2025 GenAI Code Security Report

Generative AI is reshaping software development, yet its impact on code security remains largely overlooked. This report assesses over 100 large language models (LLMs) across four major programming languages—Java, JavaScript, Python, and C#—to determine how often AI-generated code is secure by default. Findings reveal that only 55% of generated code avoids common vulnerabilities, with no significant improvements tied to model size or recency.

Through rigorous testing against four critical CWE categories—SQL Injection, Cross-Site Scripting, Log Injection, and Weak Cryptographic Algorithms—the research highlights systemic gaps in AI coding tools. While LLMs excel at producing functional, syntactically correct code, they frequently miss security best practices unless explicitly guided. This report provides valuable insights for organizations adopting AI-driven development, underlining the need for proactive security measures and developer oversight.