Developers using AI coding assistants are producing code as much as four times faster than their unassisted peers, but that code contains 10 times more security problems.

That’s one of the findings from Apiiro’s recent analysis of the code stored in tens of thousands of code repositories and the AI-assisted production of several thousand developers from Fortune 50 enterprises, Apiiro product manager Itay Nussbaum wrote recently.

Pull requests are ballooning, vulnerabilities are multiplying, and shallow syntax errors are being replaced with costly architectural flaws.

Itay Nussbaum

Nussbaum said AI-assisted developers produce three to four more commits than their non-AI-using peers, but those commits don’t land as small, incremental merges. They are packaged into fewer pull requests (PRs) overall, each one significantly larger in scope, touching more files and services per change. 

That packaging is the problem. Bigger, multitouch PRs slow review, dilute reviewer attention, and raise the odds that a subtle break slips through.

Itay Nussbaum

Dwayne McDaniel, developer advocate at GitGuardian, said reviews of new code should always include human feedback, and that takes time. 

The more code that needs to be read and understood by a person, the more likely it is that something will slip through undetected thanks to human error. At the same time, those same reviewers are being pushed to work faster, increasing the chance that they might skim and rubber-stamp the PR rather than doing the due diligence to ensure it does not introduce new vulnerabilities.

Dwayne McDaniel

Here’s what you need to know about the risk coming from higher-velocity coding.

Get Guide: How the Rise of AI Will Impact Supply Chain Security

How AI coding expands the blast radius

Derek Rush, managing senior consultant at Bishop Fox, an offensive security testing and consulting firm, said PRs should generally be single-purpose, focused on one feature or bug fix. “Failing to properly restrict AI code assistants to pursue clear, objective-based goals and test-driven development will lead to code bloat,” he said. 

The risk increases when developers accept code output from an LLM [large language model] without review. Just because an LLM identifies a way to accomplish something doesn’t mean it’s the only or best way, especially without full context. Larger, multipurpose PRs compound that risk, making it harder to assess quality, functionality, and security.

Derek Rush

Melody (MJ) Kaufmann, an author and instructor with O’Reilly Media, said that when AI-generated commits are bundled into large PRs, a single flaw can simultaneously impact multiple services. 

That expanded blast radius makes vulnerabilities far more dangerous, since one missed issue during review can ripple across an entire system.

Melody (MJ) Kaufmann

Diana Kelley, CISO at Noma Security, said that when AI assistants multiply developer throughput, the rhythm of the software development lifecycle (SDLC) may change.

In a secure SDLC, incremental change can be a very positive thing, because smaller changes can be carefully reviewed and assessed for impact on the overall codebase, but when a single merge suddenly touches dozens of files and services, the impact goes way up.

Diana Kelley

AI coding is a double-edged sword

Apiiro’s Nussbaum said the finding that the PR volume of AI-generated code is nearly a third of that of other code translates to more emergency hotfixes, more incident response, and a higher probability that issues slip into production before review catches them.

The reason that happens, Nussbaum said, is that big, multitouch PRs tend to introduce multiple issues at once, so every merge carries more potential for damage. The faster AI accelerates output, the faster unreviewed risk accumulates.

By June 2025, AI-generated code was introducing over 10,000 new security findings per month across the repositories in the Apiiro study — a tenfold spike in just six months compared with December 2024. “And the curve isn’t flattening; it’s accelerating,” Nussbaum wrote.

These flaws span every category of application risk, including open-source dependencies, insecure coding patterns, exposed secrets, and cloud misconfigurations, Nussbaum said.

AI is multiplying not one kind of vulnerability, but all of them at once. For security teams, that means a shift from managing issues to drowning in them.

Itay Nussbaum

How reliable is this new data?

Jeff Williams, CTO and co-founder of Contrast Security, said he was surprised to hear the claim of four times velocity. Williams said a study by Google showed a 10% increase in velocity and that another by METR found a 19% decrease. He was also surprised to hear about 10 times more vulnerabilities, he said. 

The studies I’m reading are suggesting that AI-generated code has roughly the same amount of vulnerabilities. I’m frankly put off by the FUD, and it makes me question whether these aren’t the results of noisy and weak detectors.

Jeff Williams

But Neil Carpenter, principal solution architect at security firm Minimus, said a tenfold increase in security findings is believable. It’s really a matter of context, he said. “AI assistants are like an entry-level programmer. They have the technical skills, but they lack the context and experience that allow them to use those skills effectively in all cases. The tasks that require context — architecture decisions, how to size a PR for effective review, different levels of sensitivity for tokens — are where you see AI failing,” he said. And AI assistants can operate in a number of different ways, he noted.

Less mature orgs are going to have developers with personal accounts using GPT-5 or Claude, while more mature organizations will have centralized control and guardrails. The more guardrails that are in place to give AI the context and the decision-making capabilities, the less you’ll see of the 10x stats and other security issues.

Neil Carpenter

For example, he said, an AI assistant with no context might pull nginx from DockerHub because it’s an easily available public source. But savvy organizations are going to give the AI rules that require using containers from a trusted set of images, which gives the AI clear instructions and context.

Carpenter said that effective rules should greatly reduce security findings. Nginx on DockerHub has 83 total CVEs, 27 of them high or critical, but a hardened nginx image has none. Increases in architectural flaws also highlights this challenge of context, he added. 

AI assistants, when not given proper context, often rebuild or rewrite functionality, instead of calling out to other functions or modules in the application. More code to do the same amount of work, which results in increased attack vectors and lower reliability.

Neil Carpenter

What kind of risk management changes are needed for AI coding?

Eran Kinsbruner, application security (AppSec) evangelist at Checkmarx, argued that AI assistants are fundamentally reshaping software risk by moving security from a reactive to a proactive stance. 

Instead of detecting vulnerabilities after code is deployed, intelligent agents can now identify and remediate issues as code is written, providing prevention in real time.

Eran Kinsbruner 

Kinsbruner said that because AI-driven assistants can operate autonomously across IDEs and CI/CD pipelines while interpreting context, enforcing policies, and continuously learning from new threats, they create a preventative layer of protection that scales with development speed and complexity. 

Intelligent agents have the capability, when created and utilized correctly, to secure AI-generated code at the speed it’s created, specifically tailored for developers, AppSec leaders, and CISOs. When integrating within AppSec platforms, they can optimize vulnerability detection and prevention, while maintaining development speed in the AI-generated code age.

Eran Kinsbruner

But Rosario Mastrogiacomo, chief strategy officer at Sphere Technology Solutions, is concerned that AI is reshaping software risk by blurring accountability. He also advocates more oversight.

We’re moving from code written by humans to code written on behalf of humans. Governance, not generation, will determine whether that shift strengthens or weakens security.

Rosario Mastrogiacomo

Kevin Gaffney, CTO of the cyber-incident response company CYGNVS, said organizations need to establish clear guidelines when using AI coding. “AI-generated code is still your code,” he cautioned. “Developers must understand what they’re shipping, even if AI helped write it. Code reviews must remain small and focused. Security practices can’t be compromised for speed.”

The future isn’t about replacing human judgment with AI. It’s about augmenting human capabilities while maintaining human responsibility. AI should make developers more productive, not less accountable. Knowledge is knowing a tomato is a fruit. Wisdom is not putting it in a fruit salad.

Kevin Gaffney