Security Degradation in AI-Generated Code: A Threat Vector CISOs Can’t Ignore
None
<p><span data-contrast="auto">Security leaders and developers alike are already acutely aware that <a href="https://securityboulevard.com/2025/10/the-risks-of-ai-generated-software-development/" target="_blank" rel="noopener">AI coding assistants</a> and agentic agents can introduce vulnerabilities into the code they generate. </span><a href="https://arxiv.org/html/2506.11022v1" target="_blank" rel="noopener"><span data-contrast="none">A recent study</span></a><span data-contrast="auto"> unveiled another critical concern to keep them up at night — LLMs used for making iterative code improvements may introduce new vulnerabilities over time, even when explicitly asked to make code more secure.</span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">Researchers from the University of San Francisco, the Vector Institute for Artificial Intelligence in Toronto and the University of Massachusetts Boston analyzed 400 code samples across 40 rounds of ‘improvements’ using four prompting strategies — one of which explicitly asked the LLM to improve security or fix vulnerabilities — and found a 37.6% increase in critical vulnerabilities after just five iterations.</span><span data-ccp-props="{}"> </span></p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><span data-contrast="auto">This counterintuitive problem, which the authors refer to in the report’s title as a ‘paradox’, underscores once again the absolute need for fully trained, skilled human developers to maintain oversight of the development loop, even when AI tools are doing much of the work.</span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">The study offers several recommendations to help organizations mitigate the risks of what the authors call ‘feedback loop security degradation’, stressing the importance of human-AI collaboration, with human developers taking a hand regularly (and literally) in the process. However, those recommendations also hinge on developers having a medium-to-high level of security proficiency, which is an area where many developers fall short. It’s up to organizations to ensure that developers possess current, verified security skills to work effectively in tandem with AI assistants and agents.</span><span data-ccp-props="{}"> </span></p><h3 aria-level="2"><span data-contrast="none">Vulnerabilities Rise With Each LLM Iteration</span><span data-ccp-props='{"134245418":true,"134245529":true,"335559738":160,"335559739":80}'> </span></h3><p><span data-contrast="auto">LLMs have been a boon for developers since OpenAI’s ChatGPT was publicly released in November 2022, followed by other AI models. Developers were quick to utilize the tools, which significantly increased productivity for overtaxed development teams. However, that productivity boost came with security concerns, such as AI models trained on flawed code from internal or publicly available repositories. Those models introduced vulnerabilities that sometimes spread throughout the entire software ecosystem.</span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">One way to address the problem was by using LLMs to make iterative improvements to code-level security during the development process, under the assumption that LLMs, given the job of correcting mistakes, would amend them. The study, however, turns that assumption on its head. Although previous studies (and extensive real-world experience, including </span><a href="https://www.securecodewarrior.com/article/ai-coding-assistants-a-guide-to-security-safe-navigation-for-the-next-generation-of-developers"><span data-contrast="none">our own data</span></a><span data-contrast="auto">) have demonstrated that an LLM can introduce </span><a href="https://www.axios.com/2024/06/13/genai-code-mistakes-copilot-gemini-chatgpt"><span data-contrast="none">vulnerabilities in the code it </span></a><span data-contrast="auto">generates</span><span data-contrast="auto">, this study went a step further, finding that iterative refinement of code can introduce new errors. For example, the study details the ‘inverse phenomenon’ of how a tool designed to fix vulnerable code via iterative feedback can actually degrade code, even when the code is initially secure. As an iteration chain — a sequence of iterations without human intervention — grows, the rate of vulnerability introduction also rises with it. </span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">The security degradation introduced in the feedback loop raises troubling questions for developers, tool designers and AI safety researchers. The answer to those questions, the authors write, involves human intervention. Developers, for instance, must maintain control of the development process, viewing AI as a collaborative assistant rather than an autonomous tool. Designers are required to incorporate security features into their tools to detect potential vulnerabilities and provide alerts when they are identified. Additionally, safety researchers must develop new mechanisms, including automated tools, that identify problematic code to prevent security degradation. </span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">The authors of the study offer five steps toward mitigating security degradation when using AI tools:</span><span data-ccp-props="{}"> </span></p><p><i><span data-contrast="auto">Require developer reviews between iterations.</span></i><span data-contrast="auto"> This step would draw on human expertise as the first line of defense, providing a level of quality control that can’t be automated. </span><span data-ccp-props="{}"> </span></p><p><i><span data-contrast="auto">Limit consecutive LLM iterations</span></i><span data-contrast="auto">. As vulnerabilities become more common later in an iteration chain, organizations should allow no more than three LLM-only iterations before resetting the chain.