This content originally appeared on HackerNoon and was authored by rushilshah
AI can write code within a few minutes, but it can also get hacked just as fast!
AI coding tools like Cursor and ChatGPT are reshaping how we build software. Instead of wrestling with complex syntax for hours, developers now have conversations with their editors, and code materializes. But this ease of use often comes with a cost to security. A recent research concluded that ~40% of AI-generated code had vulnerabilities. The good news was that 55% of the issues found during research had fixes already available!
The question now is: how can we continue to use AI tools without compromising safety? When one uses AI to help build something, they can open up security holes without even realizing it, which can lead to some serious consequences in the future.
Even if one doesn’t have a background in security, it is important to know and follow some basic rules when using AI for your project.
Why should you care about the security of AI code?
AI doesn’t discriminate. Irrespective of who writes the code, every single application put on the internet becomes a potential source of AI training data. And AI doesn’t know what a secure code looks like. It generates what it has seen before. Since the internet is full of insecure code, it is likely that when working with AI, one may end up with code that looks totally fine but is filled with problems. That’s why it’s important that we learn a few simple habits now before things go live.
AI is Helpful, But Not Always Right
LLMs are super intelligent, but like overconfident interns, they can hand you insecure code with total conviction.
You might say: “Hey, build me a login system with a database.” And the AI might hand you back code that:
- Stores passwords in plain text
- Builds SQL queries by smashing strings together leading to injections
- Hardcodes your database password directly in the file
These are all common mistakes, and most AI tools won’t warn you about them. You need to be vigilant and know your stuff.
Things You Can Do Today to Stay Safer
Here are some security meaures that aren’t super technical, but make a big difference:
Don’t Trust Input
If your app takes user input such as forms or URLs, don’t assume people will always use it the way you expect. Not every user is a trusted user.
Verify that your inputs have the right limits set and are sanitized. Check input type, length and content. Don’t allow potentially malicious payloads like
rushilshah | Sciencx (2025-07-06T16:17:38+00:00) 40% of AI-Generated Code Is Vulnerable. How to Protect Yours!. Retrieved from https://www.scien.cx/2025/07/06/40-of-ai-generated-code-is-vulnerable-how-to-protect-yours/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.