AI Code Assistants Boost Productivity but Amplify Security Risks, Study Finds

Reviewed byNidhi Govil

2 Sources

Share

A new study by Apiiro reveals that AI-assisted developers produce code faster but introduce significantly more security issues, highlighting the need for enhanced security measures in AI-driven software development.

AI Code Assistants: A Double-Edged Sword for Software Development

In a groundbreaking study, application security firm Apiiro has uncovered both the promises and perils of AI-assisted coding. The research, which analyzed code from tens of thousands of repositories and several thousand developers affiliated with Fortune 50 enterprises, reveals a significant boost in productivity coupled with an alarming increase in security risks

1

.

Source: TechRadar

Source: TechRadar

Productivity Surge and Security Concerns

AI-assisted developers are producing code at an unprecedented rate, outpacing their unassisted counterparts by three to four times. However, this productivity boost comes at a cost: these developers are also generating ten times more security issues

1

. Itay Nussbaum, Apiiro's product manager, warns, "AI is multiplying not one kind of vulnerability, but all of them at once"

1

.

The Nature of AI-Generated Security Issues

The "security issues" identified in the study encompass a broad spectrum of application risks, including:

  1. Added open source dependencies
  2. Insecure code patterns
  3. Exposed secrets
  4. Cloud misconfigurations
Source: The Register

Source: The Register

By June 2025, AI-generated code had introduced over 10,000 new "security findings" per month in Apiiro's repository data set, representing a tenfold increase from December 2024

1

2

.

The Paradox of AI Code Assistants

While AI code helpers have shown remarkable improvements in certain areas, they've also introduced new challenges:

  • Improvements:

    • 76% reduction in syntax errors
    • 60% decrease in logic bugs
  • New Challenges:

    • 322% increase in privilege escalation paths
    • 153% rise in architectural design flaws

Nussbaum succinctly summarizes this paradox: "AI is fixing the typos but creating the timebombs"

1

2

.

Implications for Code Review and Security

The study also highlights how AI-generated code complicates the review process. AI assistants tend to pack more code into fewer pull requests, making reviews more challenging as proposed changes touch multiple parts of the codebase. In one instance, an AI-driven pull request altered an authorization header across multiple services, leading to a silent authentication failure when a downstream service wasn't updated

1

.

Industry Trends and Recommendations

As companies like Coinbase and Citi mandate AI coding, and Big Tech leaders report that around one-third or more of their new code is AI-generated, the need for robust security measures becomes paramount. Apiiro's findings suggest that companies embracing AI-assisted coding must also implement AI-driven application security measures to balance productivity gains with potential risks

2

.

Nussbaum advises, "The message for CEOs and boards is blunt: if you're mandating AI coding, you must mandate AI AppSec in parallel. Otherwise, you're scaling risk at the same pace you're scaling productivity"

1

.

As the software development landscape evolves with AI, it's clear that human oversight, logic, and experience remain crucial in maintaining code quality and security. The challenge now lies in harnessing the productivity benefits of AI while mitigating the associated security risks.

TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo