{"id":102252,"date":"2025-06-13T19:38:46","date_gmt":"2025-06-13T17:38:46","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=learn&p=102252"},"modified":"2026-04-10T18:54:23","modified_gmt":"2026-04-10T16:54:23","slug":"why-ai-generated-code-may-be-less-secure-and-how-to-protect-it","status":"publish","type":"learn","link":"https:\/\/checkmarx.com\/learn\/ai-security\/why-ai-generated-code-may-be-less-secure-and-how-to-protect-it\/","title":{"rendered":"Why AI-Generated Code May Be Less Secure \u2013 and How to Protect It"},"content":{"rendered":"

Securing the software supply chain was tough enough when the proliferation of publicly available third-party libraries, modules, and packages made it all too easy for developers to import code that may be insecure<\/a> into applications.<\/p>\n\n\n\n

Now, the advent of generative AI coding tools has added another major challenge. Code generated by AI is essentially third-party code that, like other forms of external code (such as code from open-source repositories), could introduce security vulnerabilities and risks into a business.<\/p>\n\n\n\n

Hence, the need to add AI risk management protections to traditional application security testing procedures. Read on for guidance as we explain why and how businesses can mitigate the security risks of artificial intelligence coding tools.<\/p>\n\n\n\n

The ubiquity of AI-generated code<\/h2>\n\n\n\n

Ever since GitHub Copilot \u2013 the first AI-powered coding solution to go mainstream \u2013 was introduced in 2021, using AI for coding has become a commonplace practice among software developers. As Stack Overflow reported based on a 2024 developer survey, 76 percent of coders now employ AI to help write software. Even at large enterprises known for hiring talented developers, AI-generated code has gone mainstream. At Microsoft, for example, 30 percent of code is now written by AI, according to CEO Satya Nadella.<\/p>\n\n\n\n

This means that, like it or not, significant portions of the code within modern applications originate from AI tools. The amount of AI-generated code is likely only to grow as the sophistication of AI-assisted development tools increases.<\/p>\n\n\n\n

In many respects, this is a good thing. From a productivity standpoint, AI-generated code has much to offer because it can significantly reduce the time it takes developers to write and test software. Back in 2023 (when AI-assisted coding tools and integrations were not as mature as they are today), McKinsey concluded that AI can speed up total coding time by as much as 45 percent.<\/p>\n\n\n\n

There is also evidence that AI can improve the developer experience<\/a>. 75 percent of coders report feeling more \u201cfulfilled\u201d when they use AI, presumably because AI can help automate tedious tasks like generating repetitive boilerplate code.<\/p>\n\n\n

\n
\n
\n\t\t\t\n\t\t\t

Don\u2019t Just Find Vulnerabilities\u2014Understand Them<\/h2>\t\t\t

Knowing your code is exposed is only half the battle. Learn how Checkmarx helps you identify, categorize, and prioritize code exposure risks before they reach production.<\/p>\n\t\t\t

\n\t\t\t\t Explore code security best practices<\/a>\n \t\t\t\t\t\t\t<\/div>\n <\/div>\n <\/div>\n<\/section>\n\n\n

How secure is AI-generated code?<\/h2>\n\n\n\n

From a security perspective, however, AI-generated code presents some potentially serious risks. Code produced by AI tools can contain multiple types of vulnerabilities and risks, such as:<\/p>\n\n\n\n