48% of AI-generated code contains security vulnerabilities. Who reviews the reviewers when AI writes the code?

General
1

Last month, during a routine security audit at our fintech, I discovered a critical vulnerability in our authentication flow. The code looked clean, the tests passed, and the PR had been approved by two senior engineers. The problem? The entire auth middleware—including the session validation logic—had been generated by an AI coding assistant. And buried in there was a timing attack vulnerability that could leak user credentials.

That incident sent me down a research rabbit hole, and what I found is deeply concerning for our industry.

The Data Doesn’t Lie

According to recent research from Veracode and Georgetown’s CSET, 48% of AI-generated code contains potential security vulnerabilities. Some studies report even higher rates—up to 62% depending on methodology. When researchers tested 30 AI-generated pull requests in real-world conditions, 87% contained at least one vulnerability.

Even more alarming: AI-generated code introduces 15-18% more security vulnerabilities than human-written code, per Opsera’s 2026 AI Coding Impact Benchmark Report.

The most common vulnerabilities mirror OWASP’s greatest hits:

  • SQL Injection (found in 31% of projects)
  • Cross-Site Scripting/XSS (27% of projects)
  • Broken Authentication (24% of projects)
  • Prompt injection vulnerabilities
  • Command injection risks

The Trust Paradox

Here’s what keeps me up at night: we’re building a circular trust problem.

Teams adopt AI coding assistants to move faster. Fair enough. But when AI writes the code and AI assists in code review, who’s actually verifying correctness? We’ve essentially created a system where the fox is guarding the henhouse, and we hired another fox to watch the first fox.

The data backs this up. Pull requests with AI-generated code average 10.83 issues per PR, compared to 6.45 for human-written code. And these aren’t just style nitpicks—we’re talking security vulnerabilities, logic errors, and edge cases the AI simply didn’t consider.

Why Review Is Harder Now

Traditional code review assumes you can ask the author “why did you do this?” With AI-generated code, that conversation doesn’t exist. You get dense, multi-line suggestions with no rationale, no context about trade-offs considered, no explanation of why one approach was chosen over another.

Reviewers are left parsing logic that nobody on the team actually wrote. We’re debugging black-box output, trying to infer intent from patterns in training data we’ve never seen.

And security review? That requires understanding threat models, attack surfaces, and adversarial thinking. AI assistants are trained on existing code—including code with known vulnerabilities. If string-concatenated SQL queries appear frequently in training data, the AI will cheerfully suggest them to you.

The Growing Problem

Security debt now affects 82% of companies, up from 74% just a year ago. High-risk vulnerabilities have increased from 8.3% to 11.3%. Part of this is the explosion of AI-assisted development—we’re shipping more code, faster, with less human scrutiny of each line.

Meanwhile, 66% of developers cite inaccurate AI code suggestions as their top challenge, and 45% report longer debugging times despite the promised productivity gains.

So What Do We Do?

I’m wrestling with this at my company, and I don’t have all the answers. Here’s what I want to ask this community:

  1. How are your teams handling code review for AI-generated code? Are you treating it differently than human code? Special review processes?

  2. Are you running security-specific tooling in CI/CD? SAST/DAST for every commit? Static analysis with security rulesets?

  3. Who owns the security of AI-generated code? Is it the developer who accepted the suggestion? The reviewer who approved it? The security team? The AI vendor?

  4. What about training? Are we updating security training to include AI-specific risks? Teaching developers to spot AI-generated vulnerability patterns?

  5. Should certain codebases restrict AI tools entirely? For highly sensitive systems—auth, payments, PII handling—should we just say “no AI assistance allowed”?

At Auth0 and Okta, we had the luxury of paranoia. Every line of identity code was reviewed by security specialists. But most companies don’t have that luxury. Most teams are small, moving fast, and now they’ve got AI assistants pumping out code faster than humans can review it.

The question isn’t whether AI coding assistants are useful—they are. The question is: who reviews the reviewers when AI writes the code?

I’d love to hear how other teams are solving this. What’s working? What’s failed spectacularly? What practices are you implementing to maintain security velocity without sacrificing security rigor?

Because right now, we’re in a weird transitional period where AI writes the code, humans rubber-stamp it, and security teams discover the problems in production. That can’t be the endgame.

