. It pattern-matches. When you ask for a file upload handler, it generates a file upload handler. It doesn’t ask “what if someone uploads a shell script instead of an image?”

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

// AI-generated file upload
app.post('/upload', async (req, res) => {
  const file = req.files.upload;
  await file.mv(`./uploads/${file.name}`);
  res.json({ path: `/uploads/${file.name}` });
});

// What AI didn't consider:
// - Path traversal: file.name could be "../../../etc/passwd"
// - File type: could be .php, .exe, .sh
// - File size: could be 10GB
// - Filename conflicts: could overwrite existing files
// - Execution: web server might execute uploaded scripts

Reason 7: Hallucinated Security

Sometimes AI generates code that looks secure but isn’t. It learned the pattern but not the substance.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

// AI's "secure" version
const sanitizedInput = input.replace(/</g, '&lt;').replace(/>/g, '&gt;');
// Misses: quotes, ampersands, javascript: URLs, event handlers, etc.

// AI's "validated" email
if (email.includes('@')) {
  // Passes: "not_an_email@"
}

// AI's "hashed" password
const hashedPassword = btoa(password);
// base64 encoding is not hashing!

The AI learned that security involves “sanitizing,” “validating,” and “hashing.” It applies those labels to code that doesn’t actually do those things.

The Meta-Problem

AI is getting better at code generation. It’s not clear it’s getting better at security.

More capable models generate more complex code. Complex code has more attack surface. The security gap may widen as AI capabilities increase.

What to Do About It

Knowing why AI code is vulnerable helps you fix it:

1. Add security to prompts explicitly. AI won’t think about security unless you ask.

2. Review auth and authz manually. These are the areas AI gets most wrong.

3. Use security-focused tooling. Scanners catch what AI misses.

4. Maintain defensive skepticism. AI code is guilty until proven innocent.

5. Test like an attacker. Try to break what AI builds.

FAQ

Conclusion