Vulnerabilities in AI-Generated Code

AI code assistants like GitHub Copilot, ChatGPT, Cursor, and Claude frequently generate code containing security vulnerabilities. Studies show up to 40% of AI-generated code contains at least one security flaw. Precogs AI pre-LLM filters detect and prevent these flaws before they enter your codebase — including injection attacks, hardcoded secrets, broken authentication, and insecure deserialization patterns.

Verified by Precogs Threat Research

What vulnerabilities are common in AI-generated code?

The most frequent flaws introduced by AI assistants include SQL injection, cross-site scripting (XSS), hardcoded credentials, path traversal, SSRF, and insecure deserialization vulnerabilities. Because LLMs are trained on vast amounts of open-source code, they often reproduce common anti-patterns rather than secure coding standards.

Explore AI-Generated Code by Category

Deep-dive into specific areas of ai-generated code to understand the attack surfaces, common vulnerability patterns, and how Precogs AI provides protection.

By AI Tool

Code Assistants

CursorMCP poisoning, auto-run bypasses, .cursorignore flaws, and agent-mode command injection risksGitHub CopilotSuggestion injection, code completion vulnerabilities, and licensing issues in generated codeClaude CodeArtifact generation risks, project context leakage, and tool-use safety bypassesWindsurf / CodeiumCascade agent compound risks, multi-step Flow injection, and enterprise code exfiltrationTabnineTraining data vulnerability reproduction, private model memorization, and code completion injection

Cloud IDE Code Generators

Amazon CodeWhispererAWS-specific misconfigurations, overly permissive IAM policies, and insecure S3/Lambda defaultsGemini Code AssistGCP misconfigurations, insecure Firebase rules, and unauthenticated Cloud Function generationJupyter NotebooksCredential exposure in notebook cells, unsafe pickle deserialization, and PII in cell outputs

AI App Builders & Agents

Replit / v0Full-stack app generation with systemic auth flaws, exposed APIs, and deployment misconfigurationsDevin / Autonomous AgentsUnsupervised code execution, supply chain manipulation, and multi-step vulnerability chainsAI Code Review ToolsReview bypass through obfuscation, false negatives for business logic, and approval manipulation

By Vulnerability Type (LLM Top 10)

OWASP LLM Security Risks

LLM01: Prompt InjectionBypassing safety rules through malicious prompt engineering and indirect injectionLLM02: Insecure Output HandlingXSS, SQLi, and command injection via unvalidated LLM outputLLM03: Training Data PoisoningBackdoors, biases, and malicious behavior introduced through compromised training dataLLM04: Model Denial of ServiceResource exhaustion attacks targeting LLM inference and agentic workflowsLLM05: Supply Chain VulnerabilitiesCompromised model weights, poisoned fine-tuning datasets, and malicious pluginsLLM06: Sensitive Information DisclosureModels leaking PII, credentials, and proprietary data from training or contextLLM07: Insecure Plugin DesignTool-calling vulnerabilities and unsafe plugin execution in agent frameworksLLM08: Excessive AgencyLLM agents with overly broad permissions executing unintended actionsLLM09: OverrelianceBlind trust in AI output without validation leading to deployed vulnerabilitiesLLM10: Model TheftExtraction, cloning, and reconstruction of proprietary model weights

By Framework

AI/ML Frameworks

LangChainDeserialization vulnerabilities, tool-calling flaws, and prompt injection in chain orchestrationLlamaIndexRAG pipeline injection and document store poisoning attacksOpenAI APIAPI key leakage, function-calling argument injection, and token manipulation attacks

Vulnerability Types

CWE-1236

HIGH

CSV Injection in AI-Generated Export Functions

AI-generated CSV export functions write user-controlled data without escaping formula-triggering characters (=, +, -, @)...

CWE-942

HIGH

Permissive CORS Policy in AI-Generated APIs

AI assistants generate CORS configurations with wildcard origins or overly permissive headers, enabling cross-origin dat...

Page 3 of 3
Next →

Recently Discovered in AI-Generated Code

Browse the latest vulnerabilities and exposures dynamically tracked to the AI-Generated Code domain.

Compiling vulnerability feed...

Detect AI-Generated Code Vulnerabilities Automatically

Precogs AI scans your code and binaries for AI-Generated Code vulnerabilities and generates AutoFix PRs — no manual review needed.

Start Free Scan