Your AI-Generated Code Isn't Secure — Here's What We Find Every Time

Veracode tested 150+ AI models and found 45% of generated code introduces OWASP Top 10 vulnerabilities. The failure rate for cross-site scripting defences is 86% — and it isn't improving with newer models. Here's what that looks like inside a real codebase, what you can check yourself in 30 minutes, and what the UK's National Cyber Security Centre is now saying about it. If you built something with Lovable, Bolt.new, Cursor, Replit, or v0 — and it's live, or about to be — six specific security problems are almost certainly sitting in your codebase right now. That's not opinion. It's the consistent finding across every major independent security study published in the past twelve months: Veracode's 150-model benchmark, DryRun Security's assessment of three leading AI agents, Apiiro's scan of 62,000 enterprise repositories, and a Georgia Tech research team tracking real vulnerabilities in real time. The tools write code that runs. They don't write code that's safe. This article gives you

Your AI-Generated Code Isn't Secure — Here's What We Find Every Time

Related Articles

ROSCOE: A Suite of Metrics for Scoring Step-by-Step Reasoning

If you thought the speed of writing code was your problem - you have bigger problems

Negative 2000 Lines Of Code

My experience with SurrealDB starting with v0.3 in February 2023, all the way up to v3 in 2026

Why the heck are we still using Markdown??

Related Articles

News
ROSCOE: A Suite of Metrics for Scoring Step-by-Step Reasoning
Dev.to • 1h ago

News
If you thought the speed of writing code was your problem - you have bigger problems
Lobsters • 4h ago

News
Negative 2000 Lines Of Code
Reddit Programming • 5h ago

News
My experience with SurrealDB starting with v0.3 in February 2023, all the way up to v3 in 2026
Reddit Programming • 6h ago

News
Why the heck are we still using Markdown??
Reddit Programming • 6h ago