The point: AI models produce functional code but systematically fail to implement security safeguards like rate-limiting or input validation because they are trained on public code that does not structurally represent these aspects.
An analysis of 50 real GitHub projects created with AI coding tools reveals a structural problem: 88 percent contain critical vulnerabilities. The most common gaps stem from missing protection logic, not implementation errors.
In a security analysis of 50 public GitHub projects identified as AI-generated based on configuration files such as .cursorrules or CLAUDE.md, a consistent pattern emerged: the average security score was 34 out of 100 points. 88 percent of projects contained at least one high-severity vulnerability, 52 percent contained directly exploitable critical gaps. In 36 percent of cases, API keys, database passwords, or access credentials were present in plaintext in the source code. 46 percent of projects scored below 30, with only 8 percent above 90.
The most common vulnerability categories were injection attacks (200 findings), path traversal gaps (87), authentication issues (39), and hardcoded credentials (38). What is striking: these deficiencies arise predominantly not from flawed implementation but from structurally missing protection logic. When you ask an AI model to write an API endpoint, for example, you get a functional endpoint, but not automatically rate-limiting, input validation, or other safeguards. The model has learned what code commonly occurs and is syntactically correct – but not what security requirements a production environment has.
This stems from the training setup of the models: they are trained on public code that, while containing functioning examples, does not carry security context. Questions such as “How does this system behave under load?” or “How do I validate external input?” are not proactively asked or answered by the model.
Another critical finding: conventional static code analysis tools (SAST) such as Semgrep operate rule-based and systematically cannot detect this problem. They identify known faulty patterns in code – but not what is missing. To expose this blind spot, the study employed an AI-based validation layer. Of 1,087 automatically generated findings, 486 (45 percent) were false positives. One example: “The SQL query uses parameterized queries, no injection possible” or “The secret is in a sample file with a placeholder your_key_here and is not productive.” Conventional scanners would have issued these alerts unfiltered and thus led to alert fatigue.
For CTOs, this means concretely: AI-generated code requires an additional validation step that goes beyond rule-based SAST tools. Without explicit security prompts and architecture review, a large portion of risks remains invisible. Code reviews should explicitly target missing protection logic, not just errors in existing code.
Source: www.it-daily.net · Published 29 June 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.