Is an assistant making you insecure? Study finds AI coding creates 10x more security vulnerabilities

Programmers using AI-powered coding assistants create 10 times more security vulnerabilities than developers who code without AI assistance, according to new research from Apiiro, a security firm. The findings reveal a critical trade-off: while AI helps developers produce code faster and with fewer syntax errors, it’s simultaneously introducing far more dangerous security flaws that could expose systems to cyberattacks.

What you should know: The research analyzed code from thousands of developers across tens of thousands of repositories, revealing that AI-assisted programmers produce three to four times more code overall.

• Syntax errors dropped 76% and logic bugs decreased 60% when developers used AI coding tools.
• However, privilege escalation vulnerabilities—code that allows attackers to gain unauthorized system access—surged 322%.
• Architectural design problems increased by 153%, indicating fundamental structural issues in AI-generated code.

The big picture: As Apiiro product manager Itay Nussbaum put it, “AI is fixing the typos but creating the timebombs.”

• The technology appears to be multiplying all types of vulnerabilities simultaneously rather than targeting specific coding weaknesses.
• The breakneck pace of AI-assisted development seems to be the primary driver behind these security gaps.

Why this matters: Major companies including Coinbase, Shopify, and Duolingo have mandated AI coding tool usage for their developers, making this a widespread enterprise security concern.

• The research creates more work for security teams tasked with identifying and fixing these AI-generated vulnerabilities.
• Previous studies from universities including University of San Francisco and University of Massachusetts Boston have similarly found that AI coding “improvements” significantly degrade overall security.

What they’re saying: “AI is multiplying not one kind of vulnerability, but all of them at once,” Nussbaum wrote in the research findings.

• The Register noted that this aligns with earlier academic research showing AI coding tools majorly compromise security standards.

Looking ahead: The integration of AI into coding workflows shows no signs of slowing down, suggesting security vulnerabilities will likely worsen before improving.

• The findings highlight AI’s current workplace transformation as primarily creating more problems for human workers to resolve rather than eliminating them.