</span><span data-ccp-props="{}"> </span></p><p><i><span data-contrast="auto">Review each iteration</span></i><span data-contrast="auto">. Leveraging both human expertise and automated tools, organizations should check their security at each step, rather than waiting until the end of a sequence of iterations.</span><span data-ccp-props="{}"> </span></p><p><i><span data-contrast="auto">Apply conventional static analysis tools between iterations</span></i><span data-contrast="auto">. Be sure to use these tools as complements to, rather than replacements for, human expertise.</span><span data-ccp-props="{}"> </span></p><p><i><span data-contrast="auto">Monitor code complexity</span></i><span data-contrast="auto">. The study found that the likelihood of new vulnerabilities increases with the complexity of the code, so human reviewers need to be alert whenever code complexity rises. </span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">The common thread in these recommendations is the requirement for human expertise, which is anything but guaranteed. Software engineers typically receive </span><a href="https://www.cisa.gov/news-events/news/we-must-consider-software-developers-key-part-cybersecurity-workforce" target="_blank" rel="noopener"><span data-contrast="none">very little security upskilling</span></a><span data-contrast="auto">, if any at all, and have traditionally focused on quickly creating applications, upgrades and services while letting security teams chase after any pesky flaws later on. With AI tools accelerating the pace of DevOps environments, organizations must equip developers with the requisite skills to ensure secure code throughout the software development life cycle (SDLC) if they want to maintain security. To achieve this, organizations must implement ongoing educational programs that provide developers with the necessary skills.</span><span data-ccp-props="{}"> </span></p><h3 aria-level="2"><span data-contrast="none">Skills Developers Must Have to Keep AI in Check</span><span data-ccp-props='{"134245418":true,"134245529":true,"335559738":160,"335559739":80}'> </span></h3><p><span data-contrast="auto">Forward-thinking organizations are working with developers in applying a security-first mindset to the SDLC, in line with the goals of the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA’s) </span><a href="https://www.cisa.gov/securebydesign" target="_blank" rel="noopener"><span data-contrast="none">Secure by Design</span></a><span data-contrast="auto"> initiative. This includes a continuous program of agile, hands-on upskilling in sessions designed to meet developers’ needs. For example, training is tailored to the work they do in the programming languages they use, while being available on a schedule that fits their busy workdays. Better still, the security proficiency of humans and their AI coding assistants should be benchmarked, with security leaders able to access data-driven insights on both developer security proficiency and the security accuracy of any commits made with the assistance of AI tooling and agents. Would it not be beneficial to monitor who used what to better manage code review, or verify when we know a particular LLM is failing at specific tasks or vulnerability classes?</span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">An effective upskilling program not only helps ensure that developers can create secure code, but also that they are equipped to review AI-generated code, identifying and correcting flaws as they appear — whether they first occur in generated AI code or later on during iterative security ‘improvements’. </span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">The recent study emphasizes what was already becoming clear — direct human oversight is essential to secure code, especially as AI tools become more pervasive. It is at the heart of cybersecurity in an increasingly distributed computing ecosystem. The problems resulting from iterative code improvements can’t be solved with a prompt, as proved by LLMs that introduce security vulnerabilities even after being expressly prompted to fix vulnerabilities. </span><span data-ccp-props="{}"> </span></p><p><span data-contrast="auto">Even in this new era of AI-generated coding, skilled human supervision remains essential. CISOs must prioritize upskilling programs that could equip their critical human workforce with those skills.</span><span data-ccp-props="{}"> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/security-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore/" data-a2a-title="Security Degradation in AI-Generated Code: A Threat Vector CISOs Can’t Ignore"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecurity-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore%2F&linkname=Security%20Degradation%20in%20AI-Generated%20Code%3A%20A%20Threat%20Vector%20CISOs%20Can%E2%80%99t%20Ignore" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecurity-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore%2F&linkname=Security%20Degradation%20in%20AI-Generated%20Code%3A%20A%20Threat%20Vector%20CISOs%20Can%E2%80%99t%20Ignore" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecurity-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore%2F&linkname=Security%20Degradation%20in%20AI-Generated%20Code%3A%20A%20Threat%20Vector%20CISOs%20Can%E2%80%99t%20Ignore" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecurity-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore%2F&linkname=Security%20Degradation%20in%20AI-Generated%20Code%3A%20A%20Threat%20Vector%20CISOs%20Can%E2%80%99t%20Ignore" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecurity-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore%2F&linkname=Security%20Degradation%20in%20AI-Generated%20Code%3A%20A%20Threat%20Vector%20CISOs%20Can%E2%80%99t%20Ignore" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>