Artificial intelligence is rapidly changing the world as we know it. From writing articles to generating complex software code, AI is a powerful tool that offers incredible efficiency. However, it is crucial to remember that AI is not infallible, especially in the realm of cyber security. A recent report from Veracode has highlighted some alarming findings that every business should be aware of.
The Hidden Dangers in AI-Generated Code
According to the 2025 GenAI Code Security Report from Veracode, a study of over 100 large language models found that nearly 45% of the AI-generated code contained security flaws. These are not minor bugs; many are significant vulnerabilities that fall under the OWASP Top 10, which lists the most critical security risks to web applications.
The core of the issue is that AI learns from existing human-written code, which we know is often flawed. The AI excels at reproducing patterns but does not truly understand the security context. The report found that despite improvements in generating functional code, these models have shown no progress in writing more secure code.
Some key findings from the report include:
- Java was the riskiest language, with a failure rate of over 70%.
- Python, JavaScript, and C# were not far behind, each failing between 38% and 45% of the time.
- For specific weaknesses like cross-site scripting, the failure rate was as high as 86%.
This data underscores a critical point: you cannot blindly trust AI-generated code. Without expert human oversight, you may be accelerating the introduction of vulnerabilities into your systems.
The Shifting Threat Landscape
The challenge is twofold. Not only can AI introduce flaws, but it also makes it easier for attackers to find and exploit them. The Veracode report notes that even low-skilled hackers can now use AI tools to scan for weaknesses and generate exploit code, putting businesses on the back foot.
This is where the role of a seasoned cyber security expert becomes more important than ever. A human expert does more than just write or review code; they understand the bigger picture. They perform the in-depth analysis and penetration testing that is essential to uncover hidden vulnerabilities before malicious actors do.
Why Human Expertise Remains Irreplaceable
At Vertex, our services are built on the principle of expert human oversight. While AI is a fantastic assistant, it should not be the final authority on your security. The risk of inheriting legacy vulnerabilities or introducing new, unforeseen flaws is simply too high. Our specialists conduct secure code reviews , perform cyber security audits , and provide secure code training to ensure that your defences are robust, whether your code was written by a human or an AI.
The team at Vertex Cyber Security possesses the expertise needed to navigate this new landscape. We can work with your organisation to ensure that as you leverage the power of AI, you do so safely and securely. Our expert penetration testers can assess your systems for weaknesses , and our consultants can help you implement the robust policies and procedures needed to protect your business.
AI is undoubtedly a revolutionary technology that will continue to drive innovation. However, as we have found and the Veracode report makes clear, it is a tool, not a complete replacement for human expertise and critical thinking. When it comes to protecting your most valuable digital assets, the nuanced, contextual, and adversarial mindset of a human cyber security expert is your most vital line of defence.
If your organisation is using AI to generate code, we strongly encourage you to take proactive security measures. Contact Vertex Cyber Security today to learn how our tailored solutions can help you secure your systems and give you peace of mind.