Sources: Veracode AI Code Security, Georgetown CSET Report, Practical DevSecOps Research 2026, Dark Reading Analysis

2

Priya, this resonates deeply with what we’re experiencing during our cloud migration initiative. As CTO, I’m seeing this tension play out in real-time across our engineering org.

Your statistics mirror our own internal findings. When we audited our codebase last quarter, security debt had jumped to 82% across our teams—up from 74% the previous year. High-risk vulnerabilities increased from 8.3% to 11.3%. The correlation with AI adoption is undeniable.

Our Approach: Treat AI as Untrusted Input

We’ve implemented a policy that treats AI-generated code the same way we treat any external input: assume it’s malicious until proven otherwise.

Here’s what that looks like in practice:

  1. Mandatory Security Review Gates: All PRs, regardless of author (human or AI-assisted), must pass SAST/DAST checks before merging. No exceptions.

  2. Security Champions Program: We designated security champions on each team who review AI-heavy PRs. These aren’t security specialists—they’re senior engineers with security training who can spot common vulnerability patterns.

  3. Prompted Security Requirements: We updated our AI tool configurations to include security prompts. Research shows this improves secure code generation from 56% to 66%—not great, but better than baseline. Every AI prompt now includes: “Follow OWASP guidelines. Avoid SQL injection, XSS, and broken authentication patterns.”

  4. Audit Trail Requirements: Developers must document which portions of code were AI-generated. This creates accountability and helps us identify patterns when vulnerabilities surface.

The Organizational Challenge

The hardest part isn’t the tooling—it’s the culture clash. Developers adopted AI tools for velocity. Security teams want rigor and scrutiny. These goals are fundamentally at odds.

I’ve had to have difficult conversations with engineering managers whose teams feel slowed down by our security gates. The response I keep coming back to: Would you rather ship fast or ship secure? In regulated industries, this isn’t even a choice.

The Question I’m Wrestling With

Your framing of “who reviews the reviewers” hits at something deeper. Are we seeing AI tools get better at security, or are we just getting better at detecting their mistakes?

Because if it’s the latter, we’re in an arms race. AI generates code faster → we build better detection tools → AI learns from those patterns → generates more sophisticated vulnerabilities. It’s security theater with extra steps.

What concerns me most is the talent development angle. Our 40+ person engineering org now relies heavily on AI suggestions. Are they building security intuition, or are they building dependency on tools that make systematic mistakes?

I don’t have the answer yet. But I know we can’t keep treating AI-generated code as “just another developer’s work.” It requires a fundamentally different review mindset.

3

Alex and Priya, this conversation couldn’t be more timely for us. I lead engineering teams at a Fortune 500 financial services company, and regulatory compliance makes this issue existential, not just operational.

The Financial Services Context

In FinTech, we can’t afford a 48% vulnerability rate. Full stop.

We operate under SOC2, PCI-DSS, and various banking regulations. These frameworks require:

  • Auditability: Every line of code must be traceable to a human decision-maker
  • Accountability: Someone must own the security posture of each component
  • Compliance evidence: We must demonstrate security controls at every layer

AI-generated code creates audit trail gaps. When regulators ask “who approved this authentication logic and why was this approach chosen?” the answer can’t be “the AI suggested it and we accepted.”

Our Team-Level Solutions

After several near-misses with AI-generated vulnerabilities, we implemented these practices:

1. Pair Programming for Security-Critical Code

  • Any code touching auth, payments, or PII requires pair programming
  • One developer writes/accepts AI suggestions, one reviews in real-time
  • AI can assist, but two humans must approve the logic

2. Mandatory Threat Modeling

  • New features require threat modeling sessions before implementation
  • Teams identify attack surfaces before AI generates any code
  • This creates a security baseline AI suggestions are evaluated against

3. AI Suggestion Logging

  • All AI-generated code is tagged in commits
  • Quarterly security reviews analyze AI suggestion patterns
  • We track which AI tools generate which vulnerability types

4. Updated Security Training

  • Security training now includes “AI-specific vulnerability patterns”
  • Developers learn to spot: SQL injection, XSS, auth bypass, timing attacks
  • Training emphasizes: AI suggests what’s common, not what’s secure

The Cultural Shift

The hardest part was changing team culture from “ship fast” to “ship safe, then fast.”

I tell my teams: AI is like an intern—helpful, but needs supervision.

Interns can write scaffolding code, handle boilerplate, set up project structure. But you wouldn’t have an intern implement your payment processing logic without senior oversight. Same principle applies to AI.

The ownership model is clear: Developers own AI output as if they wrote it themselves. If AI suggests vulnerable code and you accept it, it’s your vulnerability.

The Long-Term Talent Concern

I’m managing 40+ developers across multiple time zones. Many rely heavily on AI suggestions. This creates a talent development challenge:

Are they building security intuition or dependency on flawed tools?

Five years from now, when these developers are senior engineers leading their own teams, will they have the security muscle memory to catch vulnerabilities? Or will they have spent their formative years trusting AI to make security decisions?

To Priya’s Original Question

We treat AI code review like “AI output verification” rather than traditional peer review.

The reviewer’s job isn’t “does this code make sense?”—it’s “did the AI make systematic mistakes that humans might miss?”

This is a fundamentally different review mindset. It requires understanding common AI failure modes, not just understanding the business logic.

Alex, to your question about restricting AI for security-critical codebases: in regulated industries, I think that’s the only defensible position. We allow AI assistance broadly, but for auth/payments/PII, humans write the code. Non-negotiable.

4

Coming at this from a design systems perspective, and I’m seeing a parallel that might be useful: accessibility.

Security Is Like Accessibility—Invisible Until It Breaks

When AI generates UI components for our design system, they often “look right” but fail WCAG compliance:

  • Missing ARIA labels
  • Incorrect keyboard navigation
  • Poor color contrast
  • No screen reader support

Sound familiar? Just like security vulnerabilities, these issues are invisible in normal use. The component renders beautifully, passes visual QA, ships to production. Then someone using a screen reader can’t navigate the form.

Both security and accessibility require expert review, not just passing tests.

The UI Security Gap

Here’s what scares me: AI-generated frontend code has its own security vulnerabilities that design teams aren’t trained to catch.

Client-side validation only: AI suggests form validation that runs in the browser—easily bypassed. It doesn’t know to add server-side validation.

XSS in user-generated content: AI builds beautiful comment sections or user profile displays that render HTML directly. No sanitization. Perfect XSS vector.

Insecure state management: AI suggests storing auth tokens in localStorage instead of httpOnly cookies. Looks fine, works fine, completely insecure.

I’ve caught these in design system PRs. But here’s the problem: who’s responsible when AI code spans both design and backend?

The Cross-Functional Review Problem

Our security team doesn’t review design PRs. Our design team doesn’t review backend auth logic. AI-generated code doesn’t respect these boundaries.

A single AI suggestion might:

  • Add a new UI component (design team reviews)
  • Create an API endpoint (backend team reviews)
  • Handle user authentication (security should review, but doesn’t)

Which team owns the security review? In practice, none of them—and the vulnerability ships.

What We’re Trying: Security Patterns Library

We created a “security patterns” library—pre-approved, secure component implementations:

  • Secure form submission patterns
  • Input sanitization utilities
  • Auth-aware UI components
  • XSS-safe content rendering

Now when developers use AI assistance, we point them at our patterns library first. AI references our secure implementations instead of generating from scratch.

It’s like design tokens, but for security. Instead of letting AI invent authentication flows, it composes from our pre-reviewed secure patterns.

The Hope

Maybe the solution isn’t “stop using AI” but “give AI better training material to reference”?

If we build “secure by default” component libraries that AI tools can safely reference, we reduce the risk of it hallucinating vulnerable patterns from internet training data.

Instead of AI learning SQL injection from Stack Overflow examples, it learns parameterized queries from our internal secure patterns.

To Alex’s Question

Should companies restrict AI for security-critical code? From a design systems perspective: maybe we need tiered AI assistance.

Green zone (AI encouraged): UI scaffolding, component structure, styling, documentation
Yellow zone (AI with review): Form handling, routing, state management
Red zone (no AI): Auth logic, payment processing, PII handling, API security

The zones map to risk levels, not technical domains. It’s about what breaks if the AI gets it wrong.

This thread is making me rethink how we review design system PRs. We focus on visual consistency and accessibility, but we’re not checking for XSS, CSRF, or auth bypass. That needs to change.