"Artificial intelligence has notorious problems with accuracy - so maybe it's not surprising that using it as a coding assistant creates more security problems, too. As a security firm called Apiiro found in new research, developers who used AI produce ten times more security problems than their counterparts who don't use the technology. Looking at code from thousands of developers and tens of thousand repositories, Apiiro found that AI-assisted devs were indeed producing three or four times more code - and as the firm's product manager Itay Nussbaum suggested, that breakneck pace seems to be causing the security gaps."
""AI is multiplying not one kind of vulnerability," Nussbaum wrote, "but all of them at once." Ironically, some of the "benefits" of AI coding appear to be the vehicles for these issues. Apiiro found that syntax errors fell 76 percent and logic bugs - faulty code that causes a program to operate incorrectly - were down 60 percent."
"The tradeoff has, however, been severe: privilege escalation, or code that allows an attacker to get higher access to a system than they should, increased by a staggering 322 percent. Architectural design problems, meanwhile, were up 153 percent. "In other words," Nussbaum wrote, "AI is fixing the typos but creating the timebombs.""
AI coding assistants reduce simple errors but significantly increase security vulnerabilities. Apiiro analyzed code across thousands of developers and tens of thousands of repositories and found AI-assisted developers produced ten times more security problems while generating three to four times more code. Syntax errors dropped 76 percent and logic bugs fell 60 percent, yet privilege escalation rose 322 percent and architectural design problems increased 153 percent. Rapid code generation appears to multiply multiple vulnerability types simultaneously. Academic findings align that AI "improvements" can degrade overall security. Corporate mandates for AI tooling can expand vulnerability volume and remediation burden for security teams.
#ai-assisted-coding #software-vulnerabilities #privilege-escalation #developer-productivity-tradeoffs
Read at Futurism
Unable to calculate read time
Collection
[
|
...
]