By Jochen Koehler, Vice President Sales EMEA at Cycode

Large language models write code in seconds. What initially sounds like a new level of efficiency also has a downside, however: security is not yet an integral part of AI-based software development.

Thanks to GenAI, programming is now easier than ever before. Almost anyone can use it to generate more or less functional code in no time at all. But studies are sounding the alarm: around 62 per cent of all AI-generated code contains errors or security vulnerabilities. The situation becomes even more critical when AI-assisted improvements are used multiple times in succession – after just five iterations, the number of serious vulnerabilities increases by almost 38 per cent.

This raises a key question: does code become less secure the more frequently AI is used in the development process? The answer undoubtedly depends on the model, training data and human supervision. However, one thing is certain: without awareness and targeted countermeasures, the promise of efficiency can quickly become a risk. GenAI optimises for functionality – not for security or resilience. This increasingly shifts the balance between innovation and stability at the expense of secure software.

“Artificial intelligence can be a powerful tool in software development – but only if security is considered from the outset. This includes structured code reviews, automated vulnerability analyses and the consistent application of security-by-design principles. Those who retain the final say despite automated code generation can reap the benefits of AI without creating new risks. The future of software development therefore depends not only on how fast machines write code, but also on how responsibly we test it.” (Jochen Koehler, Vice President Sales EMEA at Cycode